www.bloombergquint.com Open in urlscan Pro
2606:4700::6812:5dc6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Submission: On December 04 via api (December 4th 2021, 12:23:31 pm UTC) from US — Scanned from DE

Summary HTTP 146 Redirects Links 44 Behaviour Indicators

Summary

This website contacted 42 IPs in 3 countries across 29 domains to perform 146 HTTP transactions. The main IP is 2606:4700::6812:5dc6, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bloombergquint.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.

This is the only time www.bloombergquint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700::68... 2606:4700::6812:5dc6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:10:... 2606:4700:10::ac43:1be8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
4	2606:4700::68... 2606:4700::6811:bab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6810:2a41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:f015	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a04:4e42:600... 2a04:4e42:600::644	54113 (FASTLY) (FASTLY)
7	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
16	52.1.188.220 52.1.188.220	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:80e::2008	() ()
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	() ()
10	2a00:1450:400... 2a00:1450:4001:82a::200e	() ()
1	2a00:1450:400... 2a00:1450:400c:c00::9d	() ()
2	2a00:1450:400... 2a00:1450:4001:80f::2004	() ()
1	2a00:1450:400... 2a00:1450:4001:829::2003	() ()
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	() ()
7	2606:4700::68... 2606:4700::6811:b8b1	() ()
1	2a04:4e42:200... 2a04:4e42:200::282	() ()
2	104.111.245.50 104.111.245.50	() ()
1	69.16.175.42 69.16.175.42	() ()
3	2a00:1450:400... 2a00:1450:4001:82f::200a	() ()
5	2a02:26f0:6c0... 2a02:26f0:6c00:2a7::268b	() ()
3	143.204.95.188 143.204.95.188	() ()
3	178.63.13.144 178.63.13.144	() ()
1	147.75.85.120 147.75.85.120	() ()
1	52.49.172.98 52.49.172.98	() ()
1	52.77.55.240 52.77.55.240	() ()
1	34.107.231.31 34.107.231.31	() ()
3	143.204.98.121 143.204.98.121	() ()
3	143.204.98.118 143.204.98.118	() ()
1	2a00:1450:400... 2a00:1450:4001:811::2002	() ()
2	2a00:1450:400... 2a00:1450:4001:802::2002	() ()
4	2a00:1450:400... 2a00:1450:4001:80f::2002	() ()
1	2a00:1450:400... 2a00:1450:4001:82a::2001	() ()
3	2a00:1450:400... 2a00:1450:4001:801::2001	() ()
1	2a00:1450:400... 2a00:1450:4001:828::2002	() ()
146	42

10 2606:4700::6812:5dc6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bloombergquint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:10::ac43:1be8 (United States)

ASN13335 (CLOUDFLARENET, US)

fea.assettype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
thumbor-stg.assettype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:bab1 (United States)

ASN13335 (CLOUDFLARENET, US)

experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-v3.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:2a41 (United States)

ASN13335 (CLOUDFLARENET, US)

c2.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:f015 (United States)

ASN13335 (CLOUDFLARENET, US)

api-esp.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::644 (United States)

ASN54113 (FASTLY, US)

cdn.gumlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.1.188.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-188-220.compute-1.amazonaws.com

prod-analytics.qlitics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2008 (None, )

ASN- ()

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (None, )

ASN- ()

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::200e (None, )

ASN- ()

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (None, )

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (None, )

ASN- ()

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (None, )

ASN- ()

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6811:b8b1 (None, )

ASN- ()

buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::282 (None, )

ASN- ()

cdn.polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.245.50 (None, )

ASN- ()

csm.cxpublic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (None, )

ASN- ()

rtbcdn.andbeyond.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2a7::268b (None, )

ASN- ()

scdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.95.188 (None, )

ASN- ()

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.63.13.144 (None, )

ASN- ()

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.120 (None, )

ASN- ()

api.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.172.98 (None, )

ASN- ()

global.cloud.netacuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.77.55.240 (None, )

ASN- ()

prebid.andbeyond.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.231.31 (None, )

ASN- ()

p.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.121 (None, )

ASN- ()

cdn.moengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.118 (None, )

ASN- ()

sdk-01.moengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (None, )

ASN- ()

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (None, )

ASN- ()

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (None, )

ASN- ()

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (None, )

ASN- ()

90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2001 (None, )

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (None, )

ASN- ()

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	qlitics.com prod-analytics.qlitics.com	3 KB
11	gstatic.com fonts.gstatic.com	689 KB
11	tinypass.com experience.tinypass.com cdn.tinypass.com buy.tinypass.com api-v3.tinypass.com	317 KB
10	google-analytics.com www.google-analytics.com	20 KB
10	bloombergquint.com www.bloombergquint.com	296 KB
9	cxense.com scdn.cxense.com cdn.cxense.com p1cluster.cxense.com api.cxense.com comcluster.cxense.com id.cxense.com	93 KB
8	googlesyndication.com pagead2.googlesyndication.com 90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com tpc.googlesyndication.com	37 KB
8	doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net	146 KB
7	piano.io c2.piano.io api-esp.piano.io	20 KB
7	assettype.com fea.assettype.com thumbor-stg.assettype.com	412 KB
6	moengage.com cdn.moengage.com sdk-01.moengage.com	75 KB
4	google.com www.google.com adservice.google.com	2 KB
3	amazon-adsystem.com c.amazon-adsystem.com	39 KB
3	googleapis.com fonts.googleapis.com	3 KB
3	facebook.com www.facebook.com	400 B
3	google.de www.google.de adservice.google.de	1 KB
2	andbeyond.media rtbcdn.andbeyond.media prebid.andbeyond.media	17 KB
2	cxpublic.com csm.cxpublic.com	1 KB
2	facebook.net connect.facebook.net	113 KB
1	adlooxtracking.com p.adlooxtracking.com	4 KB
1	netacuity.com global.cloud.netacuity.com	443 B
1	polyfill.io cdn.polyfill.io	584 B
1	googletagmanager.com www.googletagmanager.com	51 KB
1	gumlet.com cdn.gumlet.com	7 KB
1	jquery.com code.jquery.com	29 KB
1	t.co t.co	470 B
1	twitter.com analytics.twitter.com	675 B
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
1	ads-twitter.com static.ads-twitter.com	6 KB
146	29

	Domain	Requested by
16	prod-analytics.qlitics.com	www.bloombergquint.com
11	fonts.gstatic.com	www.bloombergquint.com fonts.googleapis.com
10	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
10	www.bloombergquint.com	www.bloombergquint.com static.cloudflareinsights.com fea.assettype.com
8	buy.tinypass.com	cdn.tinypass.com buy.tinypass.com
7	securepubads.g.doubleclick.net	fea.assettype.com securepubads.g.doubleclick.net
6	fea.assettype.com	fea.assettype.com
5	api-esp.piano.io	cdn.tinypass.com code.jquery.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	sdk-01.moengage.com	cdn.moengage.com
3	cdn.moengage.com	www.bloombergquint.com cdn.moengage.com
3	cdn.cxense.com	scdn.cxense.com cdn.cxense.com
3	c.amazon-adsystem.com	rtbcdn.andbeyond.media c.amazon-adsystem.com
3	fonts.googleapis.com	buy.tinypass.com
3	www.facebook.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	scdn.cxense.com	csm.cxpublic.com www.bloombergquint.com
2	csm.cxpublic.com	www.bloombergquint.com cdn.cxense.com
2	www.google.com	tpc.googlesyndication.com
2	connect.facebook.net	www.bloombergquint.com connect.facebook.net
2	c2.piano.io	cdn.tinypass.com
1	90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	p.adlooxtracking.com	rtbcdn.andbeyond.media
1	prebid.andbeyond.media	rtbcdn.andbeyond.media
1	global.cloud.netacuity.com	rtbcdn.andbeyond.media
1	id.cxense.com	cdn.cxense.com
1	comcluster.cxense.com	cdn.cxense.com
1	api.cxense.com	cdn.cxense.com
1	p1cluster.cxense.com	cdn.cxense.com
1	thumbor-stg.assettype.com
1	rtbcdn.andbeyond.media	www.bloombergquint.com
1	cdn.polyfill.io	www.bloombergquint.com
1	www.google.de
1	api-v3.tinypass.com	cdn.tinypass.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	www.bloombergquint.com
1	cdn.gumlet.com	www.bloombergquint.com
1	code.jquery.com	api-esp.piano.io
1	t.co	www.bloombergquint.com
1	analytics.twitter.com	static.ads-twitter.com
1	cdn.tinypass.com	experience.tinypass.com
1	static.cloudflareinsights.com	www.bloombergquint.com
1	experience.tinypass.com	www.bloombergquint.com
1	static.ads-twitter.com	www.bloombergquint.com
146	46

This site contains links to these domains. Also see Links.

Domain
www.thequint.com
www.bloomberg.com
www.bloombergtradebook.com
www.bloombergbriefs.com
www.bloombergindexes.com
www.bloombergsef.com
about.bloomberginstitute.com
www.bloombergpolarlake.com
www.bloombergview.com
about.bgov.com
www.bna.com
bol.bna.com
about.bnef.com
www.bloombergmedia.com
www.bloomberglive.com
www.facebook.com
twitter.com
www.linkedin.com
instagram.com
bba.bloomberg.net
service.bloomberg.com
www.apple.com
widget.msgp.pl
t.me

Subject Issuer	Validity	Valid
www.bloombergquint.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
assettype.com Cloudflare Inc ECC CA-3	`2021-06-28` - `2022-06-27`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.piano.io Sectigo RSA Domain Validation Secure Server CA	`2021-08-19` - `2022-09-18`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.gumlet.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-30` - `2022-09-30`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.qlitics.com Amazon	`2021-04-21` - `2022-05-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-12` - `2021-12-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2020	`2021-06-04` - `2022-07-06`	a year	crt.sh
cdn-content-production.cxpublic.com R3	`2021-10-14` - `2022-01-12`	3 months	crt.sh
*.andbeyond.media Starfield Secure Certificate Authority - G2	`2021-02-22` - `2022-03-26`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.cxense.com DigiCert SHA2 Secure Server CA	`2021-05-21` - `2022-05-26`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.cloud.netacuity.com Amazon	`2021-04-11` - `2022-05-10`	a year	crt.sh
p.adlooxtracking.com GTS CA 1D4	`2021-10-22` - `2022-01-20`	3 months	crt.sh
*.moengage.com Go Daddy Secure Certificate Authority - G2	`2021-01-31` - `2022-03-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Frame ID: 5374F3DE171B0EE72D42A46228C488C4
Requests: 118 HTTP requests in this frame

Frame: https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com
Frame ID: A9BFF3DCAB9427CC2C182CEB14429EA4
Requests: 13 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: 4AD2A10698EFD88B3DFCF15C6C03A90B
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 57E41C32ED500DD35104DF901788868C
Requests: 1 HTTP requests in this frame

Frame: https://90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: ECB514116F625A1AECA7B6BC6AFE30A0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8CF79054B09DCB773680B390BA9FFD4F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 75C043F10786859685E4C55FFB8EF17C
Requests: 2 HTTP requests in this frame

Frame: https://cdn.moengage.com/webpush/beta/webpushhelper.html
Frame ID: AD2875EA0AF81306A1A0121C7D0AEED1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

U.S. State Department Employee iPhones Reportedly Targeted by Spyware

Page Statistics

146
Requests

92 %
HTTPS

63 %
IPv6

29
Domains

46
Subdomains

42
IPs

3
Countries

2389 kB
Transfer

7277 kB
Size

10
Cookies

44 Outgoing links

These are links going to different origins than the main page.

URL: https://www.thequint.com/
Title: The Quint

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/careers/?utm_source=bloomberg-menu
Title: Careers

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/diversity-inclusion/?utm_source=bloomberg-menu
Title: Diversity & Inclusion

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/philanthropy/?utm_source=bloomberg-menu
Title: Philanthropy & Engagement

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/bcause/?utm_source=bloomberg-menu
Title: Sustainability

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/company/technology/?utm_source=bloomberg-menu
Title: Technology

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/company/bloomberg-facts/?utm_source=bloomberg-menu
Title: History & Facts

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/professional/?utm_source=bloomberg-menu&bbgsum=DG-WS-CORE-bbgmenu
Title: Bloomberg Terminal

Search URL Search Domain Scan URL

URL: http://www.bloombergtradebook.com/?utm_source=bloomberg-menu&bbgsum=DG-WS-02-13-TBOOK-bbgmenu
Title: Bloomberg Tradebook

Search URL Search Domain Scan URL

URL: http://www.bloombergbriefs.com/?utm_source=bloomberg-menu
Title: Bloomberg Briefs

Search URL Search Domain Scan URL

URL: http://www.bloombergindexes.com/?utm_source=bloomberg-menu&bbgsum=DG-WS-05-13-INDEXES-bbgmenu
Title: Bloomberg Indices

Search URL Search Domain Scan URL

URL: http://www.bloombergsef.com/?utm_source=bloomberg-menu&bbgsum=DG-WS-08-13-SEF-bbgmenu
Title: Bloomberg SEF

Search URL Search Domain Scan URL

URL: http://about.bloomberginstitute.com/?utm_source=bloomberg-menu
Title: Bloomberg Institute

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/enterprise/?utm_source=bloomberg-menu&bbgsum=DG-WS-09-13-ES-bbgmenu
Title: Enterprise Solutions

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/trading-solutions/?utm_source=bloomberg-menu&bbgsum=DG-WS-09-13-TS-bbgmenu
Title: Trading Solutions

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/vault/?utm_source=bloomberg-menu&bbgsum=DG-WS-09-13-ES-BVAULT-bbgmenu
Title: Bloomberg Vault

Search URL Search Domain Scan URL

URL: http://www.bloombergpolarlake.com/?utm_source=bloomberg-menu
Title: Bloomberg PolarLake

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/politics/?utm_source=bloomberg-menu
Title: Bloomberg Politics

Search URL Search Domain Scan URL

URL: http://www.bloombergview.com/?utm_source=bloomberg-menu
Title: Bloomberg View

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/gadfly/?utm_source=bloomberg-menu
Title: Bloomberg Gadfly

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/live?utm_source=bloomberg-menu
Title: Bloomberg Television

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/audio/?utm_source=bloomberg-menu
Title: Bloomberg Radio

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/mobile/?utm_source=bloomberg-menu
Title: Bloomberg Mobile Apps

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/company/news-bureaus/?utm_source=bloomberg-menu
Title: News Bureaus

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/company/announcements/?utm_source=bloomberg-menu
Title: Press Announcements

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/company/press-contacts/?utm_source=bloomberg-menu
Title: Press Contacts

Search URL Search Domain Scan URL

URL: http://about.bgov.com/?utm_source=bloomberg-menu
Title: Bloomberg Government

Search URL Search Domain Scan URL

URL: http://www.bna.com/?utm_source=bloomberg-menu
Title: Bloomberg Law/BNA

Search URL Search Domain Scan URL

URL: https://bol.bna.com/?utm_source=bloomberg-menu
Title: Bloomberg Big Law

Search URL Search Domain Scan URL

URL: http://about.bnef.com/?utm_source=bloomberg-menu
Title: Bloomberg New Energy Finance

Search URL Search Domain Scan URL

URL: http://www.bloombergmedia.com/?utm_source=bloomberg-menu
Title: Advertising

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/content-service/?utm_source=bloomberg-menu
Title: Bloomberg Content Service

Search URL Search Domain Scan URL

URL: http://www.bloomberglive.com/?utm_source=bloomberg-menu
Title: Bloomberg Live Conferences

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Bloomberglp
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/bloomberg
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/2494
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://instagram.com/bloomberg
Title: Instagram

Search URL Search Domain Scan URL

URL: https://bba.bloomberg.net/?utm_source=bloomberg-menu
Title: Bloomberg Anywhere Remote Login

Search URL Search Domain Scan URL

URL: http://www.bloomberg.com/professional/systems-support/downloads/?utm_source=bloomberg-menu
Title: Download Software

Search URL Search Domain Scan URL

URL: http://service.bloomberg.com/portal/sessions/new?utm_source=bloomberg-menu
Title: Service Center

Search URL Search Domain Scan URL

URL: https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
Title: said

Search URL Search Domain Scan URL

URL: https://www.bloomberg.com/news/articles/2021-11-03/u-s-blacklists-israel-s-nso-group-other-firms-over-cyber-acts
Title: Read More: U.S. Blacklists NSO Group, Other Firms Over Cyber Acts

Search URL Search Domain Scan URL

URL: https://widget.msgp.pl/?id=58585dea56eeb8a3a0.79725181
Title: BloombergQuintJoin WhatsApp Channel

Search URL Search Domain Scan URL

URL: https://t.me/bloombergquint
Title: BloombergQuintJoin Telegram Channel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

146 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request u-s-state-department-employees-said-to-be-targeted-with-spyware Show response
www.bloombergquint.com/onweb/ 602 KB
93 KB 658ms
586ms Document
text/html 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

21be0bf3c40793f2894fd8d2e4b18659d5a344dbb9005bfa43998308e556a33c

Security Headers

Name

Value

Content-Security-Policy

default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;

Strict-Transport-Security

max-age=86400

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
cache-control: public,max-age=15,s-maxage=1800,stale-while-revalidate=1000,stale-if-error=14400
vary: Accept-Encoding
surrogate-key: s/49/c80581ff a/49/644782 a/49/1530918 a/49/559701
content-security-policy: default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;
link: <https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js>; rel=preload; as=script;
cf-cache-status: EXPIRED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400
server: cloudflare
cf-ray: 6b85017c0ba54e25-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 app-6a0e6f873c38f22bbcb4.js Show response
fea.assettype.com/bloombergquint/assets/ 544 KB
154 KB 53ms
24ms Script
application/javascript 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43208957b50375f4a89c4b6fd14d10be4a1a57bcb010dfff9e94bc0f4698ff9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 110392
x-cache: Miss from cloudfront
content-type: application/javascript
access-control-allow-origin: *
last-modified: Fri, 03 Dec 2021 05:40:16 GMT
server: cloudflare
etag: W/"312537c7ca6f22a9fd7535c225ab6a9e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: eh6ONlul6grOsPjsNbDK4i.G7NoilDon
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31104000
x-amz-cf-pop: FRA50-C1
cf-ray: 6b85017fe9c1d729-FRA
x-amz-cf-id: qs0dSrSAiAJFtv907JHNfRUTJVPnXA0DBZGLNxMo2_xOeETJqNDeBA==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 39ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000052-IAD, cache-hhn11567-HHN

GET
H2 200 load Show response
experience.tinypass.com/xbuilder/experience/ 4 KB
2 KB 61ms
33ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience.tinypass.com/xbuilder/experience/load?aid=mxzByQgDpu

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a232870c586215e8b7e50aecd56221f7571f0bd4af83db17ec3e776844ecf70

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 304
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Clibl3rG4si
wn: prod-exp-10-0-124-9
last-modified: Sat, 04 Dec 2021 12:18:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 6b8501810d563140-FRA
expires: Sat, 04 Dec 2021 12:53:25 GMT

GET
H2 200 sprite.svg
www.bloombergquint.com/bloombergquint/assets/ 187 KB
63 KB 59ms
59ms Other
image/svg+xml 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/bloombergquint/assets/sprite.svg

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7186d14ea79e63597cab54af8bc08bb1db9248d9076eaa65f7a0ddc75b028d03

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: br
etag: W/"2eaa8-17d7b5ea520"
cf-cache-status: HIT
last-modified: Thu, 02 Dec 2021 13:39:00 GMT
server: cloudflare
age: 776
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
cache-control: public,max-age=31104000,s-maxage=31104000
strict-transport-security: max-age=86400
cf-ray: 6b850180ec7f4e25-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 BQIcons-6875cde3a3c9bdd57714.ttf
www.bloombergquint.com/bloombergquint/assets/ 24 KB
14 KB 29ms
28ms Font
font/ttf 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/bloombergquint/assets/BQIcons-6875cde3a3c9bdd57714.ttf

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

c8ff4f39ae6b98a1abef045c9fa324b414fa79bcc1a15117ca0fc7ab5e53dd8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: br
etag: W/"614c-17d7b5ea520"
cf-cache-status: HIT
last-modified: Thu, 02 Dec 2021 13:39:00 GMT
server: cloudflare
age: 722
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=3600
strict-transport-security: max-age=86400
cf-ray: 6b850180ec894e25-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 KFOlCnqEu92Fr1MmWUlvAA.woff
fonts.gstatic.com/s/roboto/v27/ 64 KB
64 KB 38ms
14ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlvAA.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e16263ed1227e721bffd26891b13a4d07c5140249fa78f297b51845ee169db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 23:00:55 GMT
x-content-type-options: nosniff
age: 307350
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65292
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 23:00:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Me5g.woff
fonts.gstatic.com/s/roboto/v27/ 192 KB
192 KB 34ms
16ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dbbce727c5877b82dd29d602e522cec6601d4b355378bcb4a8a9f5d71e1ba9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 20:30:11 GMT
x-content-type-options: nosniff
age: 229994
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196304
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 23:14:13 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 20:30:11 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9vAA.woff
fonts.gstatic.com/s/roboto/v27/ 64 KB
65 KB 18ms
9ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9vAA.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c93f4332daa92f95a2c2446599d6cf9e87b00b20d60db827af63b0e4a3feb22b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:11:30 GMT
x-content-type-options: nosniff
age: 349915
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65492
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:58 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 11:11:30 GMT

GET
H3 200 app-icon.jpg
www.bloombergquint.com/icons/ 3 KB
3 KB 43ms
42ms Image
image/jpeg 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bloombergquint.com/icons/app-icon.jpg

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

f3090e7817270ea9ddb20a40bdafc842461705e69f9e89246ea5d32cd6516d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3167
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2840
last-modified: Thu, 02 Dec 2021 13:34:21 GMT
server: cloudflare
etag: W/"b18-17d7b5a6348"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400
content-type: image/jpeg
cache-control: public, max-age=3600
accept-ranges: bytes
cf-ray: 6b8501815d4a5373-FRA
cf-bgj: h2pri

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ 13 KB
5 KB 91ms
62ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b85018189f56955-FRA

GET
H3 200 KFOlCnqEu92Fr1MmYUtvAA.woff
fonts.gstatic.com/s/roboto/v27/ 64 KB
64 KB 27ms
12ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtvAA.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213db1f99c4d17b96b61eec521c00137a0b0471e2b2cd8f4652dfae3f3366566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:15:44 GMT
x-content-type-options: nosniff
age: 349661
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65424
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:11:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 11:15:44 GMT

GET
H3 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZKCA.woff
fonts.gstatic.com/s/robotocondensed/v19/ 63 KB
63 KB 22ms
8ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZKCA.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2f03a9dc235e97011603f677c7b1a9f86115c18c40344593e44868b1b6b60ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 20:11:29 GMT
x-content-type-options: nosniff
age: 231116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64904
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:35 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 20:11:29 GMT

GET
H3 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-59Y.woff
fonts.gstatic.com/s/robotocondensed/v19/ 64 KB
64 KB 29ms
14ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-59Y.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a426e4864673ab26c49b84e61374c41591c7c6a2298327ee6eca1e858f5b61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 06:28:20 GMT
x-content-type-options: nosniff
age: 107705
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65600
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:48 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 06:28:20 GMT

GET
H3 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meKCA.woff
fonts.gstatic.com/s/robotocondensed/v19/ 64 KB
65 KB 34ms
19ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meKCA.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

266e4eb2db1743c3852dfdad38c68d826bb905c7023f1a0c53e4bb5bb8ffc399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:16:51 GMT
x-content-type-options: nosniff
age: 324394
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66024
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:41 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 18:16:51 GMT

GET
H3 200 JTURjIg1_i6t8kCHKm45_c5H7g0.woff
fonts.gstatic.com/s/montserrat/v18/ 66 KB
66 KB 37ms
22ms Font
font/woff 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_c5H7g0.woff

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

288469851aab0e4152c9fa94df656d2a650fe55dc26ef23fc6c91bccc6204b3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bloombergquint.com/
Origin: https://www.bloombergquint.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:50:46 GMT
x-content-type-options: nosniff
age: 347559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:21:34 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 11:50:46 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 395 KB
123 KB 31ms
18ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tinypass.com/api/tinypass.min.js

Requested by

Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=mxzByQgDpu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

709cdcf57f5cec0c2306d1690302b1c41a826e484d158abaf220bb1ac669e649

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 11
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-126-253
last-modified: Fri, 03 Dec 2021 18:53:11 GMT
server: cloudflare
etag: W/"404842-1638557591944"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=7200
cf-ray: 6b850181be863140-FRA
expires: Sat, 04 Dec 2021 14:23:25 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
675 B 155ms
117ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o19nx&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=1730c55e-4749-4795-ab3f-f25045628925&tw_document_href=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 109
pragma: no-cache
last-modified: Sat, 04 Dec 2021 12:23:25 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 82d93769de3b764f74614bfb6e3ec15309521b037de79f644e925218a5e434e8
x-transaction: 016b2839899f93b7
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
470 B 142ms
120ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o19nx&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=1730c55e-4749-4795-ab3f-f25045628925&tw_document_href=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Sat, 04 Dec 2021 12:23:25 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1ebb5c1cdf5d18c318a23e620c30d82e5a4faca3467262b77b8582c607f6d253
x-transaction: 775deabf08f1daa8
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 execute Show response
c2.piano.io/xbuilder/experience/ 3 KB
2 KB 145ms
118ms XHR
application/json 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.piano.io/xbuilder/experience/execute?aid=mxzByQgDpu

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0a8eef7ff31f5e543c1a9ebe9f4e7c2693675e418ca6fda8a97797d2a0d53db

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: 3taykwfhqx
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6b8501825ef55c38-FRA

GET
H2 200 sdk.js Show response
api-esp.piano.io/public/sdk/v04/ 43 KB
14 KB 59ms
29ms Script
application/javascript 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/public/sdk/v04/sdk.js?v=xxx

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a2f415894088c48d895ce6549090ee756a6f1b3e05699bbf0547b005b3b68d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 154116
x-cache-status: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-max-age: 36000
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 14:50:35 GMT
server: cloudflare
etag: W/"1bbec-17d7679d278"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: api-esp.piano.io
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6b850182587b691f-FRA
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token
expires: Sun, 04 Dec 2022 12:23:25 GMT

GET
H2 200 get.js Show response
buy.tinypass.com/api/v3/anon/captcha/ 153 B
304 B 68ms
59ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=mxzByQgDpu

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3857f4bef92a65955e0d42ef474b4b86109d648b2d5e91811fccc51486cd493d

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 207
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Calbl3rcWNo
pragma
wn: prod-dash-10-0-133-127
last-modified: Sat, 04 Dec 2021 12:19:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.005
cache-control: public, max-age=1200
cf-ray: 6b8501823f733140-FRA
expires: Sat, 04 Dec 2021 12:43:25 GMT

GET
H2 200 jquery-2.2.0.min.js Show response
code.jquery.com/ 84 KB
29 KB 41ms
13ms Script
application/javascript 2001:4de0:ac18::1:a:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.0.min.js
Requested by: Host: api-esp.piano.io
URL: https://api-esp.piano.io/public/sdk/v04/sdk.js?v=xxx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
last-modified: Fri, 08 Jan 2016 20:03:15 GMT
server: nginx
etag: W/"56901603-14e55"
vary: Accept-Encoding
x-hw: 1638620605.dop221.fr8.t,1638620605.cds284.fr8.hn,1638620605.cds107.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29875

GET
H3 200 221 Show response
api-esp.piano.io/publisher/fusion/lucid/data/ 494 B
960 B 145ms
135ms XHR
application/json 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/publisher/fusion/lucid/data/221?email=&visitor=&stored_visitor=&pnespid=

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-2.2.0.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e91b52b7219f1d651f9609456f3279d8c47ff32f9d0478ee41dddc095f59471

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 Dec 2021 12:23:26 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-cache-status: BYPASS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-max-age: 36000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
etag: W/"1ee-CFQIzbo/iYIK4hdavUdrNS2QTwA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bloombergquint.com
access-control-allow-credentials: true
cf-ray: 6b850183d8ecdfa5-FRA
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token

OPTIONS
H3 200 221
api-esp.piano.io/publisher/fusion/lucid/data/ Frame 0
0 134ms
124ms Preflight 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/publisher/fusion/lucid/data/221?email=&visitor=&stored_visitor=&pnespid=

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.bloombergquint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Dec 2021 12:23:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bloombergquint.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token
access-control-max-age: 36000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
strict-transport-security: max-age=86400; includeSubDomains
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b850182fc404e1a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 rum Show response
www.bloombergquint.com/cdn-cgi/ 0
171 B 22ms
22ms XHR
text/plain 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Sat, 04 Dec 2021 12:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.bloombergquint.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b850182f8605373-FRA
vary: Origin

OPTIONS
H3 200 312
api-esp.piano.io/tracker/lucid/visit/ Frame 0
0 115ms
115ms Preflight 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/tracker/lucid/visit/312?story_url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&visitor=78vitpsgwtixu1po

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.bloombergquint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Dec 2021 12:23:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bloombergquint.com
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token
access-control-max-age: 36000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
strict-transport-security: max-age=86400; includeSubDomains
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b850184bfd44e1a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 312 Show response
api-esp.piano.io/tracker/lucid/visit/ 65 B
681 B 141ms
141ms XHR
application/json 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/tracker/lucid/visit/312?story_url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&visitor=78vitpsgwtixu1po

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-2.2.0.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59a27e2092e5bf9525e80ccc76d2d76f454fe9cba012328e839749c63db4fc2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 Dec 2021 12:23:26 GMT
content-encoding: gzip
vary: X-HTTP-Method-Override
cf-cache-status: DYNAMIC
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
etag: W/"41-RMJlkSYNt5uuQTLN5aGZGbG56Vo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 36000
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bloombergquint.com
access-control-allow-credentials: true
cf-ray: 6b8501857aebdfa5-FRA
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token

GET
H2 200 gumlet.min.js Show response
cdn.gumlet.com/gumlet.js/2.0/ 20 KB
7 KB 37ms
7ms Script
application/javascript 2a04:4e42:600::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.gumlet.com/gumlet.js/2.0/gumlet.min.js

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d80b40fffbb83f623431618156287b682bae4ba03cfa81dc7bb7802d78ffae65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:27 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 3327802
x-cache: HIT, HIT
content-length: 6652
x-amz-id-2: U5xHycKNwLMI0M3IQzivIIgquDPA6BV2ubzF2dSMohidZyvHsJXkqymMBT+NDbxvNxbkgUFYkkE=
x-served-by: cache-bwi5173-BWI, cache-fra19149-FRA
last-modified: Thu, 15 Jul 2021 15:44:58 GMT
server: AmazonS3
x-timer: S1638620608.944376,VS0,VE0
etag: "b2b19375a661a51d1119fd3ebfd88cc0"
strict-transport-security: max-age=31557600
x-amz-request-id: 03HCQVQA18GM0EW2
via: 1.1 varnish, 1.1 varnish
cache-control: public, s-maxage=31536000, max-age=172800
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 63086

GET
DATA 200
OK truncated
/ 58 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fef5a41be1b827a1729f19bcd123a57ee3f2cb8dc9074fffa4ab5b807f503514

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 route-data.json Show response
www.bloombergquint.com/ 752 KB
52 KB 618ms
617ms Fetch
application/json 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/route-data.json?path=%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware

Requested by

Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

30ccffd33eafb489da2764d31706fcc6878094c3759cee0388e11c82922bf74e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
surrogate-key: s/49/c80581ff a/49/644782 a/49/1530918 a/49/559701
server: cloudflare
etag: W/"bc1ae-PFD7xQRfmfhZpwIIFwQJLW1h/w0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=15,s-maxage=1800,stale-while-revalidate=1000,stale-if-error=14400
content-security-policy: default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;
cf-ray: 6b850195ec635373-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 44ms
21ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

sffe /

Resource Hash

d8d7e419a36ba7ca3872a81ed6221150a746aee853c7f7ebd996585926e7b2cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1062 / 20 of 1000 / last-modified: 1638572771"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26967
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Dec 2021 12:23:28 GMT

GET
H3 200 get-app-config Show response
www.bloombergquint.com/ 40 B
412 B 521ms
521ms Fetch
application/json 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/get-app-config

Requested by

Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

565ad0a1bf7ce813ee7199bbfcee1107a25fe4622caec95cae83348d2f9cfc8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: br
etag: W/"28-BBulvJusu3pXYzZOPK5N2Os2jyw"
cf-cache-status: MISS
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, max-age=0, s-maxage=0
strict-transport-security: max-age=86400
cf-ray: 6b8501960cb25373-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 breaking-news Show response
www.bloombergquint.com/api/v1/ 14 B
638 B 29ms
29ms Fetch
application/json 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/api/v1/breaking-news

Requested by

Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

fb4f134f3a8aff794f7914ad61196b67d94586cf163efaf592ab41632ecb6d32

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:28 GMT
via: 1.1 varnish (Varnish/6.3)
qt-trace-id: ba2e2c51-fa42-43c6-a338-68e58667442d
cf-cache-status: HIT
age: 27
x-powered-by: Express
surrogate-control: public,max-age=240,stale-while-revalidate=300,stale-if-error=7200
cf-ray: 6b8501960cb45373-FRA
edge-cache-tag: q/49//home,c/49/42395
edge-control: public,max-age=240
x-cache: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
surrogate-key: q/49//home c/49/42395
last-modified: Sat, 04 Dec 2021 12:23:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400
x-varnish: 129413863 127791071
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding
cache-control: public,max-age=15,s-maxage=240,stale-while-revalidate=300,stale-if-error=7200
content-type: application/json
x-hitcount: 5

GET
H3 200 pubads_impl_2021113001.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 36ms
22ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

sffe /

Resource Hash

465b31f84196ddfdd21c859a1460c95d70093d91e3ae5ce5c688c398b9dc20f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119680
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 13:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Dec 2021 12:23:29 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 156 B
135 B 31ms
16ms XHR
application/json 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.bloombergquint.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

31cd9f6a4a758d68845d5b60965cdf590c961c32b4759cf26e34f05578eee7a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 0
expires: Sat, 04 Dec 2021 12:23:29 GMT

GET
H3 200 qlitics.js Show response
www.bloombergquint.com/ 13 KB
5 KB 36ms
35ms Script
application/javascript 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/qlitics.js

Requested by

Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

27aad8a24ee3caa364101613b091280b050ce6e3c8f3242353bb6e98276f9e52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
via: 1.1 varnish (Varnish/6.3)
qt-trace-id: 4a5da9e4-ff84-4693-b644-e7986a287eec
cf-cache-status: HIT
age: 386
x-powered-by: Express
surrogate-control: max-age=3600,stale-while-revalidate=300,stale-if-error=86400
cf-ray: 6b8501967d9e5373-FRA
x-cache: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
surrogate-key: p/qlitics.js
last-modified: Sat, 04 Dec 2021 12:17:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400
x-varnish: 1015265207 1015070060
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=3600,s-maxage=3600,stale-while-revalidate=300,stale-if-error=86400
content-type: application/javascript; charset=utf-8
x-hitcount: 2

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
286 B 339ms
107ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic2Vzc2lvbiIsImV2ZW50Ijp7ImlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicHVibGlzaGVyLWlkIjo0OX19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 164 KB
51 KB 52ms
30ms Script
application/javascript 2a00:1450:4001:80e::2008

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T5FL4F

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b8d1042fb8c7ee3c07463da9bff23a4f9e14cb57cd9fb226cec5dd1864050d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52129
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Dec 2021 12:23:29 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 124ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 -, , ASN (),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: w7EiiZOpjCc1Vqg93VtY2/PTJxzHdYqVK7M2zaf9Goa/AEupLk86MWJMISOhZyUvK+zsyChOiHoYBFbq1TlisQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Sat, 04 Dec 2021 12:23:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 123ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T5FL4F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4942
date: Sat, 04 Dec 2021 11:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 04 Dec 2021 13:01:07 GMT

GET
H3 200 sprite.svg
www.bloombergquint.com/bloombergquint/assets/ 187 KB
63 KB 37ms
37ms Other
image/svg+xml 2606:4700::6812:5dc6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bloombergquint.com/bloombergquint/assets/sprite.svg

Requested by

Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:5dc6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7186d14ea79e63597cab54af8bc08bb1db9248d9076eaa65f7a0ddc75b028d03

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: br
etag: W/"2eaa8-17d7b5ea520"
cf-cache-status: HIT
last-modified: Thu, 02 Dec 2021 13:39:00 GMT
server: cloudflare
age: 780
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
cache-control: public,max-age=31104000,s-maxage=31104000
strict-transport-security: max-age=86400
cf-ray: 6b850199ebca5373-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 vendors~home~list~section~story~subscribe~videos-6a0e6f873c38f22bbcb4.js Show response
fea.assettype.com/bloombergquint/assets/ 58 KB
17 KB 20ms
20ms Script
application/javascript 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fea.assettype.com/bloombergquint/assets/vendors~home~list~section~story~subscribe~videos-6a0e6f873c38f22bbcb4.js
Requested by: Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 955a54ed734f6e7ef996c72bc80295387f925f4f4f446bbcfbbd637a200befab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 110346
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
last-modified: Fri, 03 Dec 2021 05:41:02 GMT
server: cloudflare
etag: W/"47de495a09eb4c5f65be339ee33226a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: OHyLJL02_HGNO9yEhP5KKjeiUzqZ2g0a
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31104000
x-amz-cf-pop: FRA50-C1
cf-ray: 6b850199fd39d729-FRA
x-amz-cf-id: nqeA5J4GWN0oz71O9eKSdAFNn_es8w7gseEnymbrlh3lGEk2eHO3Zg==

GET
H2 200 vendors~home~list~section~story~videos-6a0e6f873c38f22bbcb4.js Show response
fea.assettype.com/bloombergquint/assets/ 64 KB
20 KB 28ms
27ms Script
application/javascript 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fea.assettype.com/bloombergquint/assets/vendors~home~list~section~story~videos-6a0e6f873c38f22bbcb4.js
Requested by: Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1892bcce7f4920a23da99f61a00a5bc0e440d875f2e3a2ac192adf7e27df9775

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 110346
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
last-modified: Fri, 03 Dec 2021 05:41:03 GMT
server: cloudflare
etag: W/"adae488a33cba42a62d7b6f3ae88aa17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: TB4h1gx5jLCzOfuq94aEr1xGCvobTfa2
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31104000
x-amz-cf-pop: FRA50-C1
cf-ray: 6b850199fd3bd729-FRA
x-amz-cf-id: rhnhThMcMwwyxzPX2xj_QMxlKtzzVpYnlgnjLAU2HzE0VgmgHBhNVw==

GET
H2 200 vendors~portfolio~story-6a0e6f873c38f22bbcb4.js Show response
fea.assettype.com/bloombergquint/assets/ 18 KB
6 KB 28ms
27ms Script
application/javascript 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fea.assettype.com/bloombergquint/assets/vendors~portfolio~story-6a0e6f873c38f22bbcb4.js
Requested by: Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7bd412a06bddcf40df51ff43178bcfd2aef73c34c94dff86370d49d098df7464

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 110215
x-cache: Miss from cloudfront
content-type: application/javascript
access-control-allow-origin: *
last-modified: Fri, 03 Dec 2021 05:41:09 GMT
server: cloudflare
etag: W/"b02b142fc1a8cc63cb6d04d5fa217e3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: JejavApNpLvk98vzQZP9TAmTCv_mn99d
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31104000
x-amz-cf-pop: FRA50-C1
cf-ray: 6b850199fd3ed729-FRA
x-amz-cf-id: hHmuO6Jinco3zpkn-b2hIN6vpdZPAUyjD88RCgO0gztJXRWtv0fPAg==

GET
H2 200 vendors~story-6a0e6f873c38f22bbcb4.js Show response
fea.assettype.com/bloombergquint/assets/ 325 KB
85 KB 23ms
21ms Script
application/javascript 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fea.assettype.com/bloombergquint/assets/vendors~story-6a0e6f873c38f22bbcb4.js
Requested by: Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca151bd6536945da49fea26a6c90ace1c11b95ede87dc58ecc9c36b20713100f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 110215
x-cache: Miss from cloudfront
content-type: application/javascript
access-control-allow-origin: *
last-modified: Fri, 03 Dec 2021 05:41:12 GMT
server: cloudflare
etag: W/"a71d0d55fd132e36ad0503837a260bdb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 0cBywEQJ.OJzhCH89YK_dZwEwnuaFfwG
via: 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31104000
x-amz-cf-pop: FRA50-C1
cf-ray: 6b850199fd3fd729-FRA
x-amz-cf-id: zIN9TFJQ0XM1AplezK59Eaa7UFzxQQPoS4cgUj8HN09NHSUh8BaPvA==

GET
H2 200 story-6a0e6f873c38f22bbcb4.js Show response
fea.assettype.com/bloombergquint/assets/ 376 KB
87 KB 43ms
42ms Script
application/javascript 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fea.assettype.com/bloombergquint/assets/story-6a0e6f873c38f22bbcb4.js
Requested by: Host: fea.assettype.com
URL: https://fea.assettype.com/bloombergquint/assets/app-6a0e6f873c38f22bbcb4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 641ad283a10af99ba3b24476ef8d95fa96fba1d08bd79980daea4766e0d7db24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 110215
x-cache: Miss from cloudfront
content-type: application/javascript
access-control-allow-origin: *
last-modified: Fri, 03 Dec 2021 05:40:54 GMT
server: cloudflare
etag: W/"098cde2eeeaa72ac3833e6823ea3f365"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: gIIwuzmL.rJYGTEm8ckjsRhIgIDBrg91
via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31104000
x-amz-cf-pop: FRA50-C1
cf-ray: 6b850199fd41d729-FRA
x-amz-cf-id: fQnnYOZq67NEe7WIWULGSwiQ6ZTcUPzuRQa6sYPny9ATIilee2PSMQ==

GET
H2 200 device-tracker-id Show response
prod-analytics.qlitics.com/api/ 60 B
450 B 108ms
108ms XHR
application/json 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-analytics.qlitics.com/api/device-tracker-id
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/qlitics.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: eb089b7cbf84c1431e5da5a7912578fc19ff63eb25dffee006db52641c54b5bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
access-control-allow-option: POST, PUT, GET
access-control-max-age: 30
content-type: application/json
access-control-allow-origin: https://www.bloombergquint.com
cache-control: private, no-cache
access-control-allow-credentials: true
access-control-allow-headers: x-requested-with, content-type, origin, accept

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 108ms
107ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoicGFnZS12aWV3IiwiZXZlbnQiOnsiaWQiOiI4ZGIxYzJkYS1lNzRkLTRjOTctOGY2Yi1hYmVhZmJlOTk2ODAiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwidXJsIjoiaHR0cHM6Ly93d3cuYmxvb21iZXJncXVpbnQuY29tL29ud2ViL3Utcy1zdGF0ZS1kZXBhcnRtZW50LWVtcGxveWVlcy1zYWlkLXRvLWJlLXRhcmdldGVkLXdpdGgtc3B5d2FyZSIsInJlZmVycmVyIjoiIiwicGFnZS10eXBlIjoic3RvcnkiLCJwdWJsaXNoZXItaWQiOjQ5fX0=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 108ms
108ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktdmlldyIsImV2ZW50Ijp7ImlkIjoiM2Q1YzZkZjItNjZmYi00Mzk5LWE1OTMtOWNkOTE1ZjQ2ODRhIiwic2Vzc2lvbi1ldmVudC1pZCI6ImEwNWJjMDhmLTNiNzMtNGQ1OS1iMGEyLWVlYWUzNTJkMzA2ZCIsInBhZ2Utdmlldy1ldmVudC1pZCI6IjhkYjFjMmRhLWU3NGQtNGM5Ny04ZjZiLWFiZWFmYmU5OTY4MCIsInN0b3J5LWNvbnRlbnQtaWQiOiJjODA1ODFmZi02MDRiLTQxYTEtODAzOS05YTQ0NGMxYjkxOTMiLCJwdWJsaXNoZXItaWQiOjQ5fX0=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H3 200 496640721231456 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 147ms
138ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/496640721231456?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 -, , ASN (),

Reverse DNS

Software

Resource Hash

dde581fb161996508ac5f4628af6f20e5c456a102613908dcfb8cd3b8b850658

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: jS+RnuM54eR1iO/wR9aWHQI8xzX1mnrSX0oUjjYi2uDPaaP7DvRnJ4vS0wuheXgDMkPWjg2LJfkPSpgqf7ES9Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 04 Dec 2021 12:23:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=732694424&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&ul=en-us&de=UTF-8&dt=U.S.%20State%20Department%20Employee%20iPhones%20Reportedly%20Targeted%20by%20Spyware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1157272965&gjid=1973695797&cid=1088667151.1638620610&tid=UA-78054225-1&_gid=654646587.1638620610&_r=1&gtm=2wgc10T5FL4F&z=395453327

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
8ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
8ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
8ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
9ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 49ms
16ms XHR
text/plain 2a00:1450:400c:c00::9d

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-78054225-1&cid=1088667151.1638620610&jid=1157272965&gjid=1973695797&_gid=654646587.1638620610&_u=YEBAAEAAAAAAAC~&z=874779147

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 04 Dec 2021 12:23:29 GMT
content-type: text/plain
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 unload
api-v3.tinypass.com/api/v3/page/ 0
0 130ms
120ms Ping
application/json 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v3.tinypass.com/api/v3/page/unload?aid=mxzByQgDpu&tbc=%7Bkpbx%7DBpNbcpk395bwm-yeokxZMplEJBeUTcuw9wz8MSueF-LyAsaMJbCGJWzhZFtx26PoaUagmHQ9E8dMIUXDQ_iMF1oPV4N07mFCamLp-hnMLfI&time_spent=%7B%22active%22%3A3%2C%22total%22%3A3%7D&scroll=%7B%22max_page_height%22%3A2409%2C%22max_depth%22%3A1200%7D&viewport_exit=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&pageview_id=2021-12-04-12-23-25-779-K6cmCqRywEjC9DNp-29e654156c53721121873ea8ec5315b6&visit_id=v-2021-12-04-12-23-25-779-KRKOHSym37XouhXy-29e654156c53721121873ea8ec5315b6
Requested by: Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H3 200 execute Show response
c2.piano.io/xbuilder/experience/ 8 KB
2 KB 128ms
128ms XHR
application/json 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.piano.io/xbuilder/experience/execute?aid=mxzByQgDpu

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a2dc3f43294dd83401f46fafda1ee4c248a5a4f4c177a3d664b0a6c50bd3f13

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: un0lfd8qrc
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6b85019b0ee8dfa5-FRA

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82a::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=732694424&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&ul=en-us&de=UTF-8&dt=U.S.%20State%20Department%20Employee%20iPhones%20Reportedly%20Targeted%20by%20Spyware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Article%20Details&ea=Headline%20%20-%20U.S.%20State%20Department%20Employee%20iPhones%20Reportedly%20Targeted%20by%20Spyware&el=URL%20-%20technology%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&_u=aHDAAEABAAAAAC~&jid=&gjid=&cid=1088667151.1638620610&tid=UA-78054225-1&_gid=654646587.1638620610&gtm=2wgc10T5FL4F&cd1=metered&cd2=U.S.%20State%20Department%20Employee%20iPhones%20Reportedly%20Targeted%20by%20Spyware&cd3=subscription&cd4=William%20Turton&cd5=2021-12-04&cd6=09%3A35&cd7=Technology%7CBusiness%20News%7COnWeb&z=2102965329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 04:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 58ms
31ms Image
image/gif 2a00:1450:4001:80f::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-78054225-1&cid=1088667151.1638620610&jid=1157272965&_u=YEBAAEAAAAAAAC~&z=376406960

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 69ms
32ms Image
image/gif 2a00:1450:4001:829::2003

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-78054225-1&cid=1088667151.1638620610&jid=1157272965&_u=YEBAAEAAAAAAAC~&z=376406960

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 107ms
106ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJjNDExOGUxZi1jMTEwLTRkZjktOTk4Yy1kMThhZjk1YmZlOGYiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiNGFiNDNhMWUtZTk2MS00NzAxLTkxYTQtOTg3ZGEyNWNkNGY3Iiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 108ms
108ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiI1ODdiMjhhOS0yYzE0LTRlMzAtODhjOC1mOGZkZGQzZGY3MjMiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiZDlmNWVjNTYtZTgwNS00M2M0LWEwMmYtZDY4MTRjZWRlNzc0Iiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 109ms
109ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJkYzU3MDUzMC03ZDdlLTRjMmQtYTMzNS1hZThjYTk3ZjUzNzUiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiYmZlNTkyYTctNDVmMS00M2RhLTlhMDMtODM0M2RlZjQ1ZGI2Iiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 108ms
107ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJjY2I1ODIxZi05M2NjLTQ2MjMtOTBjZC05ZGQ0OWNiMmQ3YjkiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiMWUwYzIzYzctMjAxOS00MTk2LTk5OGQtZjI4MzFkYTY0MTllIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 108ms
108ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiI4ODJjMzAyOS1lNmE1LTQ5NjMtOTU4NC02YzIwNWM3OTk3ZWQiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiNTM0NmYwYWItMGNiNS00OTY3LThkN2ItOWNkNTFmYjhhNmRhIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 110ms
110ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJmNzc2NDJiNi1iYTIzLTQ3ODYtYTRjOC1iNTYyOWU2ZDMyMmIiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiMTg2NDFiYzEtYzY5OS00YTlkLWE1NGItZDYzMzQyNDhkNDMzIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 199ms
199ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiI5MDgxYmI4MS0wOGE3LTQ0MmUtYjJmOC0yM2Q2MTBlY2UzZjAiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiMWI2MWM1ZGUtNDgxNi00NjI0LTllNjAtZTU2OWVmYmEwYWU0Iiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 199ms
197ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJlY2QzODBkMC0zNWQwLTQ3M2EtOWQxOC1jN2M0N2Y5MWIyNDEiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiNGFlMDFjOGMtOGM0Zi00MTcyLThkMzctYjEwZjBkMTQ0N2NiIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 199ms
197ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiIxM2YzOTkwYy1hYjFhLTQ0MTgtYjk2Yy1jOTA4NzdhOWUzYWIiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiMDcyYzQ1ZmItMDZjZS00MjA1LWJlNmEtYTI2ZmNkN2MyYzAxIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 199ms
197ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJjNjA1NjQ0MC1hMTA3LTRkM2ItYWFhMy03OGFlY2NkYTVlZjMiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiM2M5YzFmNDktODMwZS00YjViLWFiNzUtY2RhNzVmZGY5MjBhIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 198ms
196ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJkMzk2ZDgzNC0yNWJjLTQ2ZDUtYTIxNC05YWQwZjVkYTZjN2YiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiY2UyMWIyYTEtYTY3YS00NDQzLTllOGEtODQ4YTgxNTViZmVmIiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 capture.gif
prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/ 42 B
175 B 197ms
197ms Image
image/gif 52.1.188.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-analytics.qlitics.com/api/ac921a96-2eed-43ac-86b1-869990ba477d/capture.gif?data=eyJldmVudC10eXBlIjoic3RvcnktZWxlbWVudC12aWV3IiwiZXZlbnQiOnsiaWQiOiJkNDIwYThjNS0xZTM2LTQ1YjUtOGFkZS02ZjM1Y2Q1NzAzYzMiLCJzZXNzaW9uLWV2ZW50LWlkIjoiYTA1YmMwOGYtM2I3My00ZDU5LWIwYTItZWVhZTM1MmQzMDZkIiwicGFnZS12aWV3LWV2ZW50LWlkIjoiOGRiMWMyZGEtZTc0ZC00Yzk3LThmNmItYWJlYWZiZTk5NjgwIiwic3RvcnktY29udGVudC1pZCI6ImM4MDU4MWZmLTYwNGItNDFhMS04MDM5LTlhNDQ0YzFiOTE5MyIsInN0b3J5LXZlcnNpb24taWQiOiI2NTk1MWIxZi03ZWUwLTQ4MzItOTJiOC0wOGIwMWUwNTRhZTgiLCJjYXJkLWNvbnRlbnQtaWQiOiI5NTQyYzM0YS1hMjBkLTQ2ODAtYTcyNS00MTk3YzczMzJkNDkiLCJjYXJkLXZlcnNpb24taWQiOiI5MmRlMDcwZi0yMjlmLTRhMTQtOTMxNy0wMDY5Njc1MTA0M2YiLCJzdG9yeS1lbGVtZW50LWlkIjoiMGFjOGFkZWItZTBiMC00N2IzLTk5MGQtZWEzYjRmNjc4ZWI1Iiwic3RvcnktZWxlbWVudC10eXBlIjoidGV4dCIsInB1Ymxpc2hlci1pZCI6NDl9fQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.188.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-188-220.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:29 GMT
cache-control: no-store, no-cache, must-revalidate, private
content-length: 42
content-type: image/gif; charset=utf8

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 31ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=496640721231456&ev=PageView&dl=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&rl=&if=false&ts=1638620609846&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1638620609845.1430009430&it=1638620609630&coo=false&exp=p1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sat, 04 Dec 2021 12:23:29 GMT

POST
H3 200 loadTemplateContext Show response
buy.tinypass.com/api/v3/anon/template/ 562 B
879 B 373ms
351ms XHR
application/json 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/template/loadTemplateContext?aid=mxzByQgDpu

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

9a7219ed196501ca089762bd5c6bd1eaa9bc6a0dcabe50b4fdf6cae1b13c7bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: C6rbl3rOl41
pragma: no-cache
wn: prod-dash-10-200-8-30
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
server-time: 0.135
cf-ray: 6b85019c0d7c432d-FRA
expires: 0

GET
H3 200 cacheableShow Show response
buy.tinypass.com/checkout/template/ Frame A9BF 18 KB
6 KB 62ms
44ms Document
text/html 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

f1793d98ce12c032edabcff571a1dbce5c0799464b12a5e2ea95de43efed2e9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

date: Sat, 04 Dec 2021 12:23:29 GMT
content-type: text/html;charset=UTF-8
access-control-allow-methods: *
access-control-allow-origin: https://dashboard.piano.io
cache-control: public, max-age=10800
expires: Sat, 04 Dec 2021 15:23:29 GMT
p3p: CP="NON DSP COR OUR IND"
pragma
server-time: 0.004
strict-transport-security: max-age=86400; includeSubDomains
vary: accept-encoding
wn: prod-dash-10-0-80-21
x-forwarded-https: on
x-request-id: Cf68l3rxFYr
x-xss-protection: 0
cf-cache-status: HIT
age: 4634
last-modified: Sat, 04 Dec 2021 11:06:15 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b85019c0e444e7f-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 polyfill.min.js Show response
cdn.polyfill.io/v2/ 222 B
584 B 36ms
8ms Script
text/javascript 2a04:4e42:200::282

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.polyfill.io/v2/polyfill.min.js?features=default,IntersectionObserver,fetch

Requested by

Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::282 -, , ASN (),

Reverse DNS

Software

Resource Hash

cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 1788626
detected-user-agent: Chrome/96.0.4664
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length: 126
referrer-policy: origin-when-cross-origin
last-modified: Sat, 13 Nov 2021 15:21:22 GMT
date: Sat, 04 Dec 2021 12:23:29 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/96.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 Bloombergquint.js Show response
csm.cxpublic.com/ 804 B
974 B 167ms
10ms Script
application/x-javascript 104.111.245.50

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.cxpublic.com/Bloombergquint.js
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.245.50 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d1a700c13a6c23d513ab4e897de373d2c124e380069baae0ca9c7f58db3922d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
last-modified: Thu, 02 Sep 2021 12:46:05 GMT
server: AkamaiNetStorage
accept-ranges: bytes
etag: "0fdac0c944a3076e3523dbba97e5e585:1630586765.982512"
content-length: 804
content-type: application/x-javascript

GET
H/1.1 200
OK prod-global-550791.js Show response
rtbcdn.andbeyond.media/ 170 KB
17 KB 172ms
11ms Script
text/javascript 69.16.175.42

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbcdn.andbeyond.media/prod-global-550791.js
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8bf1b5dcddcd32a55c660e568fb37193f07bc878cf7e78c8873bcedc10731cc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Nov 2021 11:08:12 GMT
ETag: "1638184092"
X-HW: 1638620609.dop154.fr8.t,1638620610.cds252.fr8.shn,1638620610.dop154.fr8.t,1638620610.cds287.fr8.c
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=754
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 16887

GET
H3 200 template.bundle.1.0.css
buy.tinypass.com/widget/dist/template/css/ Frame A9BF 33 KB
6 KB 53ms
51ms Stylesheet
text/css 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 2902
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-133-48
last-modified: Mon, 29 Nov 2021 02:52:32 GMT
server: cloudflare
etag: W/"33843-1638154352000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/css
server-time: 0.001
cache-control: public, max-age=7200
cf-ray: 6b85019d08864e7f-FRA
expires: Sat, 04 Dec 2021 14:23:30 GMT

GET
H3 200 loadTranslationMap Show response
buy.tinypass.com/showtemplate/general/ Frame A9BF 39 KB
8 KB 133ms
130ms Script
application/javascript 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/showtemplate/general/loadTranslationMap?aid=mxzByQgDpu&version=1594056034000&language=en_US

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

0bc2af178dd2a0d726911d67d2e400bb76e2291b638982f6667426548eb45670

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: C6rbl3rd2U2
pragma
wn: prod-dash-10-0-126-253
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.001
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 6b85019d088a4e7f-FRA
expires: Sun, 5 Dec 2021 07:23:30 EST

GET
H3 200 platform-translation-map_en_US.js Show response
buy.tinypass.com/ng/common/i18n/ Frame A9BF 59 KB
12 KB 34ms
32ms Script
application/javascript 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/ng/common/i18n/platform-translation-map_en_US.js?version=14.32.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

cd0b53e2d3257253a3d5f7c993763c1cd69ae7dc701ea5cb6fb1334336b4334a

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 67722
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-115-80
last-modified: Thu, 02 Dec 2021 16:48:52 GMT
server: cloudflare
etag: W/"60841-1638463732000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.000
cache-control: public, max-age=86400
cf-ray: 6b85019d088c4e7f-FRA
expires: Sun, 05 Dec 2021 12:23:30 GMT

GET
H3 200 H4sIAAAAAAAAAD3MQQ6DMAwF0QuB3WTFJXqGKpAvCHIdhB3l-lUllN1oFo97yTucczFnx_eS5ODTRtPaNAsmlrIaJ92bpHsOFClGLmHR8aRuSfCBzs0mflw7ah9soNefVnQTuON-19wEdNoPGK60D4cAAAA Show response
buy.tinypass.com/_sam/ Frame A9BF 526 KB
157 KB 43ms
41ms Script
text/javascript 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3MQQ6DMAwF0QuB3WTFJXqGKpAvCHIdhB3l-lUllN1oFo97yTucczFnx_eS5ODTRtPaNAsmlrIaJ92bpHsOFClGLmHR8aRuSfCBzs0mflw7ah9soNefVnQTuON-19wEdNoPGK60D4cAAAA?compressed=true&v=14.32.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

afd211520cd3c79ae4b7d60efd0c0ae5077995631b25ca0448cca2f0a43e127b

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=mxzByQgDpu&templateId=OT2HDPJV206L&offerId=fakeOfferId&experienceId=EXA43HY756G3&iframeId=offer_4ed00b2540b3586a4a50-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.bloombergquint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2818
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-115-80
last-modified: Thu, 02 Dec 2021 16:48:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/javascript
server-time: 0.060
cache-control: public, max-age=601982
x-optimized-by: _sam
cf-ray: 6b85019d088d4e7f-FRA
expires: Sat, 11 Dec 2021 11:36:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A9BF 17 KB
1 KB 43ms
19ms Stylesheet
text/css 2a00:1450:4001:82f::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,300,400,500,600,700,800|Roboto:400,500,700&subset=cyrillic

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

816f5b50809beb27fb908d88728e4570dd51ced0f2b361f8afde4e87e275186e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 12:23:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Dec 2021 12:23:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Dec 2021 12:23:30 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame A9BF 8 KB
1 KB 41ms
17ms Stylesheet
text/css 2a00:1450:4001:82f::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Spectral:wght@200;300;400;500;600;700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

5b1cde4cc3e760436410c8a2a98861276be9ac8ac12c785c813a84a0788051ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 12:23:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Dec 2021 12:23:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Dec 2021 12:23:30 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame A9BF 4 KB
683 B 49ms
25ms Stylesheet
text/css 2a00:1450:4001:82f::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;600&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

0ed1c09a270e3ec711b4aaf5b05d2cb99d62c25360e798a1434711bd397de575

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 12:23:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Dec 2021 12:23:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Dec 2021 12:23:30 GMT

GET
H/1.1 200
OK cx.cce.js Show response
scdn.cxense.com/ 22 KB
6 KB 45ms
11ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.cce.js
Requested by: Host: csm.cxpublic.com
URL: https://csm.cxpublic.com/Bloombergquint.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Jul 2021 14:49:19 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5864
Expires: Sat, 04 Dec 2021 13:23:30 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 29ms
10ms Script
application/javascript 143.204.95.188

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: rtbcdn.andbeyond.media
URL: https://rtbcdn.andbeyond.media/prod-global-550791.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 -, , ASN (),
Reverse DNS
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 257
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1D7RPSHHFNMBFF39GEKD
date: Sat, 04 Dec 2021 12:19:49 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ae2xuLyIe2ld_Zhw3sSbYRCeDP47AzTcityybR9ELl8Y27dtetzznA==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
316 B 14ms
13ms XHR
text/plain 143.204.95.188

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.bloombergquint.com&pubid=cd6cddc5-4dca-4d77-9a65-8b894400e772
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 -, , ASN (),
Reverse DNS
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:07:25 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
server: Server
age: 964
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.bloombergquint.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: LRS54D7Jg5kOjJtavwvT5aNFFRvfmyTzluGhqGCKrdcr8OYSnznxuA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 277ms
9ms XHR
application/javascript 143.204.95.188

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 27064
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Tue, 09 Nov 2021 22:55:20 GMT
server: AmazonS3
date: Sat, 04 Dec 2021 04:52:26 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: -5JHJHb-iR-WHctgdtyIOyVxi0Kac7zsUqnFDPUyDFsrFWikhE0jyA==

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 118 KB
28 KB 34ms
11ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.cce.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Dec 2021 15:30:08 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Sat, 04 Dec 2021 13:23:30 GMT

GET
H2 200 www.bloombergquint.com.js Show response
csm.cxpublic.com/Bloombergquint/domain/ 289 B
460 B 13ms
13ms Script
application/x-javascript 104.111.245.50

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.cxpublic.com/Bloombergquint/domain/www.bloombergquint.com.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.245.50 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 028b5e15ce0e520fe7cec7040c56a24c06e4715c593a9a3f15a0f02981c5562f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
last-modified: Tue, 14 Jul 2020 10:42:59 GMT
server: AkamaiNetStorage
accept-ranges: bytes
etag: "fedb6d62fea0fb16a4566dcf48378ddd:1594723379.151293"
content-length: 289
content-type: application/x-javascript

GET
H3 200 fail-icon.png
buy.tinypass.com/widget/dist/template/css/img/ Frame A9BF 2 KB
3 KB 20ms
20ms Image
image/png 2606:4700::6811:b8b1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://buy.tinypass.com/widget/dist/template/css/img/fail-icon.png

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b8b1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
cf-cache-status: HIT
age: 2904
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2177
wn: prod-dash-10-0-126-253
last-modified: Tue, 30 Nov 2021 18:53:24 GMT
server: cloudflare
etag: W/"2177-1638298404000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
server-time: 0.000
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6b85019e3b084e7f-FRA
expires: Sat, 04 Dec 2021 14:23:30 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame A9BF 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,300,400,500,600,700,800|Roboto:400,500,700&subset=cyrillic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 15:45:42 GMT
x-content-type-options: nosniff
age: 247068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 15:45:42 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame A9BF 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,300,400,500,600,700,800|Roboto:400,500,700&subset=cyrillic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 20:07:55 GMT
x-content-type-options: nosniff
age: 317735
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 20:07:55 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame A9BF 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,300,400,500,600,700,800|Roboto:400,500,700&subset=cyrillic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 05:33:18 GMT
x-content-type-options: nosniff
age: 283812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 05:33:18 GMT

GET
H2 200 newsletter_design.png
thumbor-stg.assettype.com/bloombergquint/2021-09/1ffd2fd9-0a46-44db-b59f-afcd3ce5225f/ Frame A9BF 42 KB
43 KB 52ms
27ms Image
image/webp 2606:4700:10::ac43:1be8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumbor-stg.assettype.com/bloombergquint/2021-09/1ffd2fd9-0a46-44db-b59f-afcd3ce5225f/newsletter_design.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62eef279d0fbc057590c16346fc1959e133630425c4b30dfa43b4abaa8d5e2d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
cf-cache-status: HIT
server: cloudflare
age: 71052
etag: "5a693053f21038123bc222225e85fd120b463b11"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6b85019e9c00d729-FRA
content-length: 43504
expires: Sat, 04 Dec 2021 16:39:18 GMT

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame 4AD2 1 KB
888 B 11ms
11ms Document
text/html 2a02:26f0:6c00:2a7::268b

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a739cc97a54df824e12fc75392160360e56e55f623a445f99fa26108fa84e6fb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

Accept-Ranges: bytes
Last-Modified: Mon, 29 Nov 2021 08:03:18 GMT
Server: AkamaiNetStorage
Content-Length: 518
Cache-Control: max-age=864000
Expires: Tue, 14 Dec 2021 12:23:30 GMT
Date: Sat, 04 Dec 2021 12:23:30 GMT
Connection: keep-alive
Content-Type: text/html
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Vary: Accept-Encoding

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 57E4 0
17 B 17ms
7ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.bloombergquint.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.bloombergquint.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Sat, 04 Dec 2021 12:23:30 GMT

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame 4AD2 118 KB
28 KB 13ms
13ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Dec 2021 15:30:08 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Sat, 04 Dec 2021 13:23:30 GMT

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame 4AD2 47 B
637 B 50ms
6ms Script
text/javascript 178.63.13.144

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.13.144 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: d6fb09db4fe810c82387e44d630c1d685e665a71ec9b352f59318422a98995c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Last-Modified: Fri, 04 Jun 2021 12:23:30 GMT
Server: Jetty(9.4.28.v20200408)
ETag: 3sql9046tbm96266r0efyd1knq
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: private, proxy-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 47
Expires: Sun, 04 Dec 2022 12:23:30 GMT

GET
H/1.1 200
OK cx.js Show response
scdn.cxense.com/ 118 KB
28 KB 11ms
11ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.js
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Dec 2021 15:30:08 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Sat, 04 Dec 2021 13:23:30 GMT

GET
H/1.1 200
OK segment Show response
api.cxense.com/profile/user/ 77 B
692 B 52ms
14ms Script
text/javascript 147.75.85.120

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/profile/user/segment?callback=cXJsonpCBkwrseiy93jajuqmf&persisted=8e08f80df1701a387a10bf4174740b88dd1f1cbd&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22kwrseivxbgrt8whs%22%2C%22type%22%3A%22cx%22%7D%5D%7D

Requested by

Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 -, , ASN (),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

8227fd53346e22749f5f6d335c3a96c78638537770c160c9a8d46b46074ca185

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:30 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 77
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame 4AD2 43 B
468 B 33ms
12ms Image
image/gif 178.63.13.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=1.1.2&typ=pgv&rnd=kwrseirtqb4w5c8r&sid=1127320820239863314&loc=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&new=0&arf=0&ltm=1638620610185&ref=&tzo=0&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=kwrseivzt27asgiw&ckp=kwrseivxbgrt8whs&glb=&wsz=1600x1200&amo=1638610694.204&cp_ver=2.44&cp_testGroup=40&cst=3sql9046tbm96266r0efyd1knq
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.13.144 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 12:23:30 GMT
Server: Jetty(9.4.28.v20200408)
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 118 B
690 B 31ms
11ms Script
text/javascript 178.63.13.144

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22kwrseivxbgrt8whs%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%223sql9046tbm96266r0efyd1knq%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%223sql9046tbm96266r0efyd1knq%22%7D%5D%2C%22siteId%22%3A%221127320820239863314%22%2C%22location%22%3A%22https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware%22%7D&callback=cXJsonpCBkwrseiz3shobqtp3

Requested by

Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.63.13.144 -, , ASN (),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

494922121cb616e04e01c972fb21ea05d834f0d59add5f74ebdbb84ec0dcb690

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Dec 2021 12:23:30 GMT
X-Content-Type-Options: nosniff
Server: Jetty(9.4.28.v20200408)
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 118
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=496640721231456&ev=CxSegments&dl=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&rl=&if=false&ts=1638620610472&cd[segmentIds]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmgoogletagmanager&ec=2&o=30&fbp=fb.1.1638620609845.1430009430&it=1638620609630&coo=false&exp=p1&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:30 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sat, 04 Dec 2021 12:23:30 GMT

GET
H2 200 query Show response
global.cloud.netacuity.com/webservice/ 574 B
443 B 165ms
33ms XHR
application/json 52.49.172.98

General

Check archive.org

Show headers Download Go to

Full URL: https://global.cloud.netacuity.com/webservice/query?u=04842bc1-ecc8-4db1-aeec-6a7708559ff2&json=true
Requested by: Host: rtbcdn.andbeyond.media
URL: https://rtbcdn.andbeyond.media/prod-global-550791.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.172.98 -, , ASN (),
Reverse DNS
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips /
Resource Hash: a39d3bb00ad83bbfbbc5cfdbc295d842b670d426a273c98abe193204f22eaecd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 04 Dec 2021 12:23:30 GMT
content-encoding: gzip
server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips
content-length: 263
vary: Accept-Encoding
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK impstats.php Show response
prebid.andbeyond.media/ 68 B
297 B 736ms
221ms XHR
text/html 52.77.55.240

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.andbeyond.media/impstats.php?aff=550791&type=pv
Requested by: Host: rtbcdn.andbeyond.media
URL: https://rtbcdn.andbeyond.media/prod-global-550791.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.77.55.240 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 7f8bd8aabb06508984f9761155d72f210272d9bad2e17a8f9383e0148269a885

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 04 Dec 2021 12:23:31 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Content-Length: 68
Content-Type: text/html; charset=UTF-8

GET
H2 200 a.js Show response
p.adlooxtracking.com/gpt/ 8 KB
4 KB 40ms
8ms Script
application/javascript 34.107.231.31

General

Check archive.org

Show headers Download Go to

Full URL

https://p.adlooxtracking.com/gpt/a.js

Requested by

Host: rtbcdn.andbeyond.media
URL: https://rtbcdn.andbeyond.media/prod-global-550791.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.231.31 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

9a59c5e5bf506c979d9baf8521375edc46c510007ea428f877717bdf90a81528

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:03:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 11 Jul 2021 15:29:14 GMT
server: nginx
age: 1198
etag: W/"91f36cb612bb5287d05f3c7044927cbe"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: public, max-age=3600
timing-allow-origin: *
alt-svc: clear
content-length: 3532

GET
H2 200 moe_webSdk.min.latest.js Show response
cdn.moengage.com/webpush/ 239 KB
59 KB 8ms
8ms Script
application/javascript 143.204.98.121

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Requested by: Host: www.bloombergquint.com
URL: https://www.bloombergquint.com/onweb/u-s-state-department-employees-said-to-be-targeted-with-spyware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.121 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0172f5bb0169b6d8c016d19dc2f384692989d63a30bbb797ff870f3d5aa09a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:01:50 GMT
content-encoding: gzip
last-modified: Tue, 30 Nov 2021 05:28:15 GMT
server: AmazonS3
age: 1301
etag: W/"534c5524b70de44a9121d25c33be7042"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control: max-age=1800
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: jaZ8Y8aqKbJo_SmhsqqCHv3oJkS6qm_Dsm89O7wk8dqD3SiY7ZjeLA==

GET
H2 200 websdksettings Show response
sdk-01.moengage.com/ 12 KB
3 KB 183ms
142ms XHR
application/json 143.204.98.118

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-01.moengage.com/websdksettings?app_id=6EUGCOPU0VTT63N7VWBVILZ3&
Requested by: Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.118 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ed09d958eebc4ce6a5e29dd5c5dc61267cf33a4e75b8e606d47b26a095944428

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
x-cache: Miss from cloudfront
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: a9cleQ6JwiKqgdrg71kPvxkAmKx6xkatwBisznK8YCKRX6FhmGUYyA==
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
expires: Sat, 04 Dec 2021 12:23:30 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 41ms
16ms Script
application/javascript 2a00:1450:4001:811::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bloombergquint.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 54ms
17ms Script
application/javascript 2a00:1450:4001:802::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bloombergquint.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 453 B
287 B 50ms
49ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_StickyUnit_Mobile_320x50_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1638620610&dt=1638620610975&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=7&adys=1157&adks=3701038873&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1586x-1&msz=1586x-1&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=516&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

beb0fefc9dc5379af13f1b2769a810cd263ffaefa7036cef1a9d91d327a98e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 53ms
30ms XHR
application/json 2a00:1450:4001:80f::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021113001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3a3c8e76f3134d900cd0983ca1a2bd0843eb793fb44ee30faf52fd70cbdf9539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8710
x-xss-protection: 0

GET
H2 200 container.html Show response
90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame ECB5 6 KB
4 KB 52ms
15ms Document
text/html 2a00:1450:4001:82a::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Dec 2021 12:23:31 GMT
expires: Sun, 04 Dec 2022 12:23:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
288 B 49ms
48ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_HP_GutterAds1_LHS_160x600_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C120x600&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1638620610&dt=1638620610987&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=244&adks=3920688034&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=160x0&msz=160x0&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

608da0c08dd0165788ccdaa6ed0fc5489692ff992c230384fb7b596bde8d0aeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 258
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
286 B 48ms
48ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_HP_GutterAds2_RHS_160x600_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C120x600&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1638620610&dt=1638620610994&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=1440&adys=244&adks=2252474718&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=160x0&msz=160x0&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

b91734d446ef13ac04f86d6bc8c2c1e08e90f010ae688512476731e80ef07e47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 452 B
285 B 54ms
54ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_1x1_Interstital_Revised_May_2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1638620610&dt=1638620610999&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=100&adks=437805037&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=1600x0&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e9f3ce10ec155fbc39d81a4aaad2056db4c3dae0d63178711cde6b70a1ac541f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bloombergquint.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:801::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 04 Dec 2021 12:23:31 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8CF7 13 KB
5 KB 24ms
7ms Document
text/html 2a00:1450:4001:801::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Sat, 04 Dec 2021 10:57:16 GMT
expires: Sun, 04 Dec 2022 10:57:16 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 75C0 783 B
536 B 37ms
19ms Document
text/html 2a00:1450:4001:80f::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

10cd2051139bbc64153f21cc9a034c18d4bae2eb610776dfbdf25f7c8fa300f5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5jR/kRqH7Cm3cgrpOKK0BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 04 Dec 2021 12:23:31 GMT
date: Sat, 04 Dec 2021 12:23:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-5jR/kRqH7Cm3cgrpOKK0BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 8CF7 35 KB
13 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 15:26:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 334616
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 15:26:35 GMT

GET
H2 200 6EUGCOPU0VTT63N7VWBVILZ3 Show response
sdk-01.moengage.com/v3/sdkconfig/web/ 164 B
645 B 285ms
285ms XHR
application/json 143.204.98.118

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-01.moengage.com/v3/sdkconfig/web/6EUGCOPU0VTT63N7VWBVILZ3?
Requested by: Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.118 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 2bb3c4275c76615330b9aa5402a971028f44d28241a5d40135c3eb98c86b0dfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
x-cache: Miss from cloudfront
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jpWP7JMiYfuAfumuUCVeEFEwmLvqKf2VHV5oJ4xG1ISBhQqS3HYZvA==
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
expires: Sat, 04 Dec 2021 12:23:30 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 75C0 0
0 60ms
55ms Image
text/html 2a00:1450:4001:80f::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021113001&jk=2897174573669698&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8CF7 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:801::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fVn3dQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:80f::2002

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021113001&jk=2897174573669698&bg=!r6ylrOjNAAaQHwIOkB87ACkAdvg8WoTUvwH9853CEJHcwnyNlAJzY0IKm9T946UhSCd0I77yoLEiewIAAABfUgAAAAxoAQcKAICbOrEVRjnmaeP7zYw7EzC8pjHZoVdrGqNPV-68ke9n1AINM5iNPOPk3LO-pi16c8-h74pskCwAO5sltFKoBwEAHzvGh1QWCPjJs6X9BTLpIeiVA6k_VAUn2Yxa7pgVu-sV182c-_UJr8Rry4QT-oxZ8OKoIgvPhu0_iA-FtgLKWJkCsgOUalGKV9gQzTG7yLAUo3MJYP3rJAZxU6IQHbarNW46ToH-u91pfvIj6vefvuYmjJgDRSZN4u7lqFP6nk2xSgy0SNRUxPFAbcnVD-YJAYk2JEv_ZWnSvPBunhPDYUDAz5esu1Q_9BVE0W0U1lpe3_A9aCCe8nSEzzOo3cUTrCRbEW0I4-d-t20b38u6HuK6Cdp2rKvDPq4xaPO-ynPwBzlUSMyPq8pQWklFcia0h629hdnBXLpYF5o2JgywVWJHOgT9otBFeIzzwZDfCn_vbGp_lf39SGQNn2EyUXb0wO1fEY-eHoBfauJyO8MaMzTxJfu6KTQta2BvGTmzZlCbPNq7WfX50gacIYot_5fdVeqpU1hITN8yzU_HdocTpBvT6Jrh3Xq_dZ0E3aYhO8vxFk8xPbo37YitG-oLciHSoEar2yv-BWBxJ-h-qhtoVzKFvrQNMiGt0d_TBbNX9IFg92PnLHw23Dq2SHWZQmWJtkL1TIwGHvSl2LPFP3qiAdrbWbF8nvJ8IAu81Y27FIlT9qCjMvhBggDn7dH59wBqAnd9m19NTgzjZWZjWP4ukawuUwomYWSnWqoSb345TnfzWT4BKIHCUBaYJg7J5C2DgaLedGIMebOfa38iCyAr-8M-yEK8norbVHUvmFX_altVGUtDVZZ-JOwYQvuDu1tKH09ayv_97BvriA1rc8YVy1abw19yqCtIRbHXCXq2cZuFccjKDzLD9d5EBYY98OwNp8SF6HAO01DZGgBkSL9UwcuZI_W0C-tDmXQUiLZt2sds64p4kpSYH85vvKZkO6bOuS9rU_J9JdbsmAMScM4msKyS0FgDW1Tu9uoJFA2K8ybsu4vP3D6eiS7-tDuSJU_cOnQjxd28ut0TNp_24xhSSM_IYW1G9wlVyp5TvUT94Y8x84PlYg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 12:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 add Show response
sdk-01.moengage.com/v2/device/ 81 B
616 B 317ms
317ms XHR
application/json 143.204.98.118

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-01.moengage.com/v2/device/add?os=web&os_platform=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&is_incognito=false&app_id=6EUGCOPU0VTT63N7VWBVILZ3&os_ver=Google%20Chrome&sdk_ver=2.7.19&model=Google%20Chrome&app_ver=1.0&device_ts=1638620611422&device_tz_offset=0&unique_id=67083a46-bfc9-4d0e-b79a-e2d75faaf02a&device_tz=0&subscription_type=vapid&vapid_public=BAwu0eUGS_5-Q7tYqaK6_cdilmaNT29k5NoZ3JiKveK5cVwJoU_YPT2f_zYWqXVV9CwEk_M4KWpt6HbBlQOS73U&sender_id=899349821483&
Requested by: Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.118 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: bb8b86a15c64fd109e4ebecafb8fe461838d1f73f1cb84d87b84da4fee00aae3

Request headers

Referer: https://www.bloombergquint.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
moe-request-id: fMSqfIEh
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-origin: *
x-amz-cf-id: XJVD2J6-B7EPlt3jsDElhzieyVaEZZ2OoT1zwHqsG4JMJNynt5WikQ==
expires: Sat, 04 Dec 2021 12:23:30 GMT

POST add
sdk-01.moengage.com/v2/report/ 0
0

GET
H2 200 webpushhelper.html Show response
cdn.moengage.com/webpush/beta/ Frame AD28 150 B
466 B 8ms
7ms Document
text/html 143.204.98.121

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.moengage.com/webpush/beta/webpushhelper.html
Requested by: Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.121 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd84ef34dd054c2966f73cb464b089001e81c5f1be62a2b4ecd1b8bc28be8242

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/

Response headers

content-type: text/html
content-length: 150
last-modified: Wed, 26 Sep 2018 11:08:08 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 03 Dec 2021 17:38:34 GMT
etag: "e1d10da6c70877d35638ba19905b0130"
x-cache: Hit from cloudfront
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 4HP2eNdNwG6v9d1LON3kME0g4dIujP6wiHfMO64z6xVNwx41cIYngw==
age: 67498

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 35ms
18ms Script
application/javascript 2a00:1450:4001:828::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bloombergquint.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 33ms
17ms Script
application/javascript 2a00:1450:4001:802::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bloombergquint.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021113001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bloombergquint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 12:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

GET
H2 200 sdk.inapp.cdnHelper.js Show response
cdn.moengage.com/webpush/beta/ Frame AD28 26 KB
10 KB 8ms
8ms Script
application/javascript 143.204.98.121

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js
Requested by: Host: cdn.moengage.com
URL: https://cdn.moengage.com/webpush/beta/webpushhelper.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.121 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 68f879b87d2176790af15ff77182c5cb1fcb2b7939f18b84f4cbe1d13c6826fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.moengage.com/webpush/beta/webpushhelper.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 12:01:51 GMT
content-encoding: gzip
last-modified: Thu, 02 Dec 2021 08:31:32 GMT
server: AmazonS3
age: 1301
etag: W/"c239e3d7d86329883233ad9965113015"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control: max-age=1800
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Stgm3sIaM0SlB2lo2-xMApIBVTCOv_g4Sosxeg14HNST9R5Xxx4lXA==

POST live
sdk-01.moengage.com/v3/campaigns/inapp/ 0
0

OPTIONS live
sdk-01.moengage.com/v3/campaigns/inapp/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sdk-01.moengage.com
URL: https://sdk-01.moengage.com/v2/report/add?os=web&os_platform=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&is_incognito=false&app_id=6EUGCOPU0VTT63N7VWBVILZ3&os_ver=Google%20Chrome&sdk_ver=2.7.19&model=Google%20Chrome&app_ver=1.0&device_ts=1638620611674&device_tz_offset=0&unique_id=67083a46-bfc9-4d0e-b79a-e2d75faaf02a&device_tz=0&subscription_type=vapid&vapid_public=BAwu0eUGS_5-Q7tYqaK6_cdilmaNT29k5NoZ3JiKveK5cVwJoU_YPT2f_zYWqXVV9CwEk_M4KWpt6HbBlQOS73U&sender_id=899349821483&

Domain: sdk-01.moengage.com
URL: https://sdk-01.moengage.com/v2/report/add?os=web&os_platform=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&is_incognito=false&app_id=6EUGCOPU0VTT63N7VWBVILZ3&os_ver=Google%20Chrome&sdk_ver=2.7.19&model=Google%20Chrome&app_ver=1.0&device_ts=1638620611677&device_tz_offset=0&unique_id=67083a46-bfc9-4d0e-b79a-e2d75faaf02a&device_tz=0&subscription_type=vapid&vapid_public=BAwu0eUGS_5-Q7tYqaK6_cdilmaNT29k5NoZ3JiKveK5cVwJoU_YPT2f_zYWqXVV9CwEk_M4KWpt6HbBlQOS73U&sender_id=899349821483&

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_AboveNavigation_320x50_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C320x100&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611759&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=265&adys=116&adks=1038857375&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1070x0&msz=1070x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1070&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_BelowHeadlineArticle_Responsive_728x90_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C728x90%7C320x50%7C320x100&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611765&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=650&adys=281&adks=1117442985&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1070&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_SequentialBelowHeadlineTemp_320x50_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C320x100&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611771&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=640&adys=297&adks=4184125269&ucis=7&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x0&msz=320x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1070&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_StoryPageMidCard_728x90_1_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C300x250%7C320x50%7C320x100&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611776&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=1651&adks=990828037&ucis=8&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x0&msz=728x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1070&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_AboveRecomneded_Responsive_728x90_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90%7C320x50%7C320x100&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611782&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=315&adys=2239&adks=320367141&ucis=9&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x0&msz=970x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1070&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_MREC_1_AboveEditorPick_DT_300x250_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C336x280%7C300x250&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611787&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=265&adys=2285&adks=3131917696&ucis=a&ifi=10&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1070x0&msz=1070x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=4&ohw=1600&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2897174573669698&correlator=2730516898508296&output=ldjh&impl=fifs&eid=31060979%2C31063871%2C21064365%2C31063138%2C31061030&vrg=2021113001&ptt=17&sc=1&sfv=1-0-38&ecs=20211204&iu_parts=21713057369%2CBQ_AP_Sticky_BelowEditorPick_DT_300x600_ABM21&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&prev_scp=environment%3Dproduction%26type%3Dstory%26section%3DTechnology%26path%3D%252Fonweb%252Fu-s-state-department-employees-said-to-be-targeted-with-spyware&cust_params=subscribed%3Dfalse%26amznbid%3D0%26amznp%3D0&cookie=ID%3D1f9492e497b3bd7b-22da829e34cc00ef%3AT%3D1638620611%3AS%3DALNI_MZwSE2uLeWTPRCvsZLrjUWu5JF6dg&bc=31&abxe=1&lmt=1638620611&dt=1638620611793&dlt=1638620605395&idt=3699&frm=20&biw=1600&bih=1200&oid=2&adxs=265&adys=2609&adks=354482526&ucis=b&ifi=11&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bloombergquint.com%2Fonweb%2Fu-s-state-department-employees-said-to-be-targeted-with-spyware&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1070x0&msz=1070x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1088667151.1638620610&ga_sid=1638620611&ga_hid=732694424&ga_fc=true&fws=516&ohw=1600&btvi=4&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: sdk-01.moengage.com
URL: https://sdk-01.moengage.com/v3/campaigns/inapp/live?sdk_ver=2.7.19&os=web&unique_id=67083a46-bfc9-4d0e-b79a-e2d75faaf02a&

Domain: sdk-01.moengage.com
URL: https://sdk-01.moengage.com/v3/campaigns/inapp/live?sdk_ver=2.7.19&os=web&unique_id=67083a46-bfc9-4d0e-b79a-e2d75faaf02a&

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bloombergquint.com/onweb	1970-01-19 23:10:26	Name: qtype-session Value: a05bc08f-3b73-4d59-b0a2-eeae352d306d
.twitter.com/	1970-01-20 16:41:32	Name: personalization_id Value: "v1_CshGM79RuJlDz91DXPlMew=="
.piano.io/	1970-01-19 23:10:22	Name: __cf_bm Value: c_LQjfkuc9O21Y7wpb0hPbPIyE8J3Txw4KmAUA2Bhwo-1638620605-0-AaEm8FVJ6DVx88dZIfxR1WUXNNUT1hWmZfHilvO3wiv5CNv1P+P+Pim/wSu+ihsTDj4QgbWEp4NQNt6EAk5fPss=
.bloombergquint.com/	1970-01-20 16:41:32	Name: __tbc Value: %7Bkpbx%7DBpNbcpk395bwm-yeokxZMplEJBeUTcuw9wz8MSueF-LyAsaMJbCGJWzhZFtx26PoaUagmHQ9E8dMIUXDQ_iMF1oPV4N07mFCamLp-hnMLfI
.bloombergquint.com/	1970-01-19 23:53:32	Name: __pat Value: 19800000
.bloombergquint.com/	1970-01-19 23:11:47	Name: __pvi Value: %7B%22id%22%3A%22v-2021-12-04-12-23-25-779-KRKOHSym37XouhXy-29e654156c53721121873ea8ec5315b6%22%2C%22domain%22%3A%22.bloombergquint.com%22%2C%22time%22%3A1638620605936%7D
.bloombergquint.com/	1970-01-20 16:41:32	Name: xbc Value: %7Bkpbx%7DTHuernSRntTpXbysogisYeibUBe1geZ9GbRw39g-2yCFZZdk7rIExjno63z0-mMdf2BB4SlmOVfZG3Eex7wDU2dmRVod1iPxk1bu7yJkIx6aD_BG2-tm6cVadGHvIMdtpCikbc0STPM5p7STjNjroJsu1inLhWQ0YBo_r1rnrr33P5Mix-4RuT4_kSozgNt_
www.bloombergquint.com/	1969-12-31 23:59:59	Name: pnespsdk_ssn Value: %7B%22%24s%22%3A1638620606191%2C%22visitNumber%22%3A1%7D
www.bloombergquint.com/	1970-01-20 07:55:56	Name: pnespsdk_visitor Value: 78vitpsgwtixu1po
.qlitics.com/	1970-01-24 18:31:40	Name: thinmint Value: 2757e984-62b7-3194-b664-2d9de82e288f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

Strict-Transport-Security

max-age=86400

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

90c9c63e5d02314c23cbb446a78fa5f0.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
analytics.twitter.com
api-esp.piano.io
api-v3.tinypass.com
api.cxense.com
buy.tinypass.com
c.amazon-adsystem.com
c2.piano.io
cdn.cxense.com
cdn.gumlet.com
cdn.moengage.com
cdn.polyfill.io
cdn.tinypass.com
code.jquery.com
comcluster.cxense.com
connect.facebook.net
csm.cxpublic.com
experience.tinypass.com
fea.assettype.com
fonts.googleapis.com
fonts.gstatic.com
global.cloud.netacuity.com
id.cxense.com
p.adlooxtracking.com
p1cluster.cxense.com
pagead2.googlesyndication.com
prebid.andbeyond.media
prod-analytics.qlitics.com
rtbcdn.andbeyond.media
scdn.cxense.com
sdk-01.moengage.com
securepubads.g.doubleclick.net
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.co
thumbor-stg.assettype.com
tpc.googlesyndication.com
www.bloombergquint.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
sdk-01.moengage.com
securepubads.g.doubleclick.net
104.111.245.50
104.244.42.67
104.244.42.69
143.204.95.188
143.204.98.118
143.204.98.121
147.75.85.120
178.63.13.144
199.232.136.157
2001:4de0:ac18::1:a:2a
216.58.212.130
2606:4700:10::ac43:1be8
2606:4700::6810:2a41
2606:4700::6810:5e41
2606:4700::6810:f015
2606:4700::6811:b8b1
2606:4700::6811:bab1
2606:4700::6812:5dc6
2a00:1450:4001:801::2001
2a00:1450:4001:802::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:811::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::200a
2a00:1450:400c:c00::9d
2a02:26f0:6c00:2a7::268b
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:200::282
2a04:4e42:600::644
34.107.231.31
52.1.188.220
52.49.172.98
52.77.55.240
69.16.175.42
028b5e15ce0e520fe7cec7040c56a24c06e4715c593a9a3f15a0f02981c5562f
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0bc2af178dd2a0d726911d67d2e400bb76e2291b638982f6667426548eb45670
0dbbce727c5877b82dd29d602e522cec6601d4b355378bcb4a8a9f5d71e1ba9c
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ed1c09a270e3ec711b4aaf5b05d2cb99d62c25360e798a1434711bd397de575
10cd2051139bbc64153f21cc9a034c18d4bae2eb610776dfbdf25f7c8fa300f5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1892bcce7f4920a23da99f61a00a5bc0e440d875f2e3a2ac192adf7e27df9775
1a232870c586215e8b7e50aecd56221f7571f0bd4af83db17ec3e776844ecf70
1a2dc3f43294dd83401f46fafda1ee4c248a5a4f4c177a3d664b0a6c50bd3f13
1a2f415894088c48d895ce6549090ee756a6f1b3e05699bbf0547b005b3b68d3
213db1f99c4d17b96b61eec521c00137a0b0471e2b2cd8f4652dfae3f3366566
21be0bf3c40793f2894fd8d2e4b18659d5a344dbb9005bfa43998308e556a33c
266e4eb2db1743c3852dfdad38c68d826bb905c7023f1a0c53e4bb5bb8ffc399
27aad8a24ee3caa364101613b091280b050ce6e3c8f3242353bb6e98276f9e52
288469851aab0e4152c9fa94df656d2a650fe55dc26ef23fc6c91bccc6204b3f
2bb3c4275c76615330b9aa5402a971028f44d28241a5d40135c3eb98c86b0dfb
30ccffd33eafb489da2764d31706fcc6878094c3759cee0388e11c82922bf74e
31cd9f6a4a758d68845d5b60965cdf590c961c32b4759cf26e34f05578eee7a0
3857f4bef92a65955e0d42ef474b4b86109d648b2d5e91811fccc51486cd493d
3a3c8e76f3134d900cd0983ca1a2bd0843eb793fb44ee30faf52fd70cbdf9539
3a426e4864673ab26c49b84e61374c41591c7c6a2298327ee6eca1e858f5b61c
3e91b52b7219f1d651f9609456f3279d8c47ff32f9d0478ee41dddc095f59471
43208957b50375f4a89c4b6fd14d10be4a1a57bcb010dfff9e94bc0f4698ff9c
465b31f84196ddfdd21c859a1460c95d70093d91e3ae5ce5c688c398b9dc20f7
494922121cb616e04e01c972fb21ea05d834f0d59add5f74ebdbb84ec0dcb690
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565ad0a1bf7ce813ee7199bbfcee1107a25fe4622caec95cae83348d2f9cfc8c
59a27e2092e5bf9525e80ccc76d2d76f454fe9cba012328e839749c63db4fc2e
5b1cde4cc3e760436410c8a2a98861276be9ac8ac12c785c813a84a0788051ac
5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6
608da0c08dd0165788ccdaa6ed0fc5489692ff992c230384fb7b596bde8d0aeb
61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e16263ed1227e721bffd26891b13a4d07c5140249fa78f297b51845ee169db
62eef279d0fbc057590c16346fc1959e133630425c4b30dfa43b4abaa8d5e2d3
641ad283a10af99ba3b24476ef8d95fa96fba1d08bd79980daea4766e0d7db24
68f879b87d2176790af15ff77182c5cb1fcb2b7939f18b84f4cbe1d13c6826fe
709cdcf57f5cec0c2306d1690302b1c41a826e484d158abaf220bb1ac669e649
7186d14ea79e63597cab54af8bc08bb1db9248d9076eaa65f7a0ddc75b028d03
734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5
78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c
7bd412a06bddcf40df51ff43178bcfd2aef73c34c94dff86370d49d098df7464
7f8bd8aabb06508984f9761155d72f210272d9bad2e17a8f9383e0148269a885
816f5b50809beb27fb908d88728e4570dd51ced0f2b361f8afde4e87e275186e
8227fd53346e22749f5f6d335c3a96c78638537770c160c9a8d46b46074ca185
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
8bf1b5dcddcd32a55c660e568fb37193f07bc878cf7e78c8873bcedc10731cc5
955a54ed734f6e7ef996c72bc80295387f925f4f4f446bbcfbbd637a200befab
9a59c5e5bf506c979d9baf8521375edc46c510007ea428f877717bdf90a81528
9a7219ed196501ca089762bd5c6bd1eaa9bc6a0dcabe50b4fdf6cae1b13c7bfa
a0172f5bb0169b6d8c016d19dc2f384692989d63a30bbb797ff870f3d5aa09a3
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a39d3bb00ad83bbfbbc5cfdbc295d842b670d426a273c98abe193204f22eaecd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a739cc97a54df824e12fc75392160360e56e55f623a445f99fa26108fa84e6fb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afd211520cd3c79ae4b7d60efd0c0ae5077995631b25ca0448cca2f0a43e127b
b0a8eef7ff31f5e543c1a9ebe9f4e7c2693675e418ca6fda8a97797d2a0d53db
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2f03a9dc235e97011603f677c7b1a9f86115c18c40344593e44868b1b6b60ea
b8d1042fb8c7ee3c07463da9bff23a4f9e14cb57cd9fb226cec5dd1864050d43
b91734d446ef13ac04f86d6bc8c2c1e08e90f010ae688512476731e80ef07e47
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bb8b86a15c64fd109e4ebecafb8fe461838d1f73f1cb84d87b84da4fee00aae3
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
beb0fefc9dc5379af13f1b2769a810cd263ffaefa7036cef1a9d91d327a98e38
c8ff4f39ae6b98a1abef045c9fa324b414fa79bcc1a15117ca0fc7ab5e53dd8b
c93f4332daa92f95a2c2446599d6cf9e87b00b20d60db827af63b0e4a3feb22b
ca151bd6536945da49fea26a6c90ace1c11b95ede87dc58ecc9c36b20713100f
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd0b53e2d3257253a3d5f7c993763c1cd69ae7dc701ea5cb6fb1334336b4334a
d1a700c13a6c23d513ab4e897de373d2c124e380069baae0ca9c7f58db3922d4
d6fb09db4fe810c82387e44d630c1d685e665a71ec9b352f59318422a98995c7
d80b40fffbb83f623431618156287b682bae4ba03cfa81dc7bb7802d78ffae65
d8d7e419a36ba7ca3872a81ed6221150a746aee853c7f7ebd996585926e7b2cb
dd84ef34dd054c2966f73cb464b089001e81c5f1be62a2b4ecd1b8bc28be8242
dde581fb161996508ac5f4628af6f20e5c456a102613908dcfb8cd3b8b850658
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f3ce10ec155fbc39d81a4aaad2056db4c3dae0d63178711cde6b70a1ac541f
eb089b7cbf84c1431e5da5a7912578fc19ff63eb25dffee006db52641c54b5bb
ed09d958eebc4ce6a5e29dd5c5dc61267cf33a4e75b8e606d47b26a095944428
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1793d98ce12c032edabcff571a1dbce5c0799464b12a5e2ea95de43efed2e9f
f3090e7817270ea9ddb20a40bdafc842461705e69f9e89246ea5d32cd6516d6b
fb4f134f3a8aff794f7914ad61196b67d94586cf163efaf592ab41632ecb6d32
fef5a41be1b827a1729f19bcd123a57ee3f2cb8dc9074fffa4ab5b807f503514

www.bloombergquint.com Open in urlscan Pro 2606:4700::6812:5dc6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

146 Requests

92 %HTTPS

63 %IPv6

29 Domains

46 Subdomains

42 IPs

3 Countries

2389 kBTransfer

7277 kBSize

10 Cookies

44 Outgoing links

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bloombergquint.com Open in urlscan Pro
2606:4700::6812:5dc6 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

92 %
HTTPS

63 %
IPv6

29
Domains

46
Subdomains

42
IPs

3
Countries

2389 kB
Transfer

7277 kB
Size

10
Cookies

146 HTTP transactions
1 data transactions