r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 990ce883f693c24b6a8576dcdac2073a
74c390bc108ce7f83fd00f2c9fefac4d047a11db
953a80fa8851c6bebe8fa8fc8efe2e150b57484727be678f2bb51f786d1e93e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "953A80FA8851C6BEBE8FA8FC8EFE2E150B57484727BE678F2BB51F786D1E93E3"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11951
Expires: Wed, 21 Dec 2022 02:41:53 GMT
Date: Tue, 20 Dec 2022 23:22:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bbea1550fedd5eb9c265712fab75b137
2c2f981747898a380265f766345f2bb9c8c983fd
c728286e38c31a4d3f7a39702e0a5f69c14bf69e01a88bc4479714953fbda278
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C728286E38C31A4D3F7A39702E0A5F69C14BF69E01A88BC4479714953FBDA278"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3670
Expires: Wed, 21 Dec 2022 00:23:52 GMT
Date: Tue, 20 Dec 2022 23:22:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf03270e3476f7482a2cc7ddc6a9e857
ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a
43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3668
Expires: Wed, 21 Dec 2022 00:23:50 GMT
Date: Tue, 20 Dec 2022 23:22:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zU/4bZ1LqJc0OeZbe5RisIypIDcyoQVGSSnqBnQhMyhxEkdpYDwZbc5QRktIMuJR3Ot+ZNjNWNA=
x-amz-request-id: ZA86G4ENP5R0TPZ8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 20 Dec 2022 22:29:37 GMT
age: 3185
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 52 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 8c458c764594cd2d2f48fcee52e9b898
2775908ca5a8458659fe999cac2224faffc289d6
6b8845da5b68d1d4f9769fbd601c393a4d0aec90650f9e1622e0593c09b6b4f3
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 2sYguq-Z9t9S5BQ3BGOlOaRfmDSkNz3En6KlBSizTN5xsHcoAKmOSQ==
content-encoding: gzip
via: 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 23:09:27 GMT
age: 795
content-type: application/json
content-length: 51479
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 04c14564c7083355371e41c5a09acada
ea488e34661be5420c798c7e26f193b4dee7bb37
d7e5c37d8e6cbed236670d050f84f288539642f7a41a54b0abd39357f7c42232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7E5C37D8E6CBED236670D050F84F288539642F7A41A54B0ABD39357F7C42232"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12128
Expires: Wed, 21 Dec 2022 02:44:50 GMT
Date: Tue, 20 Dec 2022 23:22:42 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:42 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 20 Dec 2022 22:34:30 GMT
content-type: application/json
age: 2892
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 20 Dec 2022 23:08:02 GMT
age: 880
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0c2b6760f2b58f445446dd2276d5af4
aeedf417b1ebde86ce837ca02ba934abb938b1a4
8fe72d0ce839150559da5ddf46bf87d26b6b9cbe34d09641b29a53be24997c81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1188
Cache-Control: max-age=122637
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:42 GMT
Etag: "63a17b2b-1d7"
Expires: Thu, 22 Dec 2022 09:26:39 GMT
Last-Modified: Tue, 20 Dec 2022 09:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
217.160.0.146200 OK 25 kB URL HTTP/1.1 securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
IP 217.160.0.146:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, CR, LF line terminators
Hash 4e3a92462d334797e07bebd21868d40c
62cf79fefe21225b0732677a7664516838ad6ae5
b11575c2e063b4bb29de13655f1d1ca12ab97aac78fa3e960796a55a420c9df7
GET /wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:41 GMT
Server: Apache
X-Pingback: http://securityaffairs.co/wordpress/xmlrpc.php
Link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/139859>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=139859>; rel=shortlink
Content-Encoding: gzip
fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
142.250.74.74200 OK 430 B URL HTTP/1.1 fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 142.250.74.74:0
Hash 9a07b71442c91e1eb372d6ccc6eed9bf
09a0c59581bb368760ee6ffbd8e3ae087bbe2e37
6ac29721d68c6e82f06961e043d6d515a1cd1fc249b01770bff82ea7f16bdbd7
GET /css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 20 Dec 2022 23:22:43 GMT
Date: Tue, 20 Dec 2022 23:22:43 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
142.250.74.74200 OK 548 B URL HTTP/1.1 fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 142.250.74.74:0
Hash 566c87d8f29fd13c05190d10d46c9b28
93b0733a6508901588b7a933847f6adadc677ba1
48189834a052202bf58624a91a45bca0f924a23c900003e0b5fd19d8958e1a0a
GET /css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 20 Dec 2022 23:22:43 GMT
Date: Tue, 20 Dec 2022 23:22:43 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=7f328e8ac89ab883d5ef4a32c2877c9d
142.250.74.74200 OK 773 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 142.250.74.74:0
Hash afe4a4bd43d693ec0d8ac42452fd4116
4210209447c8e9f9c30922437c9390f5fa85dc8b
b72336e64a8bec88624fc9a568ac32b6ba589425f9639d7d13ff12e678605fdb
GET /css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 20 Dec 2022 23:22:43 GMT
Date: Tue, 20 Dec 2022 23:22:43 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
142.250.74.74200 OK 550 B URL HTTP/1.1 fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 142.250.74.74:0
Hash e429d90d65b1b7ab53b71b57fbba6b2c
438d7c6a8fab88eb3ebef0ada52dba495b9451b4
a2cc1aad16a2b255340a682f118a569251c0eb1dcf31d9317eca85e8a67ef187
GET /css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 20 Dec 2022 23:22:43 GMT
Date: Tue, 20 Dec 2022 23:22:43 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
217.160.0.146200 OK 11 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
IP 217.160.0.146:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash 2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
GET /wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 11256
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 09 Dec 2020 23:31:00 GMT
ETag: "2bf8-5b61073acf500"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
217.160.0.146200 OK 5.0 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 217.160.0.146:0
Hash d4252f4e714f52e5670c05fbc02b5ced
564e46946f5a4c524bcf4865d314fbe339c81842
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
GET /wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4960
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 13 Nov 2019 23:52:08 GMT
ETag: "1360-597430d761a00"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/css/classic-themes.css?ver=1
217.160.0.146200 OK 638 B URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/css/classic-themes.css?ver=1
IP 217.160.0.146:0
Hash a8d4b353ef9b737106c3f2261ea874c1
41f7c7abc320ed0fc954b6e5ef46ae13635ba33a
c2e0faa0bc554b9a86d51ec14488bef748c400cfc8f61e57b3d2e4688f11f983
GET /wordpress/wp-includes/css/classic-themes.css?ver=1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 638
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 22:28:24 GMT
ETag: "27e-5ec9879b48315"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.7
217.160.0.146200 OK 3.1 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.7
IP 217.160.0.146:0
Hash 20e8490fab0dcf7557a5c8b54494db6f
285db746dfc0d43b9ca42f8d65b69c908ff72ca5
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
GET /wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.7 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3106
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Tue, 13 Dec 2022 22:44:00 GMT
ETag: "c22-5efbd5b273803"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
217.160.0.146200 OK 110 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 217.160.0.146:0
Size 110 kB (110285 bytes)
Hash 4a42c869cd15279d02d94e21aab77581
ec5cedead88207858404ab2fa1fb7ddb1d4ed615
b0d6e71e48de130e4b0a7e54ddaee478df73dce7ace894f8e5525ce85d2fcdfe
GET /wordpress/wp-includes/css/dist/block-library/style.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 110285
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 21:49:08 GMT
ETag: "1aecd-5ed8953650374"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1671143364
217.160.0.146200 OK 9.1 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1671143364
IP 217.160.0.146:0
File type ASCII text, with very long lines (413)
Hash df1ac43c837245f907362d0f6d2e2987
9631f060db25d740ed27e9f53cb7c8f85ec7b6eb
2bb70f4fa873d8f9de890de1ff0ebbe0feecb5b0626ac9053a9e41ecb09489e7
GET /wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1671143364 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 9096
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Thu, 15 Dec 2022 22:29:24 GMT
ETag: "2388-5efe5629d6687"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
217.160.0.146200 OK 20 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (1398)
Hash 89c2098768ea0d8115cec383a1b40a57
9c2600f50dc89316029b6db5c654b0e230b9179b
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
GET /wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 19858
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 13:54:59 GMT
ETag: "4d92-52704407f72c0"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
217.160.0.146200 OK 539 B URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
IP 217.160.0.146:0
Hash 0d4e877bae638671ee00026f99aee255
d2313de1204d9bf0a21013fc2ee7fd6da43b2e9d
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
GET /wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 539
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:04 GMT
ETag: "21b-526fe6d7cd700"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
217.160.0.146200 OK 6.2 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
IP 217.160.0.146:0
Hash dd4c11a6c70bed24ded363a14389c900
ed65f364a2e6adac017edd866376f5046211bda9
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
GET /wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6225
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 13:55:09 GMT
ETag: "1851-5270441180940"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.7
217.160.0.146200 OK 27 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.7
IP 217.160.0.146:0
Hash 359aca8a88b2331aa34ac505acad9911
800a4f56bb87049e1f0d45cf93c4e8ef79144b45
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
GET /wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.7 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 27249
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Tue, 13 Dec 2022 22:44:00 GMT
ETag: "6a71-5efbd5b272863"
Accept-Ranges: bytes
w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0
54.230.111.32301 Moved Permanently 167 B URL HTTP/1.1 w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0
IP 54.230.111.32:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0 HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 20 Dec 2022 23:22:43 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0
X-Cache: Redirect from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bRR6dHwp7go-1BWYyxIk1-t8eIo07mEs_55Wd2C06-0FVQsDoMagEA==
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png?resize=300%2C300&ssl=1
192.0.77.2200 OK 9.2 kB URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png?resize=300%2C300&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e64e41faecc694e82121d08f2e019c71
ab865e35f21555007ad1833a4d4c752ad86b7af0
17a6e4ad948f3ac15cb1bd2abf15f370302ffd140332e215afede55325c83abf
GET /securityaffairs.co/wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png?resize=300%2C300&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: image/webp
content-length: 9158
last-modified: Tue, 20 Dec 2022 21:03:15 GMT
expires: Fri, 20 Dec 2024 09:03:15 GMT
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png>; rel="canonical"
x-content-type-options: nosniff
etag: "2c14f458d62ddb5a"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.38.198.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.198.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IMJQ+TDpPJj8NfxzEpvELw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Wt4OsOtWBD88j5UAdr/0/NM2lPM=
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png
192.0.77.2200 OK 672 B URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7e4edd48d35d5e83a4a6c7f2e01aefb7
ebfe115fcf53ab132ac0536f51c1be738a2227bd
c0515f174257e5e8c2b69445e28f1cca8792be06d315b7772fc16234937d5cde
GET /securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: image/webp
content-length: 672
last-modified: Mon, 04 Jul 2022 08:59:08 GMT
expires: Wed, 03 Jul 2024 20:59:08 GMT
cache-control: public, max-age=63115200
link: <http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
x-content-type-options: nosniff
etag: "b30f6a078b4dc97a"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png
192.0.77.2200 OK 514 B URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6e764d8ed633d6abca0a6620d62f6752
44ba140825184c84fcead787fe6deb3fa36f3ec6
2bae9fc3e57c860103d1e03360ba3246e3b6c5bcaa6f3183ce8066cc69843a5d
GET /securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: image/webp
content-length: 514
last-modified: Mon, 04 Jul 2022 08:59:08 GMT
expires: Wed, 03 Jul 2024 20:59:08 GMT
cache-control: public, max-age=63115200
link: <http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
x-content-type-options: nosniff
etag: "1146ce0b27316a0a"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png
192.0.77.2200 OK 600 B URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1d5e1894c25f3e1ab33b514604357ffe
e579b7151d1b13f30b95bfcf313f159b6632c3f6
1b582acaf161db1ef436343a487e95a35a5ee579d35893ad726dce7fa4b85b4c
GET /securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: image/webp
content-length: 600
last-modified: Mon, 04 Jul 2022 08:59:08 GMT
expires: Wed, 03 Jul 2024 20:59:08 GMT
cache-control: public, max-age=63115200
link: <http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
x-content-type-options: nosniff
etag: "5049996ff4013047"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/whatsapp.png
192.0.77.2200 OK 3.1 kB URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/whatsapp.png
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cb10106bff2b8bad2a17969b428a3412
97fb8af1237aede606adfeeba7562639fb1b5670
99e52ba5a89ec8b90b259b9c3379c6277f1a25916a850fc7a6d0c8a6c1410b2f
GET /securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/whatsapp.png HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: image/webp
content-length: 3084
last-modified: Thu, 10 Nov 2022 20:09:53 GMT
expires: Sun, 10 Nov 2024 08:09:53 GMT
cache-control: public, max-age=63115200
link: <http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/whatsapp.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9fd7d842cdd9dbca"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
217.160.0.146200 OK 1.7 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
IP 217.160.0.146:0
Hash 88ade579f6984a9daf40c2b01155a4b6
b3885a77816419ef42a51b9b724e2e089dd7d8b1
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
GET /wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 1716
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:02 GMT
ETag: "6b4-526fe6d5e5280"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
217.160.0.146200 OK 334 B URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
IP 217.160.0.146:0
Hash 70d0cc2e5e4e2865e170d8d10ba00a23
aa1041fa1798be482781b68b334f29c2d4a58592
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
GET /wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 334
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:02 GMT
ETag: "14e-526fe6d5e5280"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
217.160.0.146200 OK 18 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (17618)
Hash fa6868c22ceca7f65191ec25c68a9bb5
c068cd49f2dd57e8162c1ad380fc63f0ec59cb1a
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
GET /wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 17780
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:02 GMT
ETag: "4574-526fe6d5e5280"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
217.160.0.146200 OK 4.5 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
IP 217.160.0.146:0
Hash 53ca869e63e27c9b61e131b76811f447
8475c53af2ed2568ab97f6d714d80f4137c0a5ac
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
GET /wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4493
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:18 GMT
ETag: "118d-526fe6e527680"
Accept-Ranges: bytes
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/12/Ukraine-Delta.png?resize=1024%2C441&ssl=1
192.0.77.2200 OK 129 kB URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/12/Ukraine-Delta.png?resize=1024%2C441&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 129 kB (129150 bytes)
Hash 8cbed9a0b839eaef9894ab40d10257a5
01a66ee50d83d45733e2914188e86adf7b02bb47
152681725d30cde88a997ad19ec42c46a2f095d054a05f1f60c7eb4b6b7eb7d5
GET /securityaffairs.co/wordpress/wp-content/uploads/2022/12/Ukraine-Delta.png?resize=1024%2C441&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: image/webp
content-length: 129150
last-modified: Tue, 20 Dec 2022 23:12:03 GMT
expires: Fri, 20 Dec 2024 11:12:03 GMT
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2022/12/Ukraine-Delta.png>; rel="canonical"
x-content-type-options: nosniff
etag: "559972bd173edb58"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
217.160.0.146200 OK 51 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 217.160.0.146:0
File type ASCII text, with very long lines (497)
Hash 509e7d346fed3c0e1eee874e24980f89
a35d7fe42e73f7f7ce6207b4e7f7b85e8d787f9d
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
GET /wordpress/wp-content/themes/rigel_old/css/grid.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 50674
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:03 GMT
ETag: "c5f2-526fe6d6d94c0"
Accept-Ranges: bytes
served-by.pixfuture.com/www/delivery/headerbid.js
161.35.253.218200 OK 3.0 kB URL HTTP/1.1 served-by.pixfuture.com/www/delivery/headerbid.js
IP 161.35.253.218:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (3008), with no line terminators
Hash ad935576f0e3e6c26f5eb5d4a2422e42
a046363e5bc5a54fc6ba5ec21cffbf8474f47817
216016b134fe4e887e1dc338ae4aca8c8e4da7b367258e75d41599c83c9f16af
GET /www/delivery/headerbid.js HTTP/1.1
Host: served-by.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 3008
content-type: text/javascript; charset=utf-8
last-modified: Tue, 20 Dec 2022 21:17:52 GMT
date: Tue, 20 Dec 2022 23:22:43 GMT
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.6
217.160.0.146200 OK 13 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.6
IP 217.160.0.146:0
File type ASCII text, with very long lines (9401)
Hash 999afdf6e9828e11b66c7931955c79d3
43185323eeca5c2dbf23045bbc3d33232710f825
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
GET /wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.6 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 12591
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 07 Dec 2022 00:24:15 GMT
ETag: "312f-5ef31f0c498d9"
Accept-Ranges: bytes
w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0
54.230.111.32200 OK 7.9 kB URL HTTP/2 w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0
IP 54.230.111.32:0
File type C source, ASCII text, with very long lines (27236), with no line terminators
Hash 990365ccdf4eebf164214f992d8ddfbc
b485f83e096515d93dfec5d8dc420d571ef06254
947238672d5912dffc77bde8e413752ecd69e6062c68c09ae20274b55f37ffdd
GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.4.0 HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 7903
content-encoding: gzip
server: nginx/1.20.1
x-robots-tag: noindex, nofollow
date: Tue, 20 Dec 2022 23:21:27 GMT
cache-control: max-age=259200
expires: Fri, 23 Dec 2022 23:21:27 GMT
etag: W/"634f185a-6a64"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mvpdIJq4cc0WYjjhTJoG7lffBmoNk-Jg2EOWZ5dPa3Aj1csmX4nJCw==
age: 76
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.6
217.160.0.146200 OK 19 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.6
IP 217.160.0.146:0
Hash c944677517480aa671ef272fe7b23441
c03826d06e86db52c183e105dc85eb6ebb0a2a07
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c
GET /wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.6 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 18833
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 07 Dec 2022 00:24:19 GMT
ETag: "4991-5ef31f0ff4041"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
217.160.0.146200 OK 25 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
IP 217.160.0.146:0
Hash c91800f536bebf3fd9b3f710b174d10d
2ce6cc995ddcd4b6ab79c222d9aff82fec7994cc
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
GET /wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 25300
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 09 Dec 2020 23:31:00 GMT
ETag: "62d4-5b61073acf500"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
217.160.0.146200 OK 113 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
IP 217.160.0.146:0
File type assembler source, ASCII text, with very long lines (374)
Size 113 kB (112708 bytes)
Hash 75b235d4ed83402d864ee334c782e1ff
42a4df5f1d0d5398f145e982989789c4d93cbb2e
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
GET /wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 112708
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:04 GMT
ETag: "1b844-526fe6d7cd700"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.7
217.160.0.146200 OK 34 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.7
IP 217.160.0.146:0
Hash dffa195b546cf1dfd52f2206955eb892
a3d48e8f126eb96d12191d76ed71ad2bc8651d59
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f
GET /wordpress/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.7 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 34179
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Tue, 13 Dec 2022 22:44:00 GMT
ETag: "8583-5efbd5b275743"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
217.160.0.146200 OK 562 B URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
IP 217.160.0.146:0
Hash fd510c56def3dc3c05a13c409f438460
5984f892a2f58f93059603a0e02de311dff72257
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
GET /wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 562
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Sat, 08 May 2021 23:27:41 GMT
ETag: "232-5c1d9e402b540"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d
217.160.0.146200 OK 32 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 217.160.0.146:0
File type Unicode text, UTF-8 text, with very long lines (12979)
Hash ce42c1bfad66df1aa7c3e32b8f9ea944
1d86a01ab718b070ac823caa80b3e55bd7761572
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc
GET /wordpress/wp-includes/js/twemoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 32400
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 25 May 2022 22:59:02 GMT
ETag: "7e90-5dfde04f437ff"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d
217.160.0.146200 OK 9.0 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d
IP 217.160.0.146:0
File type ASCII text, with very long lines (786)
Hash 2aae979a0e8bced7b6483b8671072ebd
3be976da211a91625d4993bd600692939c57c3b2
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
GET /wordpress/wp-includes/js/wp-emoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 8989
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Tue, 31 Mar 2020 22:49:14 GMT
ETag: "231d-5a22e60748e80"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
217.160.0.146200 OK 1.8 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
IP 217.160.0.146:0
Hash f89749c5ee18c5e9aa0fda70690acfa0
c8f8dff748381f318bd3011bc010d42528ac50ab
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
GET /wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1760
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 07 Dec 2022 00:24:19 GMT
ETag: "6e0-5ef31f0fba665"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
217.160.0.146200 OK 365 B URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
IP 217.160.0.146:0
Hash 7ad1d51e7c25b562250f051b75c550cf
f74e0ce554e78370f8cd710f880186f069fca0ac
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
GET /wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 365
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 22:34:55 GMT
ETag: "16d-5edb232c94485"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.1
217.160.0.146200 OK 290 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.1
IP 217.160.0.146:0
Size 290 kB (289832 bytes)
Hash e58bd16dd19ee38d5fa291d15c872bde
b941ef8b6171125ef746e869ca41991c28f32c43
f3e547dd68cdf81e0eee07f2cd672da320942336f3db781d19c134220125ab6f
GET /wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 289832
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 22:28:25 GMT
ETag: "46c28-5ec9879c17389"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
217.160.0.146200 OK 987 B URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
IP 217.160.0.146:0
Hash 48f1f74bfd24b6e2d3808284e591a783
e0027db2b931d4f817fb657ad5bdc48e50872180
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
GET /wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 987
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:17 GMT
ETag: "3db-526fe6e433440"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
217.160.0.146200 OK 4.4 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
IP 217.160.0.146:0
Hash e82a7bca2c561de3790788a01bd2a34f
618e879098c81ae084264ad0ab8f99cc00b3ee21
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
GET /wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4371
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:17 GMT
ETag: "1113-526fe6e433440"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
217.160.0.146200 OK 2.6 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
IP 217.160.0.146:0
Hash ea961504a723f4cd772bf528d872d1c5
9b89aa65166bf07918ae4c423b2854fed6abd7b7
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
GET /wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 2614
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:16 GMT
ETag: "a36-526fe6e33f200"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
217.160.0.146200 OK 8.1 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
IP 217.160.0.146:0
Hash 6516449ed5089677ed3d7e2f11fc8942
82e40d060bc269a6dde20c3990ca5a4fea6ca754
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
GET /wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 8097
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:17 GMT
ETag: "1fa1-526fe6e433440"
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-59069958-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-59069958-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash a788b4c961ac95bd9587ac36cf9bbbed
244a64756731262fefac1ec5cce18dd6f9bf6659
a68eb428073e789f44a63bb576070972627b331dff5be1bab491af5bf2a7ed75
GET /gtag/js?id=UA-59069958-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 20 Dec 2022 23:22:43 GMT
expires: Tue, 20 Dec 2022 23:22:43 GMT
cache-control: private, max-age=900
last-modified: Tue, 20 Dec 2022 23:05:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43653
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
217.160.0.146200 OK 21 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (21327)
Hash 850417bf7853c0623933a47243cb3a5a
87593ab91c82baeed40e124071ef17990a5dc53a
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
GET /wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 21422
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 13:55:10 GMT
ETag: "53ae-5270441274b80"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
217.160.0.146200 OK 8.0 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (7808)
Hash dfe0eedf8da578f4a4c43b05448c51d9
812d7071b4e44b1aa5d5ea6c7ce0b79eb9d46520
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
GET /wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 8044
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:18 GMT
ETag: "1f6c-526fe6e527680"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
217.160.0.146200 OK 11 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (10480)
Hash 21e90d217803a77ef8501930aa6b1be9
4897945b9aba2c6f6dcafa095fea38fe680ff5ab
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
GET /wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 10855
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:17 GMT
ETag: "2a67-526fe6e433440"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
217.160.0.146200 OK 3.1 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (3096), with no line terminators
Hash 60c44bd675aad6efba6fa495ee520d8e
28137cb36a50acbe94da78a2739fb4b78cafd925
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
GET /wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 3096
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:17 GMT
ETag: "c18-526fe6e433440"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
217.160.0.146200 OK 13 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (12726)
Hash 4b8ba0d5d18b027de91e5635ea144c36
d478eb67cfd5dc6864b600112ebcaa38cec746b2
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
GET /wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 12837
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:17 GMT
ETag: "3225-526fe6e433440"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
217.160.0.146200 OK 13 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
IP 217.160.0.146:0
Hash 866979bea4b6498cb9558738c94c2159
836b6e8dd9f1a9513902ba825343a9fc96f0b15f
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
GET /wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 12756
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:16 GMT
ETag: "31d4-526fe6e33f200"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
217.160.0.146200 OK 71 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
IP 217.160.0.146:0
File type HTML document, ASCII text, with very long lines (622)
Hash 9075ef6303cc251092a0d6bfdd3a2093
bbc87738105c9deb3be3d80ecdfe589603271784
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
GET /wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 71025
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 13:55:14 GMT
ETag: "11571-5270441645480"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.6
217.160.0.146200 OK 18 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.6
IP 217.160.0.146:0
Hash 6e1d100820e4bad2eec1b9e13c456566
3228ec2ce799bffe13da5c557f50230cee87eec3
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712
GET /wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.6 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 17831
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
Last-Modified: Wed, 07 Dec 2022 00:24:19 GMT
ETag: "45a7-5ef31f0ff4041"
Accept-Ranges: bytes
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
217.160.0.146200 OK 12 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
IP 217.160.0.146:0
File type ASCII text, with very long lines (844)
Hash 0c2c59d26839f89dc358b5824c33a06b
a44a636920f3f8d4ab5062e1a2540290f71de54c
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
GET /wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
HTTP/1.1 200 OK
Content-Type: text/css; charset: UTF-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:43 GMT
Server: Apache
pixel.wp.com/g.gif?v=ext&blog=29506073&post=139859&tz=0&srv=securityaffairs.co&j=1%3A11.6&host=securityaffairs.co&ref=&fcp=0&rand=0.43794821766330383
192.0.76.3200 OK 50 B URL HTTP/1.1 pixel.wp.com/g.gif?v=ext&blog=29506073&post=139859&tz=0&srv=securityaffairs.co&j=1%3A11.6&host=securityaffairs.co&ref=&fcp=0&rand=0.43794821766330383
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&blog=29506073&post=139859&tz=0&srv=securityaffairs.co&j=1%3A11.6&host=securityaffairs.co&ref=&fcp=0&rand=0.43794821766330383 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 23:22:44 GMT
Content-Type: image/gif
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Origin: *
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c51cbcd878b19299cfd1c505331ef57a
9d842afb5a8dd94b5a550a42054a54ba92d84179
fdcea0dc0da97d6a1fc0937eafa49e4c470888abb5cd2d9d8507109f676ea7e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6424
Cache-Control: max-age=86483
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Etag: "63a0d97f-117"
Expires: Wed, 21 Dec 2022 23:24:07 GMT
Last-Modified: Mon, 19 Dec 2022 21:37:03 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.35200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 20 Dec 2022 17:44:07 GMT
Expires: Wed, 20 Dec 2023 17:44:07 GMT
Cache-Control: public, max-age=31536000
Age: 20317
Last-Modified: Tue, 26 Apr 2022 15:48:56 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
142.250.74.35200 OK 18 kB URL HTTP/1.1 fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 17908, version 1.0\012- data
Hash e46b4e2e3b47cc232937ebf72b4c537e
2675bc06ee643b8c935370325a327efb74746e6a
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
GET /s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 17908
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 19 Dec 2022 22:47:30 GMT
Expires: Tue, 19 Dec 2023 22:47:30 GMT
Cache-Control: public, max-age=31536000
Age: 88514
Last-Modified: Mon, 18 Jul 2022 19:23:34 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.35200 OK 23 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23040
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 16 Dec 2022 13:33:29 GMT
Expires: Sat, 16 Dec 2023 13:33:29 GMT
Cache-Control: public, max-age=31536000
Age: 380955
Last-Modified: Tue, 26 Apr 2022 15:56:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
142.250.74.35200 OK 36 kB URL HTTP/1.1 fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 35764, version 1.0\012- data
Hash 60f23230f1a8d5c3b7d25b73f5b5ce23
ed08ada85d017893b9bcb8224e99154c6708f5d2
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
GET /s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 35764
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 20 Dec 2022 15:03:47 GMT
Expires: Wed, 20 Dec 2023 15:03:47 GMT
Cache-Control: public, max-age=31536000
Age: 29937
Last-Modified: Mon, 18 Jul 2022 19:06:36 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
142.250.74.35200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 24408, version 1.0\012- data
Hash efee2d080d7bebdd2e0aeb2e030813a0
f8d38f9f9584e48c2e469877ebd94232265585f1
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
GET /s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 24408
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 20 Dec 2022 23:14:31 GMT
Expires: Wed, 20 Dec 2023 23:14:31 GMT
Cache-Control: public, max-age=31536000
Age: 493
Last-Modified: Tue, 26 Apr 2022 15:50:25 GMT
Content-Type: font/woff2
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
217.160.0.146200 OK 44 kB URL HTTP/1.1 securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
IP 217.160.0.146:0
File type Web Open Font Format, TrueType, length 44432, version 1.0\012- data
Hash 3293616ec0c605c7c2db25829a0a509e
04c3bf56d87a0828935bd6b4aee859995f321693
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
GET /wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3 HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 44432
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:44 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 06:58:09 GMT
ETag: "ad90-526fe6dc92240"
Accept-Ranges: bytes
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
192.0.77.2200 OK 30 kB URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash aafab7f97ff9fb21ddc2359e2ec18fb3
c54b9940b08d8bedfb4bfa5cc533586443676cf5
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
GET /securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: image/webp
content-length: 30524
last-modified: Tue, 08 Nov 2022 04:54:05 GMT
expires: Thu, 07 Nov 2024 16:54:05 GMT
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0684319ed30e1ba3"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
192.0.77.2200 OK 7.2 kB URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 290x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6a35c61c9aaeaf86349a8c1fad3f7064
2e15728671e812bc343b69b9565ffaab926879cb
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
GET /securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: image/webp
content-length: 7234
last-modified: Tue, 25 Oct 2022 13:21:11 GMT
expires: Fri, 25 Oct 2024 01:21:11 GMT
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "c49875f49495219d"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
192.0.77.2200 OK 19 kB URL HTTP/2 i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cdf2e97c952682a63aa158ced1726e76
6fc80be2e85a48013a80711a5ba43cf95c484d77
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
GET /securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: image/webp
content-length: 18968
last-modified: Thu, 15 Dec 2022 19:36:07 GMT
expires: Sun, 15 Dec 2024 07:36:07 GMT
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
x-content-type-options: nosniff
etag: "3dbae0b1d2952adb"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png
217.160.0.146200 OK 251 kB URL HTTP/2 securityaffairs.co/wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png
IP 217.160.0.146:0
File type PNG image data, 2048 x 1365, 8-bit/color RGBA, non-interlaced\012- data
Size 251 kB (250764 bytes)
Hash 5405d3680bd5d4e64b655a11b7c77e6b
6551ba6b9939911d59fd8961600dfcb65a40793c
fef95949a634170ae941b05660312fcb8375c33f3ebd213f555df9c05a4fa53d
GET /wordpress/wp-content/uploads/2022/12/gamaredon-NATO.png HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 250764
date: Tue, 20 Dec 2022 23:22:44 GMT
server: Apache
last-modified: Tue, 20 Dec 2022 20:53:49 GMT
etag: "3d38c-5f048a1fa35aa"
accept-ranges: bytes
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
217.160.0.146200 OK 45 kB URL HTTP/2 securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
IP 217.160.0.146:0
File type PNG image data, 515 x 266, 8-bit/color RGBA, non-interlaced\012- data
Hash 1ba0bd739ff99f4c5c1417f3373c042b
2cc73195a32c335fe59e1da8498c682ab8b28724
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
GET /wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 45289
date: Tue, 20 Dec 2022 23:22:44 GMT
server: Apache
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
etag: "b0e9-5270743f5f480"
accept-ranges: bytes
X-Firefox-Spdy: h2
securityaffairs.co/wordpress/wp-content/uploads/2022/12/Gatekeeper-bypass.png
217.160.0.146200 OK 206 kB URL HTTP/2 securityaffairs.co/wordpress/wp-content/uploads/2022/12/Gatekeeper-bypass.png
IP 217.160.0.146:0
File type PNG image data, 770 x 527, 8-bit/color RGBA, non-interlaced\012- data
Size 206 kB (206105 bytes)
Hash e960e15240e8e0e865272e33fa2ca5d0
b231a8e5a896e08defa81bbeca36bbc5932aea6b
7d8f9d62aa8a6e6079f4046ebfcc771d0686720b814410506e3cb6d10ea81152
GET /wordpress/wp-content/uploads/2022/12/Gatekeeper-bypass.png HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 206105
date: Tue, 20 Dec 2022 23:22:44 GMT
server: Apache
last-modified: Tue, 20 Dec 2022 15:45:52 GMT
etag: "32519-5f04454a5afa0"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7e08038d231a36017eeb34e196503abf
e4193f43a66e1b9629caf42da570867ad215b98d
303d1ca3c56a97f9a12768b7ffee3332119f9df795c87045d21561e311173013
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5523
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Last-Modified: Tue, 20 Dec 2022 21:50:41 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Wed, 21 Dec 2022 03:17:02 GMT
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Wed, 21 Dec 2022 03:17:02 GMT
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14058
Expires: Wed, 21 Dec 2022 03:17:02 GMT
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ee781b4dac0e5f31cad54166a2bf7ae
a5357119d272bbe12c5b04ce485adde44baab79e
888def1ab766561e373c83c6e9479a0ac0a8644f92bcf02ebf4cd110d0f53579
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6809
x-amzn-requestid: 392b7c42-81b7-4ab8-84bc-e2bc48eb6c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dX5RAE19oAMFVKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639fd59f-78738e5d7cec75db6ccc5507;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 03:08:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: khJQIYa8pgVvRmBe4gdU5a8InsztW9pdj0wBDk7Ih-W4wJjNJm-GTg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 03:33:06 GMT
age: 71378
etag: "a5357119d272bbe12c5b04ce485adde44baab79e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4aa7e9e3fe28e9c401786f7415171f7
8482a47175ff105957d640269bc14ee1fbc97448
2215ff2537f927e2baf4f713fc947afefc83b416719113ce516aa00f2a4e0708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 4fb9a698-c429-49e1-a2c5-b9388f03b044
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: daGQIEuSoAMFnBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0b733-53b8088f0d8863f813b9967e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 19:10:43 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: axz1LSfJfBvAFuJl53Sl6Kh7r2R4FiTuDB3Xb_XI5AwXB20Gs4rg5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:49:59 GMT
age: 5565
etag: "8482a47175ff105957d640269bc14ee1fbc97448"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ccd69f0-2174-4a60-b9c2-46141742ba9c.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ccd69f0-2174-4a60-b9c2-46141742ba9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 685a370dbd8daf59af56aa50cdcb06f0
45ff61e7536301bd2914808309827c6b75169f91
eaee830f130a76af7ed96519ede5a2fb08283ccbf619c61b11453c74c1b676a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ccd69f0-2174-4a60-b9c2-46141742ba9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5905
x-amzn-requestid: b5654aab-2736-4b70-9321-562a3bf004d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_BHfroAMFZKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-0774a1eb6edcfa2d24433abe;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 4eUIbaroq9s9LGbZqtjwHY0AW99CUWE5MuyzdTnNNYOIn6o3ixYmdA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:37:41 GMT
age: 6303
etag: "45ff61e7536301bd2914808309827c6b75169f91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b67d0976563ea9460d94e27ff920f9da
f1998577eb3bc2214f195f72a8a1b4ad8aa6bc92
c7ec3c4b87b700796008690562a6033481a7ad826fb2f45875cd6add06189568
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda2ee895-fc83-4df7-99f1-2bbc9cf77c8b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10154
x-amzn-requestid: f317432b-7dda-439b-bc02-9c76412e9de1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_DGlfoAMF5Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-13a5af4c477a1019544222f4;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: zee8fH2mx78hr5oICfnTrdmJeFcioNt_4_eo8ffiKApLll4cbLR82A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:50:12 GMT
age: 5552
etag: "f1998577eb3bc2214f195f72a8a1b4ad8aa6bc92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45b5057a-7f1e-4401-a991-6c35e54140aa.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45b5057a-7f1e-4401-a991-6c35e54140aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b63f37d9455ec0fdeb46d628b1cef90
1d0384cf30a2b1e7ad5748f4ec820b432b0bb1af
196b899e4776dad86a6e2b7a82fb583194389c950e4ae4fd41e0ebda40a133ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45b5057a-7f1e-4401-a991-6c35e54140aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9447
x-amzn-requestid: c76e38ad-4a6e-4fde-89ba-451fb9755dcb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dX5QpGXmIAMF59g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639fd59d-5e63bdd969ff01ff1d08d096;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 03:08:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ra-tbuwEx2ZzQXldz7E32wXM8y3j5_o0DKUGMWiQhXarRQpqfUxEvA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 05:03:02 GMT
age: 65982
etag: "1d0384cf30a2b1e7ad5748f4ec820b432b0bb1af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575228
161.35.253.218200 OK 13 kB URL HTTP/1.1 served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575228
IP 161.35.253.218:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (2508)
Hash e55f0a8fcdc8f5d3c1dc9691466049b0
cfad88db6c91088c8550207cc437845ac4a14e8c
e2d5e1f7950c1e7ec9391215ae2fbdbdcfa03851c5c90a11122cb073793c4027
POST /www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575228 HTTP/1.1
Host: served-by.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Content-Length: 0
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Pragma,Access-Control-Max-Age,Expires,Vary,Cache-Control,Access-Control-Allow-Origin
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
date: Tue, 20 Dec 2022 23:22:44 GMT
transfer-encoding: chunked
cdn.pixfuture.com/hb_v2.js
172.67.68.113200 OK 52 kB URL HTTP/2 cdn.pixfuture.com/hb_v2.js
IP 172.67.68.113:0
File type ASCII text, with very long lines (31629)
Hash 922ec7a6a23dc1b8be8731c6a96510a3
8816ec403c8c017a48aaa6ae760a0889cef08414
b5ae6a22f0dd913eb398f73c5b459b395640fd6a352e135c9899d05c7c5265aa
GET /hb_v2.js HTTP/1.1
Host: cdn.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
cache-control: public, max-age=172800, no-transform
cf-bgj: minify
etag: W/"63a22621-968b"
expires: Thu, 22 Dec 2022 21:16:56 GMT
last-modified: Tue, 20 Dec 2022 21:16:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 7540
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHAz%2Bq8U%2B8mcHY18gqdfqPFjdvs1IgUbc3Li1AEoRK5IXqhHHc5PDVtoQgSiWKaQ5eyPvtgEYG7kNcMJjYKChFAftCGoKElLXq9seVAuYNZxc%2FOc7xzNNE7e%2BRq6Kx6DZQHx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cc1f29bf701c02-OSL
X-Firefox-Spdy: h2
cdn.pixfuture.com/cdn-cgi/rum?
172.67.68.113204 No Content 0 B URL HTTP/2 cdn.pixfuture.com/cdn-cgi/rum?
IP 172.67.68.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: cdn.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1353
Origin: https://cdn.pixfuture.com
Connection: keep-alive
Referer: https://cdn.pixfuture.com/pixf_sync.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:44 GMT
access-control-allow-origin: https://cdn.pixfuture.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 77cc1f2c48da1c02-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575228
161.35.253.218200 OK 13 kB URL HTTP/1.1 served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575228
IP 161.35.253.218:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (2508)
Hash 42c3ca580af1aa2c9b4697831231d234
e7460e3f4b96f7b06d49897effe0a62d9862fdf9
cc6c62432a9959eb8ea205b79d8e9d9773dff29707cb1ead5bd57c21d1dab11a
POST /www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575228 HTTP/1.1
Host: served-by.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Content-Length: 0
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Pragma,Access-Control-Max-Age,Expires,Vary,Cache-Control,Access-Control-Allow-Origin
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
date: Tue, 20 Dec 2022 23:22:44 GMT
transfer-encoding: chunked
served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575227
161.35.253.218200 OK 17 kB URL HTTP/1.1 served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575227
IP 161.35.253.218:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (2661)
Hash 2fd4e7a50feda39d001ead206de22cd5
1b07d68d9f3e9b172b82c88aaa2d54a25a2abf3d
48b94b220bd37e7e6a1547e9b2aabd81e58f7411595df410473ba9fa57ff5a1f
POST /www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=uac0142,apt,targets,ukraines,delta,military,intelligence,programsecurity,affairs&refUrl=&refresh=false&innerWidth=1280&cb=1671578575227 HTTP/1.1
Host: served-by.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Content-Length: 0
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Pragma,Access-Control-Max-Age,Expires,Vary,Cache-Control,Access-Control-Allow-Origin
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
date: Tue, 20 Dec 2022 23:22:44 GMT
transfer-encoding: chunked
contextual.media.net/dmedianet.js?cid=8CU5BD6EW
2.18.172.23302 Moved Temporarily 0 B URL HTTP/1.1 contextual.media.net/dmedianet.js?cid=8CU5BD6EW
IP 2.18.172.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dmedianet.js?cid=8CU5BD6EW HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 20 Dec 2022 22:41:08 GMT
expires: Wed, 21 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 2496
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securityaffairs.co/favicon.ico
217.160.0.146200 OK 893 B URL HTTP/1.1 securityaffairs.co/favicon.ico
IP 217.160.0.146:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5be3b8da62df4aa590cddbf2cf567fbc
a9b5fefcfcf3f6a591c7fb264a93a11474069ec8
1f8fa48d0f7eee91367da598c0dcdf51a5af6c0701657c5474ea32e24e8e697a
GET /favicon.ico HTTP/1.1
Host: securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/wordpress/139859/intelligence/ukraine-delta-military-intelligence-attack.html
Cookie: cookielawinfo-checkbox-necessary=yes; cookielawinfo-checkbox-non-necessary=yes
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Content-Length: 893
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 20 Dec 2022 23:22:44 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2015 00:43:03 GMT
ETag: "37d-526f93052d3c0"
Accept-Ranges: bytes
contextual.media.net/dmedianet.js?cid=8CU5BD6EW
2.18.172.23302 Moved Temporarily 0 B URL HTTP/1.1 contextual.media.net/dmedianet.js?cid=8CU5BD6EW
IP 2.18.172.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dmedianet.js?cid=8CU5BD6EW HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
contextual.media.net/dmedianet.js?cid=8CU5BD6EW
2.18.172.23302 Moved Temporarily 0 B URL HTTP/1.1 contextual.media.net/dmedianet.js?cid=8CU5BD6EW
IP 2.18.172.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dmedianet.js?cid=8CU5BD6EW HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
contextual.media.net/dmedianet.js?cid=8CU5BD6EW
2.18.172.23200 OK 368 B URL HTTP/2 contextual.media.net/dmedianet.js?cid=8CU5BD6EW
IP 2.18.172.23:0
Hash 0a211124c92058e58d1f98585a9ae0c2
9451e844dd27b2f6844ba4848b45fae53097b8fb
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
GET /dmedianet.js?cid=8CU5BD6EW HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-length: 368
content-type: text/javascript; charset=utf-8
x-mnt-h: 21-dsjj
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-control: max-age=300
expires: Tue, 20 Dec 2022 23:27:44 GMT
date: Tue, 20 Dec 2022 23:22:44 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 79abe05118cc3388e8d9ba5aae3c981e
3bdd0a007c8505a516fcf78e75d1c84a2223be59
2dc339761bd99361cb4d4df74e89d7227ef20be0ea3235c068676535b770104d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3197
Cache-Control: max-age=115287
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Etag: "63a1569e-2d7"
Expires: Thu, 22 Dec 2022 07:24:11 GMT
Last-Modified: Tue, 20 Dec 2022 06:30:54 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 727
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.57.101200 OK 6.2 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.57.101:0
Hash 96ba1cda4a8f42e828e54b4eeb80a961
278aa5015790641056cba3a4da8edd83716019fc
9ae7ea58c1311302f8603466ec6443e7262c15e99ff22a7fef0f8f577caaa10c
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.pixfuture.com
Connection: keep-alive
Referer: https://cdn.pixfuture.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cc1f2bda44b515-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
aa.agkn.com/adscores/r.js?sid=9112309848
54.74.181.165200 OK 0 B URL HTTP/2 aa.agkn.com/adscores/r.js?sid=9112309848
IP 54.74.181.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adscores/r.js?sid=9112309848 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/javascript;charset=iso-8859-1
content-length: 0
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3AyxRuuyGSKt8PASprdzvUlQvR0Leg8Mzu; Path=/; Domain=.agkn.com; Expires=Wed, 20-Dec-2023 23:22:44 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 988af1e1f6875668480ff756820cb572
cca98e59b17a9803f905669c7335e4cfd1c31c05
133a3e6da8e8099787929b8c0b0d7bce9afa3395824d7967517dd98bd5c54aa8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Dec 2022 23:22:44 GMT
Last-Modified: Tue, 20 Dec 2022 22:04:00 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qryb0UfoVkwhKNiHUNz_SRb_43TkeZkVx4KrcSB2hy7jMFilOegyRg==
Age: 4724
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2c4ee0b04963cedb600c848eadefb5c8
9e7e67697506c412ced35e7ec0b8e9b1ea3484d9
5dfad198049fa28c05f05df81965319178eb6e7fd593e7d6ff30ed66214b2610
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DFAD198049FA28C05F05DF81965319178EB6E7FD593E7D6FF30ED66214B2610"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7493
Expires: Wed, 21 Dec 2022 01:27:37 GMT
Date: Tue, 20 Dec 2022 23:22:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash fc84a2b2389cfa62d8aff17021857ffb
bcf314a1b45e3b9b9a24fc03eb128121533b6f80
7d811aabf985f9a7d7d1e1e8972ebbd689ac38cf95b625b579f3fe1b1eeed3de
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5898
Cache-Control: max-age=134542
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Etag: "63a19748-138"
Expires: Thu, 22 Dec 2022 12:45:06 GMT
Last-Modified: Tue, 20 Dec 2022 11:06:48 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 312
l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1671578575041.28205&hostname=securityaffairs.co&location=%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&title=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&sop=false&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D
35.156.163.73204 No Content 0 B URL HTTP/1.1 l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1671578575041.28205&hostname=securityaffairs.co&location=%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&title=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&sop=false&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D
IP 35.156.163.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pview?event=pview&version=st_insights.js&lang=en&sessionID=1671578575041.28205&hostname=securityaffairs.co&location=%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&title=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&sop=false&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: http://securityaffairs.co
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 20 Dec 2022 23:22:44 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash fc84a2b2389cfa62d8aff17021857ffb
bcf314a1b45e3b9b9a24fc03eb128121533b6f80
7d811aabf985f9a7d7d1e1e8972ebbd689ac38cf95b625b579f3fe1b1eeed3de
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5898
Cache-Control: max-age=134542
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Etag: "63a19748-138"
Expires: Thu, 22 Dec 2022 12:45:06 GMT
Last-Modified: Tue, 20 Dec 2022 11:06:48 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 312
fid.agkn.com/f?apiKey=2194730263&i4=91.90.42.154&r=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&r=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html
34.160.46.1200 OK 0 B URL HTTP/2 fid.agkn.com/f?apiKey=2194730263&i4=91.90.42.154&r=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&r=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html
IP 34.160.46.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f?apiKey=2194730263&i4=91.90.42.154&r=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&r=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html HTTP/1.1
Host: fid.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-type: text/plain;charset=UTF-8
content-length: 0
date: Tue, 20 Dec 2022 23:22:43 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
id5-sync.com/api/config/prebid
162.19.138.120200 135 B URL HTTP/1.1 id5-sync.com/api/config/prebid
IP 162.19.138.120:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1b1e1ecdf4fc4065d636fe238d32ab66
ef7c3433d60081c0af3315ab325ea106296befbf
140e17bdd8186191131c02a6da856adbda9a3d9b961f994407e67f4caeca48e5
POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 129
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Tue, 20 Dec 2022 23:22:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 8a99372491f20711d65016702ffcc2b3
2ccf7c5f06c40976cde13f5847a6050683ce567e
0ed0563939ef3e7005d42a5e34633a9a44d1e6787403e873f09db37448cfa949
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sat, 24 Dec 2022 22:19:11 GMT
ETag: "2ccf7c5f06c40976cde13f5847a6050683ce567e"
Last-Modified: Tue, 20 Dec 2022 22:19:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 79
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cc1f2e0d05b4f7-OSL
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 79abe05118cc3388e8d9ba5aae3c981e
3bdd0a007c8505a516fcf78e75d1c84a2223be59
2dc339761bd99361cb4d4df74e89d7227ef20be0ea3235c068676535b770104d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3197
Cache-Control: max-age=115287
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Etag: "63a1569e-2d7"
Expires: Thu, 22 Dec 2022 07:24:11 GMT
Last-Modified: Tue, 20 Dec 2022 06:30:54 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 727
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 68dfea06ce13871bd6944b2481c50116
bc641a3cf09b1396e25d49dd229645cd277b6ca4
a40961910eb535788d6adf3f758f0d79c75f1ed268259563949adabb38e29a21
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Dec 2022 01:54:54 GMT
Expires: Sun, 25 Dec 2022 01:54:53 GMT
Etag: "bc641a3cf09b1396e25d49dd229645cd277b6ca4"
Cache-Control: max-age=354128,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f2e2e4d1c0a-OSL
match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
3.33.220.150200 OK 63 B URL HTTP/2 match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
IP 3.33.220.150:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b1d6d823a1de485e4ab2918d68daaef8
ce0cc078879c3839adfc3113aa7745b4bf5aeb8f
aec9099345b71bbf35f681305e1d97a7d74616755167fb8bee9a3b7a051f2dd0
GET /track/rid?ttd_pid=yoni5uv&fmt=json HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/json; charset=utf-8
content-length: 63
cache-control: private
expires: Thu, 19 Jan 2023 23:22:44 GMT
vary: Origin
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
34.120.133.55400 Bad Request 18 B URL HTTP/2 api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
IP 34.120.133.55:0
Hash 2841f92241bc385ad46c49c7c5644add
106e93b5ee60cc306b7c2e8d0680f34f45df0613
b9a858b32a2ee0a874c9cf2de93d646f4d3a3f95db1381f52f01cfcd10fa9453
GET /api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
date: Tue, 20 Dec 2022 23:22:44 GMT
content-length: 18
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2c2f30853261334c1661b66564b28bcc
13213307b2cfa82f56e7f3f64fe08756080e1a7c
c4d9a53f9674146850f3b3b89560cf60577981b3b49331637adcf9b1ece67183
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1194
Cache-Control: max-age=143521
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Etag: "63a1ccbb-1d7"
Expires: Thu, 22 Dec 2022 15:14:45 GMT
Last-Modified: Tue, 20 Dec 2022 14:54:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/28HXVhFQgEk
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/28HXVhFQgEk
IP 142.250.74.131:0
Hash e99fcd14efdecb18ad9dd85ad95fd957
f002647935109fb129d05998c213dd72856bd695
ad5f1556e3c147d1eb7ffdc400e01b7fecf570c3f4158ae36c9bb660917a74a4
POST /s/gts1d4/28HXVhFQgEk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=2b34a1a9-2b57-4a92-81f7-0ac23f738362&nocache=1671578575839&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
34.98.64.218200 OK 79 B URL HTTP/2 pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=2b34a1a9-2b57-4a92-81f7-0ac23f738362&nocache=1671578575839&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
IP 34.98.64.218:0
File type JSON data\012- , ASCII text
Hash 2f84d05c53f260a3a55eeee9b046a8b9
9948b28b89b42fb42956052c11c6f24f671ada27
4936cb10040cb31109b70ac2a75699c99597ee7d723fbcc1667256a5518998bd
GET /w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=2b34a1a9-2b57-4a92-81f7-0ac23f738362&nocache=1671578575839&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz HTTP/1.1
Host: pixfuture2-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=1132d824-6e2a-43db-94dc-888843e1e43b&nocache=1671578575971&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C85660e44-8898-4c4d-a4c7-cc2855823958%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
34.98.64.218200 OK 79 B URL HTTP/2 pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=1132d824-6e2a-43db-94dc-888843e1e43b&nocache=1671578575971&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C85660e44-8898-4c4d-a4c7-cc2855823958%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
IP 34.98.64.218:0
File type JSON data\012- , ASCII text
Hash 2e2e5d9fd0f8957d4dcf4e6e37ef86e8
f859d4a4b1d2aba3efb26592854c7486a729e054
7a821914ba360c5c0d20dd54458357621d7e2fcb2c33754a21eeb5f964c3d4cd
GET /w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=1132d824-6e2a-43db-94dc-888843e1e43b&nocache=1671578575971&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C85660e44-8898-4c4d-a4c7-cc2855823958%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz HTTP/1.1
Host: pixfuture2-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=f3719330-098c-4bcb-ae21-ca22d9a7d45e&nocache=1671578575911&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C85660e44-8898-4c4d-a4c7-cc2855823958%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
34.98.64.218200 OK 79 B URL HTTP/2 pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=f3719330-098c-4bcb-ae21-ca22d9a7d45e&nocache=1671578575911&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C85660e44-8898-4c4d-a4c7-cc2855823958%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
IP 34.98.64.218:0
File type JSON data\012- , ASCII text
Hash a2933029afa28ed9e9f51b0c8bb11dee
2a9a8c80d74e821a4865f5d682e290b83a15f656
cfb0beff23f21314758155ef3f43fe43624d892b161e9fb894377215401e0796
GET /w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=f3719330-098c-4bcb-ae21-ca22d9a7d45e&nocache=1671578575911&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C85660e44-8898-4c4d-a4c7-cc2855823958%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz HTTP/1.1
Host: pixfuture2-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
37.252.171.84200 OK 262 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 37dadac4fa7409123362c483097da5d5
7bb359b5bb1c62afce185410fa9806f5944b9acf
988993175542144168d0311f82d5c9d4fdd4e729c17b7ae87636bb5432f98e9a
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2176
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 262
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: a328e143-7d66-4d65-b0a4-e48aa58c499a
Set-Cookie: icu=ChgI3sJXEAoYASABKAEwxYeJnQY4AUABSAEQxYeJnQYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=826296758251972522; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=63fac6cb-ec37-4f20-8b2b-c5fb3d4c0152&nocache=1671578575998&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2Cc81f72c7-221f-40ed-810e-ee57f4764233%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
34.98.64.218200 OK 79 B URL HTTP/2 pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=63fac6cb-ec37-4f20-8b2b-c5fb3d4c0152&nocache=1671578575998&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2Cc81f72c7-221f-40ed-810e-ee57f4764233%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz
IP 34.98.64.218:0
File type JSON data\012- , ASCII text
Hash 02690c33040ee6409fce0d8ae843c830
2c6a726906b509f442c50fd999bd6f4f69f39ad7
36997202ce566137f413128957e8fd2167251cf2ad6177b53735b0064fab89b7
GET /w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=63fac6cb-ec37-4f20-8b2b-c5fb3d4c0152&nocache=1671578575998&pubcid=74fbefcf-4b46-43dc-9173-babbbcd0d473&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2Cc81f72c7-221f-40ed-810e-ee57f4764233%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPXVhYzAxNDIsYXB0LHRhcmdldHMsdWtyYWluZXMsZGVsdGEsbWlsaXRhcnksaW50ZWxsaWdlbmNlLHByb2dyYW1zZWN1cml0eSxhZmZhaXJz HTTP/1.1
Host: pixfuture2-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/28HXVhFQgEk
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/28HXVhFQgEk
IP 142.250.74.131:0
Hash e99fcd14efdecb18ad9dd85ad95fd957
f002647935109fb129d05998c213dd72856bd695
ad5f1556e3c147d1eb7ffdc400e01b7fecf570c3f4158ae36c9bb660917a74a4
POST /s/gts1d4/28HXVhFQgEk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ib.adnxs.com/ut/v3/prebid
37.252.171.84200 OK 265 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c76a1e48ce458b3505b2da9d4fc3d80e
63537dc566a1d55c34a4c130f36c9fed970d725e
20b43f2afdc8508a55d1fa689e12de5dd8a5a95a79b4c477d0d82ae8b447626f
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2206
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 265
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 32135034-fe98-411b-8df3-b00d7297af95
Set-Cookie: icu=ChgI3sJXEAoYASABKAEwxYeJnQY4AUABSAEQxYeJnQYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=300506065073878871; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash e23b60166a39b862a03e68dbe26c7600
415a5e84b2b1cc6cdd773561bb54c8419a2fbb5b
c82553d47d35759770f85493af6333c375c3aac95e689a2515376af6751aebde
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 20 Dec 2022 23:22:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 20 Dec 2022 21:01:52 GMT
Expires: Wed, 21 Dec 2022 21:01:52 GMT
ETag: "415a5e84b2b1cc6cdd773561bb54c8419a2fbb5b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 663e01852c8dca9b62ad3891374d0ed6
b1214db72ce4540cb2504946a78abd78ab579abe
40809259381a392395b98e0645c0b23724341e051e25a952926f06816b4eb3ac
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 20 Dec 2022 23:22:45 GMT
Last-Modified: Tue, 20 Dec 2022 23:03:51 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4ERIZLwj7dLMMDXQSoPdZJCuq2ubgAfRI-sQq3tMdmtY0QC2oRf2cw==
Age: 1134
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aa1d5bfa1f404940d556f438b5e1fec9
19e6a665928bc1d688fe6e13ef420478b1afa23b
7381e62fd3334cbbe26784111bbe5e4ab7aedb8f3618f690194f25436112cce7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 200
Cache-Control: max-age=123424
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a1821d-1d7"
Expires: Thu, 22 Dec 2022 09:39:49 GMT
Last-Modified: Tue, 20 Dec 2022 09:36:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aa1d5bfa1f404940d556f438b5e1fec9
19e6a665928bc1d688fe6e13ef420478b1afa23b
7381e62fd3334cbbe26784111bbe5e4ab7aedb8f3618f690194f25436112cce7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 188
Cache-Control: max-age=123412
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a1821d-1d7"
Expires: Thu, 22 Dec 2022 09:39:37 GMT
Last-Modified: Tue, 20 Dec 2022 09:36:29 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
3.122.4.168204 No Content 0 B URL HTTP/2 btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
IP 3.122.4.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /universal/v1?supply_id=WYu2BXv1 HTTP/1.1
Host: btlr.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1127
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:45 GMT
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b99ecc2522e7eb74c3741af56fdc3cb7
510888c3af4c8c2eff73261f2fd02e4bf0bfa5be
39183c1ef7835599c56112379d16e6c4c10a788b5b9e31a9623552253815b320
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 437
Cache-Control: max-age=93098
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a10aba-1d7"
Expires: Thu, 22 Dec 2022 01:14:23 GMT
Last-Modified: Tue, 20 Dec 2022 01:07:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
72.251.249.9200 OK 99 B URL HTTP/1.1 ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
IP 72.251.249.9:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 510862f0ef0dcf3df7e5ee9139e3ca9b
77aea9f5eb1277746c4ea21b29734c5481a9ea26
ec80a3f9f576c39857ce9515bae8391b7597f45a78041c17b5e4d6aa3994f24a
POST /rtb/bid?src=prebid_prebid_7.16.0-pre HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 793
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json
Access-Control-Allow-Origin: http://securityaffairs.co
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
Content-Length: 99
X-Sovrn-Pod: ad_ap3ams1
btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
3.122.4.168204 No Content 0 B URL HTTP/2 btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
IP 3.122.4.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /universal/v1?supply_id=WYu2BXv1 HTTP/1.1
Host: btlr.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1174
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:45 GMT
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1729
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 23:22:45 GMT
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1765
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 23:22:43 GMT
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,85660e44-8898-4c4d-a4c7-cc2855823958,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=f3719330-098c-4bcb-ae21-ca22d9a7d45e&l_pb_bid_id=4061192450a896d8&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.655519483914864
213.19.162.31200 OK 512 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,85660e44-8898-4c4d-a4c7-cc2855823958,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=f3719330-098c-4bcb-ae21-ca22d9a7d45e&l_pb_bid_id=4061192450a896d8&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.655519483914864
IP 213.19.162.31:0
File type JSON data\012- , ASCII text, with very long lines (512), with no line terminators
Hash fdc8f61ac9da73239cf95a5baf16054b
341627d11a603937b89503cd0d1e9058d7ad1c50
7b37e69b86c6398a7c1e168c9616e7fb94e4790e96d3f9ba3fa2c8f43111d5ad
GET /a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,85660e44-8898-4c4d-a4c7-cc2855823958,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=f3719330-098c-4bcb-ae21-ca22d9a7d45e&l_pb_bid_id=4061192450a896d8&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.655519483914864 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LBWUPVOW-10-4BD0; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrcMKrdtObml+9DtVM30fCgwAi/jQAPCnZJbjZwlUnxTAqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 512
X-Firefox-Spdy: h2
ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
72.251.249.9200 OK 99 B URL HTTP/1.1 ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
IP 72.251.249.9:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 74d9e71eaa4634253aba458a8a607ad9
f8dac47cb3be0ff525601727c5bfbebe20342f4a
4bf683cef1e32e0d095f068eea6929d8fb1d01f3cc1851cacf6f408f6cab423a
POST /rtb/bid?src=prebid_prebid_7.16.0-pre HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 839
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json
Access-Control-Allow-Origin: http://securityaffairs.co
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
Content-Length: 99
X-Sovrn-Pod: ad_ap3ams1
ib.adnxs.com/ut/v3/prebid
37.252.171.22200 OK 263 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.22:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 6658d80861a4f558c8d01b4ce39d5b86
66686fa4fbe2beb56f44f0aa665e6e8602752bb8
8dc082b0597bc25b1f31c50fde15c2480fa71b00bbd0597cfcef39457f30ea1e
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2209
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 263
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: d045f5be-f0ec-49ff-b1a0-6fb281339fac
Set-Cookie: icu=ChgI3sJXEAoYASABKAEwxYeJnQY4AUABSAEQxYeJnQYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=4331429194638591912; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6cdfb8bee8e8d23bc7acc1bba35326dc
140e5f42949027845161670b3171cf81221a605c
ec5851fb71b67445d4c1f2ed58a3e18d7189f27bbe99f27c7e4ec43f5d8f681a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 19:45:31 GMT
Expires: Tue, 27 Dec 2022 19:45:30 GMT
Etag: "140e5f42949027845161670b3171cf81221a605c"
Cache-Control: max-age=591164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f3028cab4ed-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b7973d16753497c53985c5b8b7a4e052
6999b04eacfd260d536005cb3f4798e770b5f569
b3e5a6f3ed9f4ae98c093e8d14059b424e5e6f932e53062b625b3d3096241363
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Dec 2022 04:56:46 GMT
Expires: Mon, 26 Dec 2022 04:56:45 GMT
Etag: "6999b04eacfd260d536005cb3f4798e770b5f569"
Cache-Control: max-age=451439,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f30fbdfb4eb-OSL
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2c2f30853261334c1661b66564b28bcc
13213307b2cfa82f56e7f3f64fe08756080e1a7c
c4d9a53f9674146850f3b3b89560cf60577981b3b49331637adcf9b1ece67183
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1195
Cache-Control: max-age=143521
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a1ccbb-1d7"
Expires: Thu, 22 Dec 2022 15:14:46 GMT
Last-Modified: Tue, 20 Dec 2022 14:54:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=2b34a1a9-2b57-4a92-81f7-0ac23f738362&l_pb_bid_id=1059794b3e722228&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8949464882613131
213.19.162.31200 OK 512 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=2b34a1a9-2b57-4a92-81f7-0ac23f738362&l_pb_bid_id=1059794b3e722228&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8949464882613131
IP 213.19.162.31:0
File type JSON data\012- , ASCII text, with very long lines (512), with no line terminators
Hash 54e05c5f77221b681715ee784cc1e56d
d55154fb2b6bfefaa79e5bf5072cdcfda0b12d1c
77fec903590e29768ab5d90a4779bd17188bd7450a828077fec9e9b3ec254e70
GET /a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=2b34a1a9-2b57-4a92-81f7-0ac23f738362&l_pb_bid_id=1059794b3e722228&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8949464882613131 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LBWUPW37-1C-3OPA; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qr/Rakl0yp9nO9DtVM30fCgwAi/jQAPCnZJbjZwlUnxTAqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 512
X-Firefox-Spdy: h2
btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
3.122.4.168204 No Content 0 B URL HTTP/2 btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
IP 3.122.4.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /universal/v1?supply_id=WYu2BXv1 HTTP/1.1
Host: btlr.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1172
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:45 GMT
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,85660e44-8898-4c4d-a4c7-cc2855823958,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=1132d824-6e2a-43db-94dc-888843e1e43b&l_pb_bid_id=775fabe9760d4c98&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.12515039181463927
213.19.162.31200 OK 512 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,85660e44-8898-4c4d-a4c7-cc2855823958,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=1132d824-6e2a-43db-94dc-888843e1e43b&l_pb_bid_id=775fabe9760d4c98&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.12515039181463927
IP 213.19.162.31:0
File type JSON data\012- , ASCII text, with very long lines (512), with no line terminators
Hash 4802bd3c68564debd561a3a8753c98f7
3deed762e916f663b80af7bb6b839a4aae5f6fda
da2b54421cbf792acb403472bec8a2a68fa160b6305f027378642e530fd6e1d1
GET /a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,85660e44-8898-4c4d-a4c7-cc2855823958,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=1132d824-6e2a-43db-94dc-888843e1e43b&l_pb_bid_id=775fabe9760d4c98&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.12515039181463927 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LBWUPW40-13-GSGT; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqs64EB7iMkku9DtVM30fCgwAi/jQAPCnZJbjZwlUnxTAqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 512
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1773
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 23:22:45 GMT
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 65ebe5e801da4811cd0f764574e344ce
9200b15c8b3e673534160bbe5e36891e46df32a2
fc0fbbbefeafd6ba8575324fce6d7d56cc7ba338410485e82a4204e7f8b48d29
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 20 Dec 2022 19:29:46 GMT
Expires: Wed, 21 Dec 2022 19:29:46 GMT
ETag: "9200b15c8b3e673534160bbe5e36891e46df32a2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
72.251.249.9200 OK 100 B URL HTTP/1.1 ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
IP 72.251.249.9:0
File type JSON data\012- , ASCII text, with no line terminators
Hash afcd0a4bd7b48f2b5491b2d4ea7bfdcb
9cf520f720939212c0de7daf978e9f00eeb7adda
b15ccca013149730fd2d35354b4c68f3978e6962ef9eab280dceb6ad71ad2862
POST /rtb/bid?src=prebid_prebid_7.16.0-pre HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 837
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json
Access-Control-Allow-Origin: http://securityaffairs.co
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
Content-Length: 100
X-Sovrn-Pod: ad_ap3ams1
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,c81f72c7-221f-40ed-810e-ee57f4764233,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=63fac6cb-ec37-4f20-8b2b-c5fb3d4c0152&l_pb_bid_id=11550558692c66378&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7577597557324041
213.19.162.31200 OK 511 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,c81f72c7-221f-40ed-810e-ee57f4764233,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=63fac6cb-ec37-4f20-8b2b-c5fb3d4c0152&l_pb_bid_id=11550558692c66378&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7577597557324041
IP 213.19.162.31:0
File type JSON data\012- , ASCII text, with very long lines (511), with no line terminators
Hash 7e88157633d7efae9693bec9dab1dd53
8a51890b5db6610f8a8c44b7fde1d78d0279be0c
c62653eb902f65f2f4dc2dce951eb0106ca6440c66e22c12492b79a96322caee
GET /a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,c81f72c7-221f-40ed-810e-ee57f4764233,,&eid_pubcid.org=74fbefcf-4b46-43dc-9173-babbbcd0d473%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=63fac6cb-ec37-4f20-8b2b-c5fb3d4c0152&l_pb_bid_id=11550558692c66378&p_screen_res=1280x1024&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7577597557324041 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LBWUPW5V-11-IUX0; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqriRJHgYljRe9DtVM30fCgwAi/jQAPCnZJbjZwlUnxTAqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 20-Dec-2023 23:22:45 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 511
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 58cee4f1235a4e4a8d5d69452ddbda22
826ee9638f80fc42e967f2616bc976a6cc3a99b3
a5942df5741abb43dfb7efbc50835e48092dd6883fe61b14dcf342b08ee1d9b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5997
Cache-Control: max-age=111967
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a13eb7-1d7"
Expires: Thu, 22 Dec 2022 06:28:52 GMT
Last-Modified: Tue, 20 Dec 2022 04:48:55 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 58cee4f1235a4e4a8d5d69452ddbda22
826ee9638f80fc42e967f2616bc976a6cc3a99b3
a5942df5741abb43dfb7efbc50835e48092dd6883fe61b14dcf342b08ee1d9b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5977
Cache-Control: max-age=111947
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a13eb7-1d7"
Expires: Thu, 22 Dec 2022 06:28:32 GMT
Last-Modified: Tue, 20 Dec 2022 04:48:55 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4986fbbee7c88ce6332003d81a082f86
72d0d38705ee1433db1836560910d1b4b61c763e
cabaf7194d7e1e7747f5fd9a8121d96a3342d5d4966c2ac18cdfb904db67a363
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CABAF7194D7E1E7747F5FD9A8121D96A3342D5D4966C2AC18CDFB904DB67A363"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6263
Expires: Wed, 21 Dec 2022 01:07:08 GMT
Date: Tue, 20 Dec 2022 23:22:45 GMT
Connection: keep-alive
ib.adnxs.com/ut/v3/prebid
37.252.171.22200 OK 263 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.22:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 751c7b81463edb99d6379b3360a9a252
4883bd85cf86e337a6b7ed3e33ea6700530ef9c9
42bbf8c436a59a15f7fb6a5a7814911d0f08b7d2a83c211029b555cc9dab0caa
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2221
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 263
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: f0ec17f6-0060-4b28-841f-dda512f3ddbb
Set-Cookie: icu=ChgI3sJXEAoYASABKAEwxYeJnQY4AUABSAEQxYeJnQYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=5755462875824103571; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 65ebe5e801da4811cd0f764574e344ce
9200b15c8b3e673534160bbe5e36891e46df32a2
fc0fbbbefeafd6ba8575324fce6d7d56cc7ba338410485e82a4204e7f8b48d29
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 20 Dec 2022 19:29:46 GMT
Expires: Wed, 21 Dec 2022 19:29:46 GMT
ETag: "9200b15c8b3e673534160bbe5e36891e46df32a2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1045dd6d8d8874d5ca5a23895660a66e
da97aa736d412e3f0154d58e7446723bb6e7d06b
831b65c2fedbfd4feb453977a5646c703e0334803fbe0d13a3748150e14f08f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 121
Cache-Control: max-age=146035
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a1dabf-139"
Expires: Thu, 22 Dec 2022 15:56:40 GMT
Last-Modified: Tue, 20 Dec 2022 15:54:39 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
c2shb.pubgw.yahoo.com/bidRequest
35.157.246.167200 OK 0 B URL HTTP/2 c2shb.pubgw.yahoo.com/bidRequest
IP 35.157.246.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /bidRequest HTTP/1.1
Host: c2shb.pubgw.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-openrtb-version
Referer: http://securityaffairs.co/
Origin: http://securityaffairs.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:45 GMT
content-length: 0
server: ATS/9.1.10.25
access-control-allow-origin: http://securityaffairs.co
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-credentials: true
access-control-max-age: 600
age: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1045dd6d8d8874d5ca5a23895660a66e
da97aa736d412e3f0154d58e7446723bb6e7d06b
831b65c2fedbfd4feb453977a5646c703e0334803fbe0d13a3748150e14f08f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 121
Cache-Control: max-age=146035
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a1dabf-139"
Expires: Thu, 22 Dec 2022 15:56:40 GMT
Last-Modified: Tue, 20 Dec 2022 15:54:39 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1045dd6d8d8874d5ca5a23895660a66e
da97aa736d412e3f0154d58e7446723bb6e7d06b
831b65c2fedbfd4feb453977a5646c703e0334803fbe0d13a3748150e14f08f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 137
Cache-Control: max-age=146051
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Etag: "63a1dabf-139"
Expires: Thu, 22 Dec 2022 15:56:56 GMT
Last-Modified: Tue, 20 Dec 2022 15:54:39 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
prebidserver.pixfuture.com/openrtb2/auction
137.184.242.150200 OK 382 B URL HTTP/1.1 prebidserver.pixfuture.com/openrtb2/auction
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (381)
Hash c7b374e12ebd30451b07fba016c940de
730c86eca3595d4a242e5a2a4826030a620947ad
255d55fa5aa2cc0f911fc49b4b8feeb8c2fbd3bfe0d0dda6b3556264eb56a4ef
POST /openrtb2/auction HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1788
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
vary: Origin
x-prebid: pbs-go/unknown
date: Tue, 20 Dec 2022 23:22:45 GMT
content-length: 382
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1763
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 23:22:45 GMT
X-Firefox-Spdy: h2
c2shb.pubgw.yahoo.com/bidRequest
35.157.246.167200 OK 0 B URL HTTP/2 c2shb.pubgw.yahoo.com/bidRequest
IP 35.157.246.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /bidRequest HTTP/1.1
Host: c2shb.pubgw.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-openrtb-version
Referer: http://securityaffairs.co/
Origin: http://securityaffairs.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:45 GMT
content-length: 0
server: ATS/9.1.10.25
access-control-allow-origin: http://securityaffairs.co
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-credentials: true
access-control-max-age: 600
age: 0
X-Firefox-Spdy: h2
prebidserver.pixfuture.com/openrtb2/auction
137.184.242.150200 OK 382 B URL HTTP/1.1 prebidserver.pixfuture.com/openrtb2/auction
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (381)
Hash 7098168806fe9329b27fb4c6769172be
d7558e21f88f695f7a8859b64dd14910ffafe8af
2039749826de08883dab1e93b4b44c0f8eab56e384fed57dad473de5e0a567bb
POST /openrtb2/auction HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1690
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
vary: Origin
x-prebid: pbs-go/unknown
date: Tue, 20 Dec 2022 23:22:45 GMT
content-length: 382
lb.eu-1-id5-sync.com/lb/v1
141.95.33.111200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP 141.95.33.111:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b32ae0ebea56a10ab3eb85c3e51b6bdd
c0d113192da1574a848587cb7703d9c25e3f1701
881de4bef3de44d09eec3d3fe3569480a31f29890ae20ce5895fca4b0572671c
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: http://securityaffairs.co
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Tue, 20 Dec 2022 23:22:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.pki.goog/s/gts1d4/28HXVhFQgEk
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/28HXVhFQgEk
IP 142.250.74.131:0
Hash e99fcd14efdecb18ad9dd85ad95fd957
f002647935109fb129d05998c213dd72856bd695
ad5f1556e3c147d1eb7ffdc400e01b7fecf570c3f4158ae36c9bb660917a74a4
POST /s/gts1d4/28HXVhFQgEk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
3.122.4.168204 No Content 0 B URL HTTP/2 btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
IP 3.122.4.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /universal/v1?supply_id=WYu2BXv1 HTTP/1.1
Host: btlr.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1174
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:45 GMT
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 68dfea06ce13871bd6944b2481c50116
bc641a3cf09b1396e25d49dd229645cd277b6ca4
a40961910eb535788d6adf3f758f0d79c75f1ed268259563949adabb38e29a21
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Dec 2022 01:54:54 GMT
Expires: Sun, 25 Dec 2022 01:54:53 GMT
Etag: "bc641a3cf09b1396e25d49dd229645cd277b6ca4"
Cache-Control: max-age=354127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f304e8d0b45-OSL
c2shb.pubgw.yahoo.com/bidRequest
35.157.246.167200 OK 66 B URL HTTP/2 c2shb.pubgw.yahoo.com/bidRequest
IP 35.157.246.167:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 97961bb5f8be2d91eb71f8a459d3ce17
6f727af91602f11fd62665b4b7e4227518a39ec9
a70dd83b0a3c04535b97026f3445a3c023d7ef1bffc5d8e3c5f95ca6ac9205ba
POST /bidRequest HTTP/1.1
Host: c2shb.pubgw.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-openrtb-version: 2.5
Content-Type: application/json
Content-Length: 1275
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json;charset=utf-8
content-length: 66
server: ATS/9.1.10.25
access-control-allow-origin: http://securityaffairs.co
access-control-allow-methods: POST,GET,HEAD,OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
age: 0
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
185.86.138.121200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.138.121:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 734
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
c2shb.pubgw.yahoo.com/bidRequest
35.157.246.167200 OK 66 B URL HTTP/2 c2shb.pubgw.yahoo.com/bidRequest
IP 35.157.246.167:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f3b0f96be0142d9fb163a0b30c0ac133
b4196401077dea6b05519691964cb7e2790dcfee
1cc4c44520dc689a850ae617c47c4a69d5e832a3a15d7b1fcb2d1defba6c7a9c
POST /bidRequest HTTP/1.1
Host: c2shb.pubgw.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-openrtb-version: 2.5
Content-Type: application/json
Content-Length: 1271
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json;charset=utf-8
content-length: 66
server: ATS/9.1.10.25
access-control-allow-origin: http://securityaffairs.co
access-control-allow-methods: POST,GET,HEAD,OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
age: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 2588ead0435c2b0b10b3fb63078a1c94
34fbd5ddd9a9e570de60a5e534ba62bca6459c9f
7c3f6c41ae63ccb288f8a195e4b578b6fce83190a9aff436355a84c5869f52f2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 280
Cache-Control: max-age=152715
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Etag: "63a1f439-139"
Expires: Thu, 22 Dec 2022 17:48:01 GMT
Last-Modified: Tue, 20 Dec 2022 17:43:21 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313
region1.google-analytics.com/g/collect?v=2&tid=G-8ZWTX5HC4Z>m=2oebu0&_p=1631829240&gdid=dZTNiMT&cid=167070616.1671578576&ul=en-us&sr=1280x1024&_s=1&sid=1671578575&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&dt=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-8ZWTX5HC4Z>m=2oebu0&_p=1631829240&gdid=dZTNiMT&cid=167070616.1671578576&ul=en-us&sr=1280x1024&_s=1&sid=1671578575&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&dt=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-8ZWTX5HC4Z>m=2oebu0&_p=1631829240&gdid=dZTNiMT&cid=167070616.1671578576&ul=en-us&sr=1280x1024&_s=1&sid=1671578575&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&dt=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://securityaffairs.co
date: Tue, 20 Dec 2022 23:22:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974>m=2oebu0&_p=1631829240&cid=167070616.1671578576&ul=en-us&sr=1280x1024&_s=1&sid=1671578575&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&dt=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974>m=2oebu0&_p=1631829240&cid=167070616.1671578576&ul=en-us&sr=1280x1024&_s=1&sid=1671578575&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&dt=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-P62M3QN974>m=2oebu0&_p=1631829240&cid=167070616.1671578576&ul=en-us&sr=1280x1024&_s=1&sid=1671578575&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&dt=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://securityaffairs.co
date: Tue, 20 Dec 2022 23:22:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
72.251.249.9200 OK 101 B URL HTTP/1.1 ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
IP 72.251.249.9:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d7628f7183947a2e812bd1de858a1002
f0bc56c5a8aa39409df23c9f24d172a38bd00fc6
9ba423ec14590582aabdb5853a7be0c71cde3ef3939952537f45a3e394e5c402
POST /rtb/bid?src=prebid_prebid_7.16.0-pre HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 840
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:45 GMT
Content-Type: application/json
Access-Control-Allow-Origin: http://securityaffairs.co
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
Content-Length: 101
X-Sovrn-Pod: ad_ap3ams1
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:45 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=e8Ju0V80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3lMVU5HJTJCdk1QNzRlNElGYzg3YU1sM3U1UiUyQnFUTkhJQkl0bE1DaXFFbDVK; expires=Sun, 14 Jan 2024 23:22:46 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: http://securityaffairs.co
server-processing-duration-in-ticks: 379260
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
185.86.138.121200 OK 508 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.138.121:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (892), with no line terminators
Hash a41f373ca969045b2e060deef743d395
1a3a25226aa8078345776e1e54cc0f637dca9fb9
ed8e7b551426982f300efe8639ae96972751e05b4ea08d5612af29085c1e67c2
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 735
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
vs=351366=5243002; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
pid=4612131187892615747; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638071753660069455&o=1; expires=Wed, 21 Dec 2022 23:22:46 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Wed, 21 Dec 2022 23:22:46 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.138.121200 OK 569 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.138.121:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1117), with no line terminators
Hash 9b21ff6e2b050371949d817ffb328cb7
9871ae1720c254ddada3b8a579685ae67d79d2a7
29a38907c5c122810d9bba998cefb6c1d974847d54f6e6055a0dd91a511829d3
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 733
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
vs=351366=5243002; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
pid=490356021447293613; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638071753660156464&o=1; expires=Wed, 21 Dec 2022 23:22:46 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Wed, 21 Dec 2022 23:22:46 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.138.121200 OK 429 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.138.121:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (853), with no line terminators
Hash 1340c736eff18c7ec81a45a1b743d66c
7d209c70b587d62eb25a74964875701ea393bd7d
b6d7f1c765f73a27a70b7dd05610f54b46a368ccdc66f8909524f9b0b4cd3d02
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 698
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
vs=351366=5243002; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
pid=1318902745248758442; expires=Wed, 20 Dec 2023 23:22:46 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638071753660148456&o=1; expires=Wed, 21 Dec 2022 23:22:46 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Wed, 21 Dec 2022 23:22:46 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
apex.go.sonobi.com/trinity.json?key_maker=%7B%2221d75d95a6fd64f8%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=acb5a816-9c8e-4480-a65e-9a29366c95f7&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
69.166.1.14200 OK 609 B URL HTTP/1.1 apex.go.sonobi.com/trinity.json?key_maker=%7B%2221d75d95a6fd64f8%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=acb5a816-9c8e-4480-a65e-9a29366c95f7&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
IP 69.166.1.14:0
File type JSON data\012- , ASCII text, with very long lines (1074)
Hash 907f130f6a4f5dcdf6baba90c0cb6bac
6cf2284b230cc3c4d666ef49c6456d28992cb7e0
383b7d3d6d7ac147880ef4a7065e0ba81754917676f4dd1e2e3877b2644865a8
GET /trinity.json?key_maker=%7B%2221d75d95a6fd64f8%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=acb5a816-9c8e-4480-a65e-9a29366c95f7&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0 HTTP/1.1
Host: apex.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/json
Content-Length: 609
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-42
X-Xss-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Content-Encoding: gzip
Set-Cookie: __uis=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e; expires=Thu, 19 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
_usd_securityaffairs.co=ecf8944a-e9d7-4495-afc9-287aa44a16ea; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uih=1; expires=Tue, 20 Dec 2022 23:27:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_bw=1; expires=Wed, 21 Dec 2022 07:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_mm=1; expires=Wed, 04 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_td=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_zt=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_pp=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uin_z1=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_z1=1; expires=Wed, 21 Dec 2022 08:58:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_eb=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
HAPLB8A=s8542|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
Server: sonobi-go
prebidserver.pixfuture.com/cookie_sync
137.184.242.150200 OK 792 B URL HTTP/1.1 prebidserver.pixfuture.com/cookie_sync
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (791)
Hash 0da8c73ca94f21d0896c3d05e971b916
340e0c54e7ac55ed0a41a9f75556853e4d03aba6
0aa1fb92170fbabd5c6090e42f20ecf00beafadc21ac3a3273a8b7a910f60993
POST /cookie_sync HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 136
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
expires: 0
pragma: no-cache
vary: Origin
date: Tue, 20 Dec 2022 23:22:46 GMT
content-length: 792
apex.go.sonobi.com/trinity.json?key_maker=%7B%227972c27ae3ed69d%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=75799065-401b-4ec3-92f0-2fb4dc39db73&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%2285660e44-8898-4c4d-a4c7-cc2855823958%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
69.166.1.14200 OK 608 B URL HTTP/1.1 apex.go.sonobi.com/trinity.json?key_maker=%7B%227972c27ae3ed69d%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=75799065-401b-4ec3-92f0-2fb4dc39db73&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%2285660e44-8898-4c4d-a4c7-cc2855823958%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
IP 69.166.1.14:0
File type JSON data\012- , ASCII text, with very long lines (1073)
Hash 03cf83e8397492f335b9fe8ac462f1ac
e75d2d5600a7f873ea001f5c182b35c2cf47a038
36678ff4669917d66a995a8dc315fb50d9ebd79a8dd784b6a98503b9ae1d444b
GET /trinity.json?key_maker=%7B%227972c27ae3ed69d%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=75799065-401b-4ec3-92f0-2fb4dc39db73&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%2285660e44-8898-4c4d-a4c7-cc2855823958%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0 HTTP/1.1
Host: apex.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/json
Content-Length: 608
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-100
X-Xss-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Content-Encoding: gzip
Set-Cookie: __uis=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e; expires=Thu, 19 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
_usd_securityaffairs.co=ecf8944a-e9d7-4495-afc9-287aa44a16ea; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uih=1; expires=Tue, 20 Dec 2022 23:27:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_bw=1; expires=Wed, 21 Dec 2022 07:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_mm=1; expires=Wed, 04 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_td=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_zt=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_pp=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_eb=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uin_z1=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_z1=1; expires=Wed, 21 Dec 2022 08:58:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
HAPLB8A=s85100|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
Server: sonobi-go
apex.go.sonobi.com/trinity.json?key_maker=%7B%2236d082ced58675e%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=450aa18e-b0c7-479f-998a-d21dbd7a3fcf&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
69.166.1.14200 OK 607 B URL HTTP/1.1 apex.go.sonobi.com/trinity.json?key_maker=%7B%2236d082ced58675e%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=450aa18e-b0c7-479f-998a-d21dbd7a3fcf&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
IP 69.166.1.14:0
File type JSON data\012- , ASCII text, with very long lines (1073)
Hash 57b3a572a7f03f829061ed2e954dc630
2de3571945549280d26baba05ccf37bfbbc7bdb9
b8a72180881d87c2bc088e2963beb568f82e64860a1a06d00492d757b18da73d
GET /trinity.json?key_maker=%7B%2236d082ced58675e%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=450aa18e-b0c7-479f-998a-d21dbd7a3fcf&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0 HTTP/1.1
Host: apex.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/json
Content-Length: 607
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-113
X-Xss-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Content-Encoding: gzip
Set-Cookie: __uis=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e; expires=Thu, 19 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
_usd_securityaffairs.co=ecf8944a-e9d7-4495-afc9-287aa44a16ea; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uih=1; expires=Tue, 20 Dec 2022 23:27:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_bw=1; expires=Wed, 21 Dec 2022 07:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_mm=1; expires=Wed, 04 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_td=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_zt=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_pp=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uin_z1=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_z1=1; expires=Wed, 21 Dec 2022 08:58:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_eb=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
HAPLB8A=s85113|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
Server: sonobi-go
prebidserver.pixfuture.com/openrtb2/auction
137.184.242.150200 OK 381 B URL HTTP/1.1 prebidserver.pixfuture.com/openrtb2/auction
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (380)
Hash f9a42a1bf44ec844ea5054a420f76361
9ce90afca3b91ca3323c84349dec517652ac805e
cda2437303a716b49832a56ab1570ece036476c159afa4a4a32c0eb383711c07
POST /openrtb2/auction HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1777
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
vary: Origin
x-prebid: pbs-go/unknown
date: Tue, 20 Dec 2022 23:22:46 GMT
content-length: 381
id5-sync.com/g/v2/529.json
162.19.138.120200 216 B URL HTTP/1.1 id5-sync.com/g/v2/529.json
IP 162.19.138.120:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a27b8510b879129a9222c087c49d7e04
c07d850838eb730127478fbfe5c9dba5a4fdb512
236d248994ba9aa06ba9c7a08e8bdbc61fb56e5f8adf15327abb9101d9692495
POST /g/v2/529.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 419
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Tue, 20 Dec 2022 23:22:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
apex.go.sonobi.com/trinity.json?key_maker=%7B%2294c73c5c2708fb28%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=19a0b547-5e09-4362-b67d-728019b9b02f&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%2285660e44-8898-4c4d-a4c7-cc2855823958%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
69.166.1.14200 OK 609 B URL HTTP/1.1 apex.go.sonobi.com/trinity.json?key_maker=%7B%2294c73c5c2708fb28%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=19a0b547-5e09-4362-b67d-728019b9b02f&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%2285660e44-8898-4c4d-a4c7-cc2855823958%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0
IP 69.166.1.14:0
File type JSON data\012- , ASCII text, with very long lines (1074)
Hash a84a9e1a0af0fe5ac14798126f465ebf
3c7c589306742b5d8b816e8fd98b2bd9a56c1cff
eeeb613bf3a4acef072eac0bf90be9dde154ed19626a90ca1ae38aa25b589302
GET /trinity.json?key_maker=%7B%2294c73c5c2708fb28%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&s=19a0b547-5e09-4362-b67d-728019b9b02f&pv=ecf8944a-e9d7-4495-afc9-287aa44a16ea&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html%22%2C%22keywords%22%3A%22uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%2285660e44-8898-4c4d-a4c7-cc2855823958%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2274fbefcf-4b46-43dc-9173-babbbcd0d473%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=uac0142%2Capt%2Ctargets%2Cukraines%2Cdelta%2Cmilitary%2Cintelligence%2Cprogramsecurity%2Caffairs&coppa=0 HTTP/1.1
Host: apex.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/json
Content-Length: 609
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-24
X-Xss-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://securityaffairs.co
Content-Encoding: gzip
Set-Cookie: __uis=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e; expires=Thu, 19 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
_usd_securityaffairs.co=ecf8944a-e9d7-4495-afc9-287aa44a16ea; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uih=1; expires=Tue, 20 Dec 2022 23:27:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_bw=1; expires=Wed, 21 Dec 2022 07:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_mm=1; expires=Wed, 04 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_td=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_zt=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_pp=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uin_z1=1; expires=Wed, 21 Dec 2022 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_z1=1; expires=Wed, 21 Dec 2022 08:58:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
__uir_eb=1; expires=Mon, 02 Jan 2023 23:22:45 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
HAPLB8A=s8524|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
Server: sonobi-go
get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
54.230.111.45301 Moved Permanently 167 B URL HTTP/1.1 get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
IP 54.230.111.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js HTTP/1.1
Host: get.s-onetag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
X-Cache: Redirect from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: l5cgp5FwhfIk-xTWyJ77lFBRlstVmZ4zjDUk8AIC8pzvyFRxoPnDPQ==
pagead2.googlesyndication.com/pagead/show_ads.js
216.58.207.226200 OK 36 kB URL HTTP/1.1 pagead2.googlesyndication.com/pagead/show_ads.js
IP 216.58.207.226:0
File type ASCII text, with very long lines (3583)
Hash 7fd6101817a3dec380a939ecfacd0cef
451fcd67f6b6fd242c2b6c42c9014ba72bd1da22
b22e04894d522ba1c2c9e2428b83cfb9a8b58a2b75d86ab66c8f9a359c98ee95
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Tue, 20 Dec 2022 23:22:46 GMT
Expires: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 3141596958475788650
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 36240
X-XSS-Protection: 0
prebidserver.pixfuture.com/openrtb2/auction
137.184.242.150200 OK 382 B URL HTTP/1.1 prebidserver.pixfuture.com/openrtb2/auction
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (381)
Hash f30df5f657bfbaec6f8e41dab1575fc1
7c4268639b9dd10d9fd069b45500dae0f84ce32b
d16041a4659d8734170736ffd7a130da61344e04b0616192360cfde5f23a1a2c
POST /openrtb2/auction HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1698
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
content-type: application/json
expires: 0
pragma: no-cache
vary: Origin
x-prebid: pbs-go/unknown
date: Tue, 20 Dec 2022 23:22:46 GMT
content-length: 382
signal-segments.s-onetag.com/desktop/securityaffairs.co
54.230.111.2404 Not Found 0 B URL HTTP/2 signal-segments.s-onetag.com/desktop/securityaffairs.co
IP 54.230.111.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /desktop/securityaffairs.co HTTP/1.1
Host: signal-segments.s-onetag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Origin: http://securityaffairs.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: application/json
content-length: 0
date: Tue, 20 Dec 2022 23:19:23 GMT
access-control-allow-origin: *
cache-control: max-age=86400, public
apigw-requestid: dd9nPheSCYcEMcw=
x-cache: Error from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tfQU_QqFkxCRuti4UDFsBCUoXAFoWQ7FWz13RA5GRgF2O9xLOSgeVg==
age: 203
X-Firefox-Spdy: h2
signal-segments.s-onetag.com/desktop/securityaffairs.co/%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html
54.230.111.2404 Not Found 0 B URL HTTP/2 signal-segments.s-onetag.com/desktop/securityaffairs.co/%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html
IP 54.230.111.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /desktop/securityaffairs.co/%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html HTTP/1.1
Host: signal-segments.s-onetag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Origin: http://securityaffairs.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: application/json
content-length: 0
date: Tue, 20 Dec 2022 23:10:16 GMT
access-control-allow-origin: *
cache-control: max-age=86400, public
apigw-requestid: dd8RzhpvCYcEYBQ=
x-cache: Error from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NXiNFn67Kx_NlK1Ddt32czVPxoZoOaznMr1RwIh5y7M2o0FFEGL0SQ==
age: 750
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b7973d16753497c53985c5b8b7a4e052
6999b04eacfd260d536005cb3f4798e770b5f569
b3e5a6f3ed9f4ae98c093e8d14059b424e5e6f932e53062b625b3d3096241363
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Dec 2022 04:56:46 GMT
Expires: Mon, 26 Dec 2022 04:56:45 GMT
Etag: "6999b04eacfd260d536005cb3f4798e770b5f569"
Cache-Control: max-age=451438,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f31096fb524-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31071251
216.58.207.226200 OK 120 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31071251
IP 216.58.207.226:0
File type ASCII text, with very long lines (5821)
Size 120 kB (119798 bytes)
Hash f5366b0cdde0e4abcfc17be21e734f31
e78437fac06a505ccab899cd4b5c09b9ad047821
a50b74625a1806a47d6fe6bf47543e3a13a225bca844b7af3fbb1838d8d2711e
GET /pagead/managed/js/adsense/m202212070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31071251 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 20 Dec 2022 23:22:46 GMT
expires: Tue, 20 Dec 2022 23:22:46 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 13428879196580762243
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 119798
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31071251
216.58.207.226200 OK 120 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31071251
IP 216.58.207.226:0
File type ASCII text, with very long lines (5821)
Size 120 kB (119791 bytes)
Hash f3ddaf27585ee83548230a8032cedc5b
5d7b0dae77b918db5c926b1a90dcbed0506d0618
217685a725b312a4b16000f504c49f24de4e31ad6aeeb5acb97ed69d190627a1
GET /pagead/managed/js/adsense/m202212070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31071251 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 20 Dec 2022 23:22:46 GMT
expires: Tue, 20 Dec 2022 23:22:46 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2266497859066170532
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 119791
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1671578575041.28205&hostname=securityaffairs.co&location=%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&title=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&sop=false&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D&img_pview=true
35.156.163.73204 No Content 0 B URL HTTP/1.1 l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1671578575041.28205&hostname=securityaffairs.co&location=%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&title=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&sop=false&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D&img_pview=true
IP 35.156.163.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pview?event=pview&version=st_insights.js&lang=en&sessionID=1671578575041.28205&hostname=securityaffairs.co&location=%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&title=UAC-0142%20APT%20targets%20Ukraine%27s%20Delta%20military%20intelligence%20programSecurity%20Affairs&sop=false&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D&description=Ukraine%E2%80%99s%20CERT-UA%20revealed%20the%20national%20Delta%20military%20intelligence%20program%20has%20been%20targeted%20with%20a%20malware-based%20attack.%20On%20December%2017%2C%202022%2C%20the%20Center%20for%20Innovations%20and%20Development%20of%20Defense%20Technologies%20of%20the%20Ministry%20of%20Defense%20of%20Ukraine%20informed%20the%20Government%20Computer%20Emergency%20Response%20Team%20of%20Ukraine%20(CERT-UA)%20of%20being%20targeted%20by%20a%20malware-based%20attack.%20The%20spear%20%5B%E2%80%A6%5D&img_pview=true HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 20 Dec 2022 23:22:46 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
signal-beacon.s-onetag.com/beacon.min.js
143.204.55.59200 OK 6.7 kB URL HTTP/2 signal-beacon.s-onetag.com/beacon.min.js
IP 143.204.55.59:0
File type C++ source, ASCII text, with very long lines (1825)
Hash 42e838dc7cf1ec3ab3ceb51855f04255
875be15dd090d4e3925835c65c94e19eb72e264a
1bd819fb7d176accbdc78f5660775af72d2532aed7b2b5927e3a23a4c363b367
GET /beacon.min.js HTTP/1.1
Host: signal-beacon.s-onetag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 10 Aug 2022 09:56:11 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: SQDb2i9Q5YZSPn9JZMj9axyuCi9GAOZD
server: AmazonS3
content-encoding: gzip
date: Tue, 20 Dec 2022 01:02:00 GMT
cache-control: max-age=86400
etag: W/"588a5c88fba4ca02dace48040384e257"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jgDI-Yyn8SOzSvqPckKdygolJ1cnh8eTb1PbEQPEp8QhqFpVTwA2AA==
age: 80447
X-Firefox-Spdy: h2
aa.agkn.com/adscores/r.js?sid=9112309848
54.74.181.165200 OK 0 B URL HTTP/2 aa.agkn.com/adscores/r.js?sid=9112309848
IP 54.74.181.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adscores/r.js?sid=9112309848 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:46 GMT
content-type: application/javascript;charset=iso-8859-1
content-length: 0
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3AIujqf0c2Tq0PASprdzvUlWaWRr%2Bl67g8; Path=/; Domain=.agkn.com; Expires=Wed, 20-Dec-2023 23:22:46 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
aa.agkn.com/adscores/r.js?sid=9112309848
54.74.181.165200 OK 0 B URL HTTP/2 aa.agkn.com/adscores/r.js?sid=9112309848
IP 54.74.181.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adscores/r.js?sid=9112309848 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:46 GMT
content-type: application/javascript;charset=iso-8859-1
content-length: 0
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3AgNPCLWRHUEwPASprdzvUlR%2FcDf05q%2BCP; Path=/; Domain=.agkn.com; Expires=Wed, 20-Dec-2023 23:22:46 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
aa.agkn.com/adscores/r.js?sid=9112309848
54.74.181.165200 OK 0 B URL HTTP/2 aa.agkn.com/adscores/r.js?sid=9112309848
IP 54.74.181.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adscores/r.js?sid=9112309848 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:46 GMT
content-type: application/javascript;charset=iso-8859-1
content-length: 0
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
set-cookie: ab=0001%3A5eO5wZb76c8PASprdzvUlS83NynxYNVQ; Path=/; Domain=.agkn.com; Expires=Wed, 20-Dec-2023 23:22:46 GMT; Max-Age=31536000; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 44d1b97ebc6772b76319806ff504cf27
e7e520951d9f34cfc991932a62b0bd8cf390b1f7
b30398f6056dcc04122b413d78c632ea15df7cff07471850a1603a121efba20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 97216d9347c0d3c1bab297df919688d5
61eca83749fd58d5ce753bf65419435d522c2ce5
7277b81f23f6516aa706c00202e0705421837431095d5b1f7fb0f283ab5736ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
onetag-geo.s-onetag.com/
143.204.55.40200 OK 555 B IP 143.204.55.40:0
File type JSON data\012- , ASCII text, with very long lines (452)
Hash 200d5eba90a69db7b4ed019c4a8668e1
cad86d59141bfc421802b55294225dc78033c91f
6448132c9d86748cc71e9e2d5b4f0241a5dd9385a2baadcf99dc6675fd7870bf
GET / HTTP/1.1
Host: onetag-geo.s-onetag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Origin: http://securityaffairs.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 555
date: Tue, 20 Dec 2022 23:22:46 GMT
x-amzn-requestid: 41028e45-7686-4722-8ff9-f123cbe63655
access-control-allow-origin: *
x-amz-apigw-id: dd-HFExUCYcF6-A=
cache-control: max-age=86400
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront), 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: FRA56-P6, OSL50-C1
x-amz-cf-id: clbJEmvvK7ZROougNXinm-ZjAZN1Oa8IuagXmLhyl9qq0b4FVwqFVw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 710fe123af13ff54343b1ac0d3981d4b
a5d22bdb7e82a93b00e6a2ceca6bedc6cb3ce76d
69d7198499f1a1df61c07954d4f9233b950885e3baa486d5963a901d0e129a9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=securityaffairs.co HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 20 Dec 2022 23:22:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=securityaffairs.co
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=securityaffairs.co
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=securityaffairs.co HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 20 Dec 2022 23:22:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=securityaffairs.co
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=securityaffairs.co
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=securityaffairs.co HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 20 Dec 2022 23:22:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
prebid.media.net/rtb/prebid?cid=8CUIUMTP7
34.107.148.139200 OK 725 B URL HTTP/2 prebid.media.net/rtb/prebid?cid=8CUIUMTP7
IP 34.107.148.139:0
File type JSON data\012- , ASCII text, with very long lines (1415), with no line terminators
Hash 97e8671224b7dbe16783ce5811612da3
6b0eabc9b7c154f3e1ceb4c52fcc65a2b58ab79a
0107dd2449fadb43bb107e3a883b0b3501c3188dfa6be10db8fe3949eb37380b
POST /rtb/prebid?cid=8CUIUMTP7 HTTP/1.1
Host: prebid.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1917
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:46 GMT
content-type: application/json;charset=UTF-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
expires: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=securityaffairs.co HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 20 Dec 2022 23:22:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 710fe123af13ff54343b1ac0d3981d4b
a5d22bdb7e82a93b00e6a2ceca6bedc6cb3ce76d
69d7198499f1a1df61c07954d4f9233b950885e3baa486d5963a901d0e129a9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.adnxs.com/seg?add=27578926%2C27578926&t=1
37.252.171.84307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=27578926%2C27578926&t=1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=27578926%2C27578926&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
AN-X-Request-Uuid: 603478d3-868b-458b-8729-092da757e690
Set-Cookie: uuid2=6186447575009315913; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
adservice.google.no/adsid/integrator.js?domain=securityaffairs.co
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=securityaffairs.co
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=securityaffairs.co HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 20 Dec 2022 23:22:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=securityaffairs.co HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 20 Dec 2022 23:22:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 44d1b97ebc6772b76319806ff504cf27
e7e520951d9f34cfc991932a62b0bd8cf390b1f7
b30398f6056dcc04122b413d78c632ea15df7cff07471850a1603a121efba20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 97216d9347c0d3c1bab297df919688d5
61eca83749fd58d5ce753bf65419435d522c2ce5
7277b81f23f6516aa706c00202e0705421837431095d5b1f7fb0f283ab5736ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
37.252.171.84200 OK 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: c3db0725-5709-4aa5-a621-1aee6c8f06f1
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2HbZ8E>uu!1yIE'Yg-$0y=/d!!%s1$J8Bn; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
37.252.171.84200 OK 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:46 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 59173c80-ca28-4bc9-83bb-6cfc3a7db84b
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2HbZ8E>uu!1yIE'Yg-$0y=/d!!%s1$J8Bn; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1480696135&pi=t.ma~as.1680648786&w=300&lmt=1671578577&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&wgl=1&dt=1671578577441&bpp=22&bdt=M&idt=316&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=21&ife=1&pv=2&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=1906422409&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=2199&biw=1268&bih=939&isw=300&ish=250&ifk=54752320&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071251%2C44779793%2C44780792&oid=2&pvsid=1202471153369921&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.g6glqs4uq9gu&btvi=1&fsb=1&xpc=R59IEp5GFw&p=http%3A//securityaffairs.co&dtd=472
216.58.211.2200 OK 25 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1480696135&pi=t.ma~as.1680648786&w=300&lmt=1671578577&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&wgl=1&dt=1671578577441&bpp=22&bdt=M&idt=316&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=21&ife=1&pv=2&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=1906422409&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=2199&biw=1268&bih=939&isw=300&ish=250&ifk=54752320&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071251%2C44779793%2C44780792&oid=2&pvsid=1202471153369921&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.g6glqs4uq9gu&btvi=1&fsb=1&xpc=R59IEp5GFw&p=http%3A//securityaffairs.co&dtd=472
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65531), with no line terminators
Hash b216f1dba8849e6eb519ed58226a205e
f2bb87f71a373427935f59faed13f7c66718ac1d
b78b8885fee63b05c24d20eb65865953381521a53c61681cc7031b33db3cfb5b
GET /pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1480696135&pi=t.ma~as.1680648786&w=300&lmt=1671578577&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&wgl=1&dt=1671578577441&bpp=22&bdt=M&idt=316&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=21&ife=1&pv=2&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=1906422409&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=2199&biw=1268&bih=939&isw=300&ish=250&ifk=54752320&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071251%2C44779793%2C44780792&oid=2&pvsid=1202471153369921&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.g6glqs4uq9gu&btvi=1&fsb=1&xpc=R59IEp5GFw&p=http%3A//securityaffairs.co&dtd=472 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Dec 2022 23:22:47 GMT
server: cafe
content-length: 25010
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 20-Dec-2022 23:37:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: private
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1480696132&pi=t.ma~as.3157381981&w=728&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ea=0&wgl=1&dt=1671578577465&bpp=17&bdt=M&idt=364&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=23&ife=1&pv=1&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=1002144346&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=519&biw=1268&bih=939&isw=728&ish=90&ifk=3264734562&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777508%2C31071251%2C44780792&oid=2&pvsid=3708115694065210&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.3tn7w3ok6215&fsb=1&dtd=484
216.58.211.2200 OK 25 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1480696132&pi=t.ma~as.3157381981&w=728&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ea=0&wgl=1&dt=1671578577465&bpp=17&bdt=M&idt=364&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=23&ife=1&pv=1&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=1002144346&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=519&biw=1268&bih=939&isw=728&ish=90&ifk=3264734562&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777508%2C31071251%2C44780792&oid=2&pvsid=3708115694065210&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.3tn7w3ok6215&fsb=1&dtd=484
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (61982)
Hash 963b6d2de8268cdb9b1653fcdd91d9ce
8980f01f83e04e85dd56480000159543e8b8e150
041589ab49e578d98f470e48369d4b210d3f71bcfdc89d6acc9f91202d568454
GET /pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1480696132&pi=t.ma~as.3157381981&w=728&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&ea=0&wgl=1&dt=1671578577465&bpp=17&bdt=M&idt=364&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=23&ife=1&pv=1&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=1002144346&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=519&biw=1268&bih=939&isw=728&ish=90&ifk=3264734562&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777508%2C31071251%2C44780792&oid=2&pvsid=3708115694065210&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.3tn7w3ok6215&fsb=1&dtd=484 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Dec 2022 23:22:47 GMT
server: cafe
content-length: 25027
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 20-Dec-2022 23:37:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: private
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1480696132&pi=t.ma~as.1139220782&w=320&lmt=1671578577&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&wgl=1&dt=1671578577604&bpp=16&bdt=M&idt=278&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=21&ife=1&pv=1&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=622770231&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=871&biw=1268&bih=939&isw=320&ish=50&ifk=1237427612&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531848%2C31071251%2C44779793%2C44780792&oid=2&pvsid=3337864460850606&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4b4358umovh1&fsb=1&xpc=RCKO0bZpZw&p=http%3A//securityaffairs.co&dtd=360
216.58.211.2200 OK 26 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1480696132&pi=t.ma~as.1139220782&w=320&lmt=1671578577&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&wgl=1&dt=1671578577604&bpp=16&bdt=M&idt=278&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=21&ife=1&pv=1&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=622770231&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=871&biw=1268&bih=939&isw=320&ish=50&ifk=1237427612&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531848%2C31071251%2C44779793%2C44780792&oid=2&pvsid=3337864460850606&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4b4358umovh1&fsb=1&xpc=RCKO0bZpZw&p=http%3A//securityaffairs.co&dtd=360
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Hash 0fd80a6f53331c8cecacfe30e75ded94
e32168d5feb4e1ce6142909bc8f151123272e656
d9b42e1f8fff498890c581f86d771a1b5af8e0235faf9ae8cb7f57f9eed4dc25
GET /pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1480696132&pi=t.ma~as.1139220782&w=320&lmt=1671578577&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F139859%2Fintelligence%2Fukraine-delta-military-intelligence-attack.html&wgl=1&dt=1671578577604&bpp=16&bdt=M&idt=278&shv=r20221207&mjsv=m202212070101&ptt=5&saldr=sa&cookie=ID%3D8070157cbcb29b06-2282601a2bda00cd%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_Maoyfo1DAeOFpPDchY45oGgX0Yxng&gpic=UID%3D00000b959bade1d5%3AT%3D1671578566%3ART%3D1671578566%3AS%3DALNI_MZ7T4Wth4-aRcFoM6yeQI4V9zRY0w&correlator=5626601006420&frm=21&ife=1&pv=1&ga_vid=167070616.1671578576&ga_sid=1671578578&ga_hid=622770231&ga_fc=1&nhd=1&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=154&ady=871&biw=1268&bih=939&isw=320&ish=50&ifk=1237427612&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531848%2C31071251%2C44779793%2C44780792&oid=2&pvsid=3337864460850606&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4b4358umovh1&fsb=1&xpc=RCKO0bZpZw&p=http%3A//securityaffairs.co&dtd=360 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Dec 2022 23:22:47 GMT
server: cafe
content-length: 25671
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 20-Dec-2022 23:37:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 47687a1e5abe2c0ffcc784e986013adb
7c6546e637ccbfad5b3275111adaa3547c87ae95
1e145649496ae0ff2433fd18272890d512613ba6dcd5910b2011d04830062042
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.130200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.130:0
File type ASCII text, with very long lines (3501)
Hash 0aea457deb170b60b680d7d723b4a6e2
3acbe700c709c2c5c07d6fb145ea7b448cc07a90
86c662679bc2508be7e8064c91055a3c5be7db2c24d58e5f27676f35702ba339
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 47725
date: Tue, 20 Dec 2022 23:22:47 GMT
expires: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: private, max-age=3000
etag: "1670417373259609"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
34.149.20.76200 OK 579 B URL HTTP/2 ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
IP 34.149.20.76:0
Hash 0ab34cdbef3f27e6c9efaa1a385a8087
2314da39fc4a49c55c17b1384ef105e853955192
93d3c31cc48175a4197037ce7b3139869722e18cc2ea57c7a4664a125bf31ce5
POST /api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ HTTP/1.1
Host: ssc.33across.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 837
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
status: 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
date: Tue, 20 Dec 2022 23:22:45 GMT
x-powered-by: 33Across
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js
172.217.21.161200 OK 9.4 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1592)
Hash 5a5aa8d035ffaad9c0b8653b0a412d2f
f09fe4da7a3d328089a611e314d326aa5cb598f5
de6d29b666b737e039c2de5bedaf81dda437c47a79e17d0d10f188358916187a
GET /pagead/js/r20221207/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 9443
x-xss-protection: 0
date: Tue, 20 Dec 2022 22:04:59 GMT
expires: Tue, 03 Jan 2023 22:04:59 GMT
cache-control: public, max-age=1209600
age: 4668
etag: 9828741834572772835
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 47687a1e5abe2c0ffcc784e986013adb
7c6546e637ccbfad5b3275111adaa3547c87ae95
1e145649496ae0ff2433fd18272890d512613ba6dcd5910b2011d04830062042
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
2.18.172.23200 OK 8.3 kB URL HTTP/2 contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
IP 2.18.172.23:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (18979)
Hash 5aeea67fa702952afb0bd6567df6f484
aeeea22288c81fac6a506bb32e362375c923b915
0649dcdfb1fe1405ecbe51cf667ecd8ad701eb4b4f0ee3341251a5be9c39457b
GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=139847
expires: Thu, 22 Dec 2022 14:13:34 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 8317
X-Firefox-Spdy: h2
ap.lijit.com/beacon?informer=13480300
72.251.249.9302 Found 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZH4iUTWGe7TxyG9lV7; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon?informer=13480300&dnr=1
Content-Length: 0
X-Sovrn-Pod: ad_ap3ams1
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
172.217.21.161200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1542)
Hash 6f59900fa87e133bae329372aebefe36
260937d2934233c07b112f3564ec9eca7b529fd7
156c12ec7d6973b5742504716567b70740dd66bee9cc0e1a1608df56e77011fd
GET /pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7480
x-xss-protection: 0
date: Tue, 20 Dec 2022 17:34:14 GMT
expires: Tue, 03 Jan 2023 17:34:14 GMT
cache-control: public, max-age=1209600
age: 20913
etag: 15631949847000551034
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f6d6086a9038f05593f04125f74ee74
24ee6c7e4a7c0233a30c41af9ecc2431bb7db87e
8f3a8175fe9321c562b4d1efb675e92231dbae73187439e84437fcf60d7629d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F3A8175FE9321C562B4D1EFB675E92231DBAE73187439E84437FCF60D7629D5"
Last-Modified: Mon, 19 Dec 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10814
Expires: Wed, 21 Dec 2022 02:23:01 GMT
Date: Tue, 20 Dec 2022 23:22:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
2.18.172.23200 OK 8.3 kB URL HTTP/2 contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
IP 2.18.172.23:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (18979)
Hash 5aeea67fa702952afb0bd6567df6f484
aeeea22288c81fac6a506bb32e362375c923b915
0649dcdfb1fe1405ecbe51cf667ecd8ad701eb4b4f0ee3341251a5be9c39457b
GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=139847
expires: Thu, 22 Dec 2022 14:13:34 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 8317
X-Firefox-Spdy: h2
contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
2.18.172.23200 OK 8.3 kB URL HTTP/2 contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
IP 2.18.172.23:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (18979)
Hash 5aeea67fa702952afb0bd6567df6f484
aeeea22288c81fac6a506bb32e362375c923b915
0649dcdfb1fe1405ecbe51cf667ecd8ad701eb4b4f0ee3341251a5be9c39457b
GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C2069%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C9%2C2011%2C2055%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C2022%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=139847
expires: Thu, 22 Dec 2022 14:13:34 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 8317
X-Firefox-Spdy: h2
prebid.media.net/rtb/prebid?cid=8CUIUMTP7
34.107.148.139200 OK 9.0 kB URL HTTP/2 prebid.media.net/rtb/prebid?cid=8CUIUMTP7
IP 34.107.148.139:0
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (18979)
Hash 8729b4cdeb402e626f1eaf737a807b71
3b1f2157cd6640da8e02641ce88e48e97ce88cf9
955aae77d91e43fae94c6de1da75187219b9c35aa37538a7388aaed6ccc36f2c
POST /rtb/prebid?cid=8CUIUMTP7 HTTP/1.1
Host: prebid.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1908
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json;charset=UTF-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
expires: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ap.lijit.com/beacon?informer=13480300
72.251.249.9302 Found 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZH7-mxJ1TJSIKkx5zf; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon?informer=13480300&dnr=1
Content-Length: 0
X-Sovrn-Pod: ad_ap3ams1
ap.lijit.com/beacon?informer=13480300&dnr=1
72.251.249.9204 No Content 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300&dnr=1
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300&dnr=1 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZHPOGsJtvsTSqnNTgE; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod: ad_ap3ams1
ap.lijit.com/beacon?informer=13480300
72.251.249.9302 Found 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZHVqAaLhBHQFWIXJsO; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon?informer=13480300&dnr=1
Content-Length: 0
X-Sovrn-Pod: ad_ap3ams1
ap.lijit.com/beacon?informer=13480300
72.251.249.9302 Found 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZH6L7LnNusTkea4U6E; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon?informer=13480300&dnr=1
Content-Length: 0
X-Sovrn-Pod: ad_ap3ams1
acdn.adnxs.com/dmp/async_usersync.html
151.101.193.108200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 151.101.193.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 02 Dec 2022 04:31:25 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 20 Dec 2022 23:22:47 GMT
Age: 14361
X-Served-By: cache-lga13626-LGA, cache-bma1620-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 65, 38509
X-Timer: S1671578568.551773,VS0,VE0
Vary: Accept-Encoding
ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
185.172.90.252200 OK 13 B URL HTTP/2 ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
IP 185.172.90.252:0
ASN #49981 WorldStream B.V.
File type HTML document, ASCII text, with no line terminators
Hash c83301425b2ad1d496473a5ff3d9ecca
941efb7368e46b27b937d34b07fc4d41da01b002
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
GET /uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP/1.1
Host: ads.us.e-planning.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 20 Dec 2022 23:22:47 GMT
content-type: text/html
content-length: 13
x-sid: AMS-928
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
23.38.200.201200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=158127 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=78213
expires: Wed, 21 Dec 2022 21:06:20 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
23.38.200.201200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=158127 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=78213
expires: Wed, 21 Dec 2022 21:06:20 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
23.38.200.201200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=158127 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=78213
expires: Wed, 21 Dec 2022 21:06:20 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ap.lijit.com/beacon?informer=13480300&dnr=1
72.251.249.9204 No Content 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300&dnr=1
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300&dnr=1 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZHeALT4ZntQv6AJKLB; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod: ad_ap3ams1
ap.lijit.com/beacon?informer=13480300&dnr=1
72.251.249.9204 No Content 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300&dnr=1
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300&dnr=1 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZHWTn_1DUqT3KyvyO6; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod: ad_ap3ams1
ap.lijit.com/beacon?informer=13480300&dnr=1
72.251.249.9204 No Content 0 B URL HTTP/1.1 ap.lijit.com/beacon?informer=13480300&dnr=1
IP 72.251.249.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /beacon?informer=13480300&dnr=1 HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Tue, 20 Dec 2022 23:22:47 GMT
Set-Cookie: ljt_reader=F2Z6rNZHwpZHEqZpQQGJQAQn; Path=/; Domain=.lijit.com; Expires=Wed, 20-Dec-2023 23:22:47 GMT; Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod: ad_ap3ams1
acdn.adnxs.com/dmp/async_usersync.html
151.101.193.108200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 151.101.193.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 02 Dec 2022 04:31:25 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 20 Dec 2022 23:22:47 GMT
Age: 14361
X-Served-By: cache-lga13626-LGA, cache-bma1620-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 65, 38510
X-Timer: S1671578568.589888,VS0,VE0
Vary: Accept-Encoding
acdn.adnxs.com/dmp/async_usersync.html
151.101.193.108200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 151.101.193.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 02 Dec 2022 04:31:25 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 20 Dec 2022 23:22:47 GMT
Age: 14362
X-Served-By: cache-lga13626-LGA, cache-bma1668-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 65, 36756
X-Timer: S1671578568.590808,VS0,VE0
Vary: Accept-Encoding
acdn.adnxs.com/dmp/async_usersync.html
151.101.193.108200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 151.101.193.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 02 Dec 2022 04:31:25 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 20 Dec 2022 23:22:47 GMT
Age: 14362
X-Served-By: cache-lga13626-LGA, cache-bma1658-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 65, 36391
X-Timer: S1671578568.618996,VS0,VE0
Vary: Accept-Encoding
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
23.38.200.201200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=158127 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=78213
expires: Wed, 21 Dec 2022 21:06:20 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Dec 2022 23:22:47 GMT
Connection: keep-alive
Vary: Accept-Encoding
s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
143.204.55.106302 Found 0 B URL HTTP/2 s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
IP 143.204.55.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP/1.1
Host: s.ad.smaato.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: CloudFront
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
cache-control: no-cache, must-revalidate
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=92e6babb
set-cookie: SCM=92e6babb; Expires=Tue, 10 Jan 2023 23:22:47 GMT; Domain=.smaato.net; SameSite=None; Path=/; Secure
SCMsas=92e6babb; Expires=Sat, 31 Dec 2022 11:22:47 GMT; Domain=.smaato.net; Path=/; SameSite=None; Secure
x-cache: FunctionGeneratedResponse from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bbWxI1VVQFfm5ujXKqXINMe0Y7Gac6u-B3Niw57szXLK0S7FUyPBNw==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 8ed7113f8aed91c8c2c3ca2405782941
740685c0988c78040de9b5ce9e522df7e8ab164c
fb3c4e81d1abcce6f7d39974512446d35afc369b25f7e4c8934717d34379ae6c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 13:57:47 GMT
Expires: Sat, 24 Dec 2022 13:57:46 GMT
Etag: "740685c0988c78040de9b5ce9e522df7e8ab164c"
Cache-Control: max-age=311098,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f4019a6b4eb-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/148b897ed20242fb53e65c70a8c63c89.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.35200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/148b897ed20242fb53e65c70a8c63c89.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.35:0
File type C++ source, ASCII text, with very long lines (1833)
Hash 5ecfc563c0b88ed44090a2776f05c75e
ec0d2777673e0efcb3b5e4c252c4cb4e248eba19
046597e9372e67a235803498661594732aad533d42cf89afe2ef3994a2b1a60f
GET /mysidia/148b897ed20242fb53e65c70a8c63c89.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14307
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 02:18:39 GMT
expires: Wed, 15 Mar 2023 02:18:39 GMT
cache-control: public, max-age=7776000
last-modified: Fri, 09 Dec 2022 19:06:26 GMT
content-type: text/javascript
age: 507848
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
34.149.20.76200 OK 770 B URL HTTP/2 ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
IP 34.149.20.76:0
Hash 84f7283a114a4fce7e553a5edad11926
11b82425aae7583d3f9cae9acfc4437b9df875e7
f88cb4bac47b30607879a921af6c444eae38850a334d11cb5cabe1ab8272b109
POST /api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ HTTP/1.1
Host: ssc.33across.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 837
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
status: 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
date: Tue, 20 Dec 2022 23:22:45 GMT
x-powered-by: 33Across
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
161.35.253.218200 OK 0 B URL HTTP/1.1 served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
IP 161.35.253.218:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /www/headerbid/library/tracking/vtr.php HTTP/1.1
Host: served-by.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 71
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
67.202.105.22204 No Content 0 B URL HTTP/2 ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
IP 67.202.105.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined HTTP/1.1
Host: ssc-cms.33across.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
x-33x-status: 2000208
server: 33XP001
date: Tue, 20 Dec 2022 23:22:47 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0e668b5d3c67eaac443919d22ba32dd7
57426a5b56d80105dcc537c8b4df70736a0bd662
962d5f7a8b639f6ca25ba21c1e48f1fc25907ad39a5cccae73e1b42715eb45b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6392
Cache-Control: max-age=166334
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Etag: "63a2118d-1d7"
Expires: Thu, 22 Dec 2022 21:35:01 GMT
Last-Modified: Tue, 20 Dec 2022 19:48:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
161.35.253.218200 OK 0 B URL HTTP/1.1 served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
IP 161.35.253.218:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /www/headerbid/library/tracking/vtr.php HTTP/1.1
Host: served-by.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 71
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a7fdaecbcdffc9240cb5a1298a940dc3
a88fd6f1a453f0256f70ee74f947099a8ecaee3a
ae07a46437ffeb2458302ad433beaa189bf65147aa3614f544999b457a66bac4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE07A46437FFEB2458302AD433BEAA189BF65147AA3614F544999B457A66BAC4"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6612
Expires: Wed, 21 Dec 2022 01:12:59 GMT
Date: Tue, 20 Dec 2022 23:22:47 GMT
Connection: keep-alive
x.bidswitch.net/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy=
52.58.214.36302 Found 0 B URL HTTP/2 x.bidswitch.net/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy=
IP 52.58.214.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy=
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=8785467d-8545-48f9-9705-a8c6d825be24; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
c=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
c=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
x.bidswitch.net/sync?ssp=themediagrid
52.58.214.36302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?ssp=themediagrid
IP 52.58.214.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=themediagrid HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=ab8ee1cc-ffe4-403c-bfc9-e0412021e967; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
c=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
c=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
37.157.4.29302 Found 0 B URL HTTP/2 c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
IP 37.157.4.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP/1.1
Host: c1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Fri, 20 Jan 2023 23:22:47 GMT; domain=adform.net; path=/
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
52.58.214.36302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
IP 52.58.214.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:47 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=305e442a-3d8f-428f-8947-75fd990dc78b; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
c=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
c=1671578567; path=/; expires=Wed, 20-Dec-2023 23:22:47 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
match.sharethrough.com/universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent=
35.157.59.48204 No Content 0 B URL HTTP/2 match.sharethrough.com/universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent=
IP 35.157.59.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:47 GMT
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/x/7318ffc0e8fa1d771446
67.220.228.201200 OK 47 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/x/7318ffc0e8fa1d771446
IP 67.220.228.201:0
Hash 33dfff848a16635bfa59962bd9e101b5
2ca034b4c2535985a6b00c3cbce7e5d5fd9e8fea
1ba9b1c33c9bd730ca9e429c7b6d1661e1f0126659475cdd8b340bf324dea7a4
GET /x/7318ffc0e8fa1d771446 HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Tue, 20 Dec 2022 23:22:47 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 47
Connection: keep-alive
x-amz-rid: ZTW16EA41PQWBRRY41PT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 92c4b6316040df0e0cbb38d22d5d69e1
8653f53b55d031009ed1b15688b74ce29e14eaa9
a840afd88596e0acaa8ec954b0a7347b657d6ec243ac23f04e959cc8b2e60c31
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5489
Cache-Control: max-age=86266
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:48 GMT
Etag: "63a0dc51-1d7"
Expires: Wed, 21 Dec 2022 23:20:34 GMT
Last-Modified: Mon, 19 Dec 2022 21:49:05 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=
185.183.112.155302 Found 0 B URL HTTP/1.1 sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=
IP 185.183.112.155:0
ASN #60350 Vente-privee.com SA
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent= HTTP/1.1
Host: sync.adotmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
set-cookie: uid=088422042523c972c12cf2ed; Domain=.adotmob.com; Path=/; Expires=Fri, 19 Jan 2024 23:22:47 GMT; Secure; SameSite=None
uuid=088422042523c972c12cf2ed; Domain=.adotmob.com; Path=/; Expires=Fri, 19 Jan 2024 23:22:47 GMT; Secure; SameSite=None
partners=SMA%3A1671578567997; Domain=.adotmob.com; Path=/; Expires=Fri, 19 Jan 2024 23:22:47 GMT; Secure; SameSite=None
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=088422042523c972c12cf2ed&gdpr=0&gdpr_consent=
date: Tue, 20 Dec 2022 23:22:47 GMT
keep-alive: timeout=5
content-length: 0
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e578ee4d36d76a6e0648d77483a361fb
a582fc77cc87130f3289387b22e1dec284d6732e
806489301d2615eca65561f173ced79e831e1828c563d5f99aba5cd34e9886ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 19 Dec 2022 02:08:02 GMT
Expires: Mon, 26 Dec 2022 02:08:01 GMT
Etag: "a582fc77cc87130f3289387b22e1dec284d6732e"
Cache-Control: max-age=441312,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f424b9eb4eb-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 94a3b5e7ac632fcb960904a960477d0d
399812a040820b9ae3bd4f5ad1a152282735814c
a5fa1a9668c1ad2ac317cae3843f9055f7bd3a97db50ad5417c6bdd3ed5117e7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 13:55:57 GMT
Expires: Sat, 24 Dec 2022 13:55:56 GMT
Etag: "399812a040820b9ae3bd4f5ad1a152282735814c"
Cache-Control: max-age=310987,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f4159c30b45-OSL
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18728)
Hash 73b74813ccfaf2ff987bb80033033958
7a2b9361c70cd91b5b213f6d463daf5dea23d029
c2e85978613fb6adce808c5baf6c129faf182cbf2f00232560132af40c7196c4
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Tue, 20 Dec 2022 16:52:32 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=62989
Expires: Wed, 21 Dec 2022 16:52:37 GMT
Date: Tue, 20 Dec 2022 23:22:48 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff558df1e3ce6b00641cb998c8eee320
d43ef59e8efb9927c485699c40268f056c5c807c
41a181d748653387252720ffe26de04e9eaac9b3d3d39308f2f3be19f59e5606
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6309
Cache-Control: max-age=152945
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:48 GMT
Etag: "63a1dd94-1d7"
Expires: Thu, 22 Dec 2022 17:51:53 GMT
Last-Modified: Tue, 20 Dec 2022 16:06:44 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:34:15 GMT
expires: Thu, 14 Dec 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 532113
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
id.rlcdn.com/711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent=
35.244.174.68400 Bad Request 21 B URL HTTP/2 id.rlcdn.com/711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent=
IP 35.244.174.68:0
Hash b1e64b8d18e9efe2bd53b80009ab24b8
436c8b2a211e9ec7657dbba4b10627c2c2cf4d96
69b8d9afba79df6af482f598e69f8ba7edfdaf5a3091027d06ccc41eb99b3ac1
GET /711890.gif?credir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D136%26partneruserid%3D&gdpr=0&gdpr_consent= HTTP/1.1
Host: id.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
date: Tue, 20 Dec 2022 23:22:48 GMT
content-length: 21
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
142.250.74.35200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Hash 53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 20:35:00 GMT
expires: Thu, 14 Dec 2023 20:35:00 GMT
cache-control: public, max-age=31536000
age: 528468
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash a2497dd425699f85ecb66bca7bc21183
bda0f0ce939c96dba2b8d13db64873f7e41e9d36
23d4a114af63d00b3ff51f2a017c33c9df43f14ef1b97877cd65403429806723
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 14:15:45 GMT
Expires: Sat, 24 Dec 2022 14:15:44 GMT
Etag: "bda0f0ce939c96dba2b8d13db64873f7e41e9d36"
Cache-Control: max-age=312175,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cc1f41f8d9b524-OSL
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 50322e75-c3f9-46a2-8a54-e4283648d39e
Set-Cookie: uuid2=4947654131545452743; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:48 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
185.29.132.241302 Moved Temporarily 0 B URL HTTP/1.1 sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
IP 185.29.132.241:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP/1.1
Host: sync.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 277 3f0ad7a master zrh-pixel-x14 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=bf8863a2-43c9-4c00-8297-0c25880be51e; domain=.mathtag.com; path=/; expires=Wed, 17-Jan-2024 23:22:49 GMT; SameSite=None; Secure
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=bf8863a2-43c9-4c00-8297-0c25880be51e
Expires: Tue, 20 Dec 2022 23:22:47 GMT
gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=
162.19.80.92302 Found 0 B URL HTTP/1.1 gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=
IP 162.19.80.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent= HTTP/1.1
Host: gu.dyntrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
keep-alive: timeout=10
p3p: CP="NOI DEV OUR BUS UNI"
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin
set-cookie: dyn_u=03030002_63a243c82d187; expires=Wed, 20-Dec-2023 23:22:48 GMT; Max-Age=31536000; path=/; domain=.dyntrk.com; secure; SameSite=None
location: https://gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_63a243c82d187&knw=
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:33:13 GMT
expires: Sat, 16 Dec 2023 13:33:13 GMT
cache-control: public, max-age=31536000
age: 380975
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=
52.17.143.244302 Found 0 B URL HTTP/2 sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=
IP 52.17.143.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent= HTTP/1.1
Host: sync.tidaltv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:48 GMT
content-length: 0
location: https://sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
set-cookie: tidal_ttid=3c609885-6cf3-4d9e-afcf-a4f2a1e1a9cc; Domain=.tidaltv.com; Expires=Wed, 20-Dec-2023 23:22:48 GMT; Path=/; SameSite=None; Secure
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:33:54 GMT
expires: Thu, 14 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 532134
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy=
52.58.214.36302 Found 0 B URL HTTP/2 x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy=
IP 52.58.214.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ul_cb/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:48 GMT
content-length: 0
location: https://prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?ssp=themediagrid
52.58.214.36200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?ssp=themediagrid
IP 52.58.214.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?ssp=themediagrid HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash a6b3dfb46201c4043ad22ad1b4d1f018
e86fb63bc6db0c98b5100c49e3364c7053dde12e
83464d27be9c256c0a13b95d35f28c4aa7f0fe1032b4ed4d5575638b5d65a498
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130671
Date: Tue, 20 Dec 2022 23:22:48 GMT
Etag: "63a19ce4-1d7"
Expires: Thu, 22 Dec 2022 11:40:39 GMT
Last-Modified: Tue, 20 Dec 2022 11:30:44 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DGl-Wu-pdJNsuKZZML8MMeMqJlLgud3aXs4A1CyL9xwUoseHXXDZ4w==
Age: 596
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=92e6babb
185.86.139.57200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=133&partneruserid=92e6babb
IP 185.86.139.57:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?issi=1&partnerid=133&partneruserid=92e6babb HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Tue, 20 Dec 2022 23:22:48 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=2996496711705623262; expires=Sat, 20 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Sat, 20 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
csync=133:92e6babb; expires=Wed, 20 Dec 2023 23:22:48 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent=
185.86.139.57302 Found 0 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent=
IP 185.86.139.57:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-length: 0
date: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: no-cache,no-store
location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=2097050759430863498&gdpr=0&gdpr_consent=
pragma: no-cache
set-cookie: pid=2097050759430863498; expires=Fri, 19 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Fri, 19 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
csync=135:TAM_OK; expires=Wed, 20 Dec 2023 23:22:48 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
52.58.214.36200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
IP 52.58.214.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
p.rfihub.com/cm?pub=35683&in=1
193.0.160.128302 Found 0 B URL HTTP/1.1 p.rfihub.com/cm?pub=35683&in=1
IP 193.0.160.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?pub=35683&in=1 HTTP/1.1
Host: p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 23:22:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0NjExNTUxMjA2tjC1MDe0NBXiM9Qt8XD0zA0PLy4I8CwFAJuyxDQlAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 14 Jan 2024 23:22:48 GMT; Secure; SameSite=None
eud=H4sIAAAAAAAA_1slymtoZm5oam5hamZhZGIBAJVj4r8QAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 14 Jan 2024 23:22:48 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0NjExNTUxMjA2tjC1MDe0NBXiM9Qt8XD0zA0PLy4I8CwFAJuyxDQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455420338587195
Content-Length: 0
Server: Jetty(9.3.29.v20201019)
sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
213.19.147.45302 Found 313 B URL HTTP/2 sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
IP 213.19.147.45:0
Hash dcfd25232a0726da2ee483d7c623a0ad
47ff156bbcf93d83ff8001020339666c0e34e650
8b9180acd5966d695b845161774788a70c602d931264604b2123fa72b07b093d
GET /usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-ef5c78fd-830a-47f4-a65f-e7ff16c4a116-003%22%2C%22zdxidn%22%3A%222075%22%7D; path=/; expires=Wed, 20 Dec 2023 23:22:48 GMT; domain=.1rx.io; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1671578568152
etag: RXef5c78fd830a47f4a65fe7ff16c4a116003
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 65881ec7-fc90-4f7e-ab83-779eead2b798
Set-Cookie: uuid2=4734087179418477511; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:48 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.22307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: eff85ef6-e470-46a6-9f3d-3c0111fec8c4
Set-Cookie: uuid2=4184827646649270067; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:48 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.22307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: ee5f6d3e-6ac6-4508-919d-66d5f3c83c62
Set-Cookie: uuid2=6476856408014557368; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:48 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 5b2766e4-da8b-412a-a101-ee5f868d087e
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=088422042523c972c12cf2ed&gdpr=0&gdpr_consent=
185.86.139.57200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=088422042523c972c12cf2ed&gdpr=0&gdpr_consent=
IP 185.86.139.57:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?issi=1&partnerid=66&partneruserid=088422042523c972c12cf2ed&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Tue, 20 Dec 2022 23:22:48 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=8666491147500583585; expires=Sat, 20 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Sat, 20 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
csync=66:088422042523c972c12cf2ed; expires=Wed, 20 Dec 2023 23:22:48 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_63a243c82d187&knw=
162.19.80.92302 Found 0 B URL HTTP/1.1 gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_63a243c82d187&knw=
IP 162.19.80.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_63a243c82d187&knw= HTTP/1.1
Host: gu.dyntrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
keep-alive: timeout=10
p3p: CP="NOI DEV OUR BUS UNI"
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin
set-cookie: dyn_u=03030002_63a243c848a13; expires=Wed, 20-Dec-2023 23:22:48 GMT; Max-Age=31536000; path=/; domain=.dyntrk.com; secure; SameSite=None
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=03030002_63a243c848a13&gdpr=0&gdpr_consent=
match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
54.171.40.8303 See Other 0 B URL HTTP/1.1 match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
IP 54.171.40.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync/sas?gdpr=0&gdpr_consent= HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Tue, 20 Dec 2022 23:22:48 GMT
location: https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Tue, 20 Dec 2022 23:32:48 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0b3a38d8057f8c59aa4db5a405d1004c
3c25e79903c1854f482800c6649da26764730a90
910fbf0b154d2cb38f02f87065f7e94f0aa98a11ffd1c87b04eecf80975d4a51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 23:22:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.adnxs.com/getuidnb?https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30
37.252.171.84200 OK 43 B URL HTTP/1.1 secure.adnxs.com/getuidnb?https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30
IP 37.252.171.84:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /getuidnb?https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: eb719a27-eb9d-4cdf-9ba6-0e0969b3da31
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
37.157.4.29200 OK 330 B URL HTTP/2 c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
IP 37.157.4.29:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 98c404a252092ff9100df55a96445357
01f7bf28abd890dc93e6889b8218310f7a3356a5
ca7bbfab99580aebb8f4dc5b1c0cd2d16008e7bcabfbb9e2df988eff4b8530a2
GET /serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP/1.1
Host: c1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
51.75.86.98302 Found 0 B URL HTTP/2 onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
IP 51.75.86.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-store
location: https://prebidserver.pixfuture.com/setuid?bidder=onetag&gdpr=&gdpr_consent=&f=b&uid=
content-length: 0
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
185.86.139.57200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
IP 185.86.139.57:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?partnerid=113&partneruserid=OPTOUT HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=5230098353820727858; expires=Sat, 20 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Sat, 20 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
csync=113:OPTOUT; expires=Wed, 20 Dec 2023 23:22:48 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.84200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: c2396f03-6616-4d93-89d6-0658118ea11b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 53221b48-4c18-42a5-9f80-f255f52c2f11
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
185.64.189.115200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP 185.64.189.115:0
File type ASCII text, with no line terminators
Hash 1ffb28ef7f4a5bd3d7c1593a59dcf681
afa17dd0a0a501415f629d4658b3c74a90e56ca1
a75d7e9b482f3c1ea0e2d3010cad6447ded5dbf7758c2ef85e951f8288b0bd83
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Mon, 20 Mar 2023 15:24:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 20 Dec 2022 23:22:46 GMT
content-length: 60
X-Firefox-Spdy: h2
www.google.com/pagead/drt/ui
142.250.74.132302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 142.250.74.132:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 20 Dec 2022 23:22:48 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=
137.184.242.150200 OK 86 B URL HTTP/1.1 prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c6641b08f4be6f479f1588af08054b3
8da28b3146834c48fd843b108749191516d2a65d
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
GET /setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid= HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
cache-control: no-cache, no-store, must-revalidate
content-length: 86
content-type: image/png
expires: 0
pragma: no-cache
set-cookie: uids=eyJiZGF5IjoiMjAyMi0xMi0yMFQyMzoyMjo0OC4zODAyNzk3NTJaIn0=; Path=/; Expires=Mon, 20 Mar 2023 23:22:48 GMT
vary: Origin
date: Tue, 20 Dec 2022 23:22:48 GMT
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ee312759-89bd-4993-85ce-b744260dbf08
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=hccuQiyCuudY&ev=1&pid=560288&gdpr_consent=&gdpr=0
185.86.139.57200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=hccuQiyCuudY&ev=1&pid=560288&gdpr_consent=&gdpr=0
IP 185.86.139.57:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?issi=1&partnerid=92&partneruserid=hccuQiyCuudY&ev=1&pid=560288&gdpr_consent=&gdpr=0 HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Tue, 20 Dec 2022 23:22:48 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=6036634057424960197; expires=Fri, 19 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Fri, 19 Jan 2024 23:22:48 GMT; domain=smartadserver.com; path=/
csync=92:hccuQiyCuudY; expires=Wed, 20 Dec 2023 23:22:48 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
52.17.143.244200 OK 85 B URL HTTP/2 sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
IP 52.17.143.244:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 086dc9606b203a029682516648bdbb95
955b1fae3cee70c01f413a2ee6dda4233d41d465
ec6c9ec98adfa8dce10d7f46c4055a7385a1866f6926de78c12a263d9f3624b8
GET /genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1 HTTP/1.1
Host: sync.tidaltv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: image/gif
set-cookie: tidal_ttid=5e826038-9ab5-4c65-a8ae-1a9d8d679b01; Domain=.tidaltv.com; Expires=Wed, 20-Dec-2023 23:22:48 GMT; Path=/; SameSite=None; Secure
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
54.171.40.8303 See Other 0 B URL HTTP/1.1 match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
IP 54.171.40.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Tue, 20 Dec 2022 23:22:48 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=&gdpr=0
Server: gunicorn
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
token.rubiconproject.com/token?pid=37556&a=1
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=37556&a=1
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=37556&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 7c5d24517ee193cc868994bc18883d1d
token.rubiconproject.com/token?pid=25470
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=25470
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=25470 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 693f17ec94b6fd0c82d03268b1ba23d6
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 5907735069f63b5174f4593985a6b161
eb5ea703bce29d50f528efab81478c6de5f52231
da27aa0fd61c7caa25dc71b66fd2ca6b4712517f941785349a67925ef5415891
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 20 Dec 2022 23:22:48 GMT
date: Tue, 20 Dec 2022 23:22:48 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-oM-zG37O_KKsriKjBCCKVg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel.rubiconproject.com/exchange/sync.php?p=a9us
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 7c5d24517ee193cc868994bc18883d1d
Content-Type: image/gif
prebidserver.pixfuture.com/setuid?bidder=onetag&gdpr=&gdpr_consent=&f=b&uid=
137.184.242.150200 OK 0 B URL HTTP/1.1 prebidserver.pixfuture.com/setuid?bidder=onetag&gdpr=&gdpr_consent=&f=b&uid=
IP 137.184.242.150:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /setuid?bidder=onetag&gdpr=&gdpr_consent=&f=b&uid= HTTP/1.1
Host: prebidserver.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/html
expires: 0
pragma: no-cache
set-cookie: uids=eyJiZGF5IjoiMjAyMi0xMi0yMFQyMzoyMjo0OC41MTExMzc1ODlaIn0=; Path=/; Expires=Mon, 20 Mar 2023 23:22:48 GMT
vary: Origin
date: Tue, 20 Dec 2022 23:22:48 GMT
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash d2360ce0f288f9440580b6296ca77bf6
c8be492966e5764b1d57eb8b51e2f003006d52de
7292566e0c98e1bd8a35dfdb87a2e81add54149c08d6b5c0118c973c97d93c4f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 20 Dec 2022 19:48:06 GMT
Expires: Wed, 21 Dec 2022 19:48:06 GMT
ETag: "c8be492966e5764b1d57eb8b51e2f003006d52de"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
151.101.2.49302 Found 0 B URL HTTP/2 sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
IP 151.101.2.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
set-cookie: everest_g_v2=g_surferid~Y6JDyAAE_0x2JgAe; Path=/; Domain=.everesttech.net; Expires=Wed, 20-Dec-2023 23:22:48 GMT; Max-Age=31536000
location: https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y6JDyAAE_0x2JgAe
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Tue, 20 Dec 2022 23:22:48 GMT
via: 1.1 varnish
x-served-by: cache-bma1639-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1671578569.508945,VS0,VE92
cache-control: no-cache
pragma: no-cache
content-length: 0
X-Firefox-Spdy: h2
ums.acuityplatform.com/tum?umid=2
154.59.122.79302 Found 0 B URL HTTP/1.1 ums.acuityplatform.com/tum?umid=2
IP 154.59.122.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tum?umid=2 HTTP/1.1
Host: ums.acuityplatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-length: 0
access-control-allow-origin: *
set-cookie: auid=722635610788; Domain=.acuityplatform.com; Expires=Wed, 20-Dec-2023 23:22:48 GMT; Path=/; SameSite=None; Secure
aum="OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqAMvqNdXNlck1hdGNoaW5nSWTEkWxhc3REcm9wVGltZU1pbGxpcyUBQkw7DD60mGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUJMOww+tI90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="; Version=1; Domain=.acuityplatform.com; Max-Age=31536000; Expires=Wed, 20-Dec-2023 23:22:48 GMT; Path=/; SameSite=None; Secure
location: https://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=722635610788&expires=30
sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y6JDyAAE_0x2JgAe
151.101.2.49200 OK 85 B URL HTTP/2 sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y6JDyAAE_0x2JgAe
IP 151.101.2.49:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 5bec6606b8392065f9da9898ca6f7b14
73ac5b01b5e3293fb792179626e7f8369cdb944d
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
GET /ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y6JDyAAE_0x2JgAe HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Tue, 20 Dec 2022 23:22:48 GMT
via: 1.1 varnish
age: 1780
x-served-by: cache-bma1639-BMA
x-cache: HIT
x-cache-hits: 1995
x-timer: S1671578569.701248,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 85
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=&gdpr=0
185.86.139.57200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=&gdpr=0
IP 185.86.139.57:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir?partnerid=127&partneruserid=&gdpr=0 HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Tue, 20 Dec 2022 23:22:48 GMT
transfer-encoding: chunked
sync.go.sonobi.com/us.gif?nw=mediamath&nuid=bf8863a2-43c9-4c00-8297-0c25880be51e
69.166.1.10200 OK 49 B URL HTTP/1.1 sync.go.sonobi.com/us.gif?nw=mediamath&nuid=bf8863a2-43c9-4c00-8297-0c25880be51e
IP 69.166.1.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /us.gif?nw=mediamath&nuid=bf8863a2-43c9-4c00-8297-0c25880be51e HTTP/1.1
Host: sync.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: image/gif
Content-Length: 49
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-157
X-Xss-Protection: 0
Server: sonobi-go
Set-Cookie: HAPLB8S=s85157|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455420338587195
69.166.1.10200 OK 49 B URL HTTP/1.1 sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455420338587195
IP 69.166.1.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /us.gif?nw=zt&nuid=5134455420338587195 HTTP/1.1
Host: sync.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: image/gif
Content-Length: 49
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-92
X-Xss-Protection: 0
Server: sonobi-go
Set-Cookie: HAPLB8S=s8592|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
52.46.155.104302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
IP 52.46.155.104:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 13YRCRC40F4FWXPJMM6B
Set-Cookie: ad-id=Axfbo77vgkBSu83iO1dvf4w|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 23:22:48 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
sync.go.sonobi.com/usg.gif?google_error=3
69.166.1.10200 OK 49 B URL HTTP/1.1 sync.go.sonobi.com/usg.gif?google_error=3
IP 69.166.1.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /usg.gif?google_error=3 HTTP/1.1
Host: sync.go.sonobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: image/gif
Content-Length: 49
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-191
X-Xss-Protection: 0
Server: sonobi-go
Set-Cookie: HAPLB8S=s85191|Y6JDy; path=/; domain=.go.sonobi.com; SameSite=None; secure
s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=2097050759430863498&gdpr=0&gdpr_consent=
52.46.155.104302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=2097050759430863498&gdpr=0&gdpr_consent=
IP 52.46.155.104:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=2097050759430863498&gdpr=0&gdpr_consent= HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 2C1D7Y0PNGN2NK5PQ8AH
Set-Cookie: ad-id=A5wpomlIvUWLjFUAg7vfn-w|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 23:22:48 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=2097050759430863498&gdpr=0&gdpr_consent=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=722635610788&expires=30
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=722635610788&expires=30
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=5672&nid=2082&put=722635610788&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 7c5d24517ee193cc868994bc18883d1d
Content-Type: image/gif
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
23.38.200.201200 OK 953 B URL HTTP/2 ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Hash 499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4
GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=37345
expires: Wed, 21 Dec 2022 09:45:13 GMT
date: Tue, 20 Dec 2022 23:22:48 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 1.3 kB URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720)
Hash 49b12b252dfc82c6d2cadfa7f2c04aeb
50b8b145ba1f12679c9279636ab4bc1bd3548acb
9174f106ca8f4be3f7d8071f53b003128f5a4aef347ffcc6d3f28541c5426fa8
GET /AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:47 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
23.38.200.201200 OK 953 B URL HTTP/2 ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Hash 499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4
GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=37345
expires: Wed, 21 Dec 2022 09:45:13 GMT
date: Tue, 20 Dec 2022 23:22:48 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
23.38.200.201200 OK 953 B URL HTTP/2 ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Hash 499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4
GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D885F4C1F-0DCF-4052-8072-8AE29F8A6DC1%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=37345
expires: Wed, 21 Dec 2022 09:45:13 GMT
date: Tue, 20 Dec 2022 23:22:48 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 347 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
File type ASCII text, with very long lines (468)
Hash 64fbe3f51158a542272714cacc8d8648
8fbab95ef49628756eaa363a6848942c4065fea8
b869ac1e304ca5ce218d796e0b63a36239316b5641ac27d46ac72256a4ed7b2b
GET /AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:47 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 347 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
File type ASCII text, with very long lines (468)
Hash 64fbe3f51158a542272714cacc8d8648
8fbab95ef49628756eaa363a6848942c4065fea8
b869ac1e304ca5ce218d796e0b63a36239316b5641ac27d46ac72256a4ed7b2b
GET /AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
52.46.155.104200 OK 43 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
IP 52.46.155.104:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Tue, 20 Dec 2022 23:22:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 2T1WK31SREDDENZZ9VE5
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 390 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
Hash bedd5141f7c1597db42a52f3b73eaa04
fb6164176bc050ed24c7157e381bac586befc3d6
1e12cc7a2345a7cb9500e8b1817fd3741928cb1cfc1245ba2d42e68feedcdc3a
GET /AdServer/SPug?o=1&p=158127&sc=1&u=885F4C1F-0DCF-4052-8072-8AE29F8A6DC1&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 053fed57-880d-4098-b017-f9f6c4401328
Set-Cookie: uuid2=510860935696215601; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: d8945ee4-0738-4441-95df-9e5dd4609a6e
Set-Cookie: uuid2=1962003294426445270; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 31adf73f-ff6c-4130-9ddb-e63ed7074379
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: c27ed234-1b39-426b-bf0a-d68be24d64a3
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.22307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: f13e3694-6e96-4c9a-8f03-b9acfdffacf7
Set-Cookie: uuid2=6325445447762063400; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: fa4a9166-87f3-429c-8605-572c101faff9
Set-Cookie: uuid2=2989562204331192652; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Mar-2023 23:22:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: a5f25363-8aac-43d0-8672-7a5594ce0178
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.84200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 20 Dec 2022 23:22:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 7dbc07e6-7d0d-4ad8-8e98-91e6177e70b9
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
contextual.media.net/dmedianet.js?cid=8CU5BD6EW
2.18.172.23302 Moved Temporarily 0 B URL HTTP/1.1 contextual.media.net/dmedianet.js?cid=8CU5BD6EW
IP 2.18.172.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dmedianet.js?cid=8CU5BD6EW HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securityaffairs.co/
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Date: Tue, 20 Dec 2022 23:22:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
cdn.pixfuture.com/cdn-cgi/rum?
172.67.68.113204 No Content 0 B URL HTTP/2 cdn.pixfuture.com/cdn-cgi/rum?
IP 172.67.68.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: cdn.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 516
Origin: https://cdn.pixfuture.com
Connection: keep-alive
Referer: https://cdn.pixfuture.com/pixf_sync.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
date: Tue, 20 Dec 2022 23:22:50 GMT
access-control-allow-origin: https://cdn.pixfuture.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 77cc1f547a731c02-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.pixfuture.com/pbix.js
172.67.68.113200 OK 0 B URL HTTP/2 cdn.pixfuture.com/pbix.js
IP 172.67.68.113:0
GET /pbix.js HTTP/1.1
Host: cdn.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
cache-control: public, max-age=172800, no-transform
cf-bgj: minify
cf-polished: origSize=405747
etag: W/"63233595-630f3"
expires: Wed, 21 Dec 2022 15:52:08 GMT
last-modified: Thu, 15 Sep 2022 14:24:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 113317
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOyMMuxIanlQpMpSRcTCBipEI0sh7DUu%2F1YHjZXyolQqJgzxmmNPhCmnTuAuRECQB9OXCSWJOsvGmc1WbMxXOh39ofo5%2FDq5ghwoRB6904i5yPmL1yhFXmRpG5xTVGvs1i6Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cc1f2a4fca1c02-OSL
X-Firefox-Spdy: h2
ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
34.149.20.76200 OK 0 B URL HTTP/2 ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
IP 34.149.20.76:0
POST /api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ HTTP/1.1
Host: ssc.33across.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 793
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
status: 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
date: Tue, 20 Dec 2022 23:22:45 GMT
x-powered-by: 33Across
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prebid.media.net/rtb/prebid?cid=8CUIUMTP7
34.107.148.139200 OK 0 B URL HTTP/2 prebid.media.net/rtb/prebid?cid=8CUIUMTP7
IP 34.107.148.139:0
POST /rtb/prebid?cid=8CUIUMTP7 HTTP/1.1
Host: prebid.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1872
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json;charset=UTF-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
expires: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
IP 142.250.74.74:0
GET /css?family=Google%20Sans%3A400%2C500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Dec 2022 23:22:47 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
54.230.111.45200 OK 0 B URL HTTP/2 get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
IP 54.230.111.45:0
GET /6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js HTTP/1.1
Host: get.s-onetag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
last-modified: Mon, 07 Nov 2022 19:46:30 GMT
x-amz-version-id: 0Wki3095rBiC8xDP56.qUYf2JNRTRIn7
server: AmazonS3
content-encoding: gzip
date: Tue, 20 Dec 2022 07:08:38 GMT
cache-control: max-age=86400
etag: W/"34bbd675e8b425becff971d5a4756c10"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZBw1-CEYAimaxpKigFnTuvFGyD5om7blbvnux64Q0n0K0J5pO45Y0A==
age: 58449
X-Firefox-Spdy: h2
cdn.pixfuture.com/pixf_sync.html
172.67.68.113200 OK 0 B URL HTTP/2 cdn.pixfuture.com/pixf_sync.html
IP 172.67.68.113:0
GET /pixf_sync.html HTTP/1.1
Host: cdn.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: text/html
last-modified: Wed, 07 Dec 2022 20:04:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aitfjq28hC6A9FTAwxPWOx5OLsJWa3kWr2m%2BIHuzXgYzoHcft2NX2YXgiZA8wAMs81rkqyqd885yw9bHv%2BrYeDBGx8NFseuJiVcJ9ojOOp%2FhtpWX2OT4DViiDfJkI1080ogj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cc1f2a4fc81c02-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: http://securityaffairs.co
server-processing-duration-in-ticks: 1183545
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
198.148.27.140302 Found 0 B URL HTTP/2 bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
IP 198.148.27.140:0
GET /bh/rtset?do=add&pid=560606&ev=26ef38ea-98e8-4eee-9d80-a1183c7f2c5e&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-7b977cc7b4-8l8mg
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
set-cookie: V=c9uhtAa8Lhcn;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Fri, 15-Dec-2023 23:22:48 GMT;Max-Age=31104000;SameSite=None
pb_rtb_ev=3-1hwi|7LJ.0.26ef38ea-98e8-4eee-9d80-a1183c7f2c5e;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Wed, 20-Dec-2023 23:22:48 GMT;Max-Age=31536000;SameSite=None
INGRESSCOOKIE=6ccfad67e110630c; path=/; HttpOnly; Secure; SameSite=None
location: https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=MWxyYm9xVWpKV0FpWG92TWN1VEFqUQ&gdpr=&gdpr_consent=
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
IP 142.250.74.74:0
GET /css?family=Roboto%3A300%2C400%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Dec 2022 23:22:47 GMT
date: Tue, 20 Dec 2022 23:22:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1671578568152
213.19.147.45302 Found 0 B URL HTTP/2 sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1671578568152
IP 213.19.147.45:0
GET /usersync2/smartadserver?zcc=1&cb=1671578568152 HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://securityaffairs.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 20 Dec 2022 23:22:48 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
location: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
etag: OPTOUT
X-Firefox-Spdy: h2
bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=
198.148.27.140302 Found 0 B URL HTTP/2 bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=
IP 198.148.27.140:0
GET /bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent= HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-7b977cc7b4-2gc9v
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=hccuQiyCuudY&ev=1&pid=560288&gdpr_consent=&gdpr=0
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
set-cookie: V=hccuQiyCuudY;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Fri, 15-Dec-2023 23:22:48 GMT;Max-Age=31104000;SameSite=None
INGRESSCOOKIE=77f5f55048156c4a; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
IP 178.250.0.157:0
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://securityaffairs.co/
Origin: http://securityaffairs.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:44 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: http://securityaffairs.co
server-processing-duration-in-ticks: 358281
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
34.149.20.76200 OK 0 B URL HTTP/2 ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
IP 34.149.20.76:0
POST /api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ HTTP/1.1
Host: ssc.33across.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 836
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
status: 200 OK
access-control-allow-credentials: true
access-control-allow-origin: http://securityaffairs.co
date: Tue, 20 Dec 2022 23:22:45 GMT
x-powered-by: 33Across
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
stats.wp.com/e-202251.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /e-202251.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:43 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Sun, 10 Dec 2023 23:28:49 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
prebid.media.net/rtb/prebid?cid=8CUIUMTP7
34.107.148.139200 OK 0 B URL HTTP/2 prebid.media.net/rtb/prebid?cid=8CUIUMTP7
IP 34.107.148.139:0
POST /rtb/prebid?cid=8CUIUMTP7 HTTP/1.1
Host: prebid.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1884
Origin: http://securityaffairs.co
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 23:22:45 GMT
content-type: application/json;charset=UTF-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
expires: Tue, 20 Dec 2022 23:22:45 GMT
access-control-allow-origin: http://securityaffairs.co
access-control-allow-credentials: true
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn.pixfuture.com/pxft_iel.js
172.67.68.113200 OK 0 B URL HTTP/2 cdn.pixfuture.com/pxft_iel.js
IP 172.67.68.113:0
GET /pxft_iel.js HTTP/1.1
Host: cdn.pixfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securityaffairs.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Dec 2022 23:22:46 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
cache-control: public, max-age=172800, no-transform
cf-bgj: minify
etag: W/"63935650-139c"
expires: Wed, 21 Dec 2022 15:52:03 GMT
last-modified: Fri, 09 Dec 2022 15:37:52 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 113426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFadtMUOts2INj8hcopvoa5oNTToCPPfzO7uVPFxN5w%2BAx0cGljq%2BLt7BGCU80XivOvMss2nULymauSmdcXzpvGoj%2BeUnzJ3xLObLLb4MLBiOA8X6qsOFBImZMSqHJDWNC%2BY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cc1f373fd11c02-OSL
X-Firefox-Spdy: h2