cybernews.com Open in urlscan Pro
2606:4700:3108::ac42:283b Public Scan

URL: https://www.facebook.com/cybernewscom/

URL: https://www.youtube.com/c/CyberNews

URL: https://www.linkedin.com/company/cybernews

URL: https://www.tiktok.com/@cybernewscom

URL: https://flipboard.com/@CyberNews_com

URL: https://careers.cybernews.com/
Title: Careers

ns31533569.ip-162-19-138.eu

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELo59E3K-Yidsqgtv7GVg_8&google_cver=1

Request Chain 104

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUuwPS4D6p3cEgUOB9WtHQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKVARIhySNk2DPkqBa2UPCA&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKVARIhySNk2DPkqBa2UPCA%26google_cver%3D1

Request Chain 106

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMTYxMjYyMzc3OTM4OTY5Ng%3D%3D

Request Chain 158

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOYJdClpu-8IgWnzAuylpgs&google_cver=1&google_push=AXcoOmT0wbI_kDzN3DvaOWAlLhl5b-fVB5kuAetZNpdgnOJiNYrdgtRxx5HY7u7WDbsvjnRyd_siT97SeOmDNY9jw7M7PeSvCoaI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM4NDIyNzQ3MTUzNTcxOTQ2OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENllOYV1_-uZjXzGjtXQT7M&google_cver=1

Request Chain 159

https://um.simpli.fi/gp_match?google_gid=CAESEJ7iA5XanUmRU3QzsBWJbd0&google_cver=1&google_push=AXcoOmR1bgvc2CWpo8F6oUHc-K_hqjkZ8i-iBszb_hMpHuQICihMu9_olkkf1GObQZXyQFQqtgJRl4JvV_9v3ZneRoAwtgmX8nbL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmR1bgvc2CWpo8F6oUHc-K_hqjkZ8i-iBszb_hMpHuQICihMu9_olkkf1GObQZXyQFQqtgJRl4JvV_9v3ZneRoAwtgmX8nbL

Request Chain 160

https://d5p.de17a.com/cookies/google?google_gid=CAESEDoW_-szeHeubIKDwzxwlyg&google_cver=1&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6QudnKP HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDoW_-szeHeubIKDwzxwlyg&google_cver=1&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6QudnKP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6QudnKP

Request Chain 163

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESED34t1RHgUg2CqTtANAcdOU&google_cver=1&google_push=AXcoOmQM6sKjHSj7QAhClHYr9Xc2fWDob9E63oh-97vBGZ_IjrM2QtBn0JnxTF2T9fHqc8EmAZa7gmZX-QsWzePTmslbwymxKFF2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9QWTM4QjctMVotNU5XNw==&google_push=AXcoOmQM6sKjHSj7QAhClHYr9Xc2fWDob9E63oh-97vBGZ_IjrM2QtBn0JnxTF2T9fHqc8EmAZa7gmZX-QsWzePTmslbwymxKFF2

Request Chain 166

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1

Request Chain 167

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUuwPS4D6p3cEgUOB9WtHQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKX5EXS2KfSL4chA0fGDEjk&google_cver=1

Request Chain 169

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE0MDk1MTgzNDE4NTU4NDI2OA%3D%3D

Request Chain 184

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKdtbTzL4JbAz2JAlwds6Lc&google_cver=1

Request Chain 186

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEItoTFuZXEGaVn3JEUnU9wo&google_cver=1

Request Chain 215

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEMvIlfy-Jok8-teEPM1b8UA&google_cver=1&google_push=AXcoOmSsSL87G7yisq8qQZ7k0bI4XqtsSvuattRBdACp-5wEIdd8guQx68noNefWYWu5xRGQcYxshmdXFSs13eHlliQcSIQCV_QfZrk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMvIlfy-Jok8-teEPM1b8UA&google_push=AXcoOmSsSL87G7yisq8qQZ7k0bI4XqtsSvuattRBdACp-5wEIdd8guQx68noNefWYWu5xRGQcYxshmdXFSs13eHlliQcSIQCV_QfZrk

Request Chain 218

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJSYUFMBoXgS33G0ABbAndQ&google_cver=1&google_push=AXcoOmT0FDLZ5PXepY3EhVyBFWCZ3sk99KIMztsx1oM4FsMSAZWSC2Px0hrwC8QL3raldYUTYPxHFHaWvSAZL8oOnrTdKjYf4_MFdFg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT0FDLZ5PXepY3EhVyBFWCZ3sk99KIMztsx1oM4FsMSAZWSC2Px0hrwC8QL3raldYUTYPxHFHaWvSAZL8oOnrTdKjYf4_MFdFg&google_hm=eS1zVnYwWDZ4RTJwRW1Icnk2UjBFbHdtaE1ZSmJVVC5vcn5B

Request Chain 220

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEMIRLgzc0eO7jFPThxMMXUQ&google_cver=1&google_push=AXcoOmRAe4tUhOKWKCsJZ4mO1d01fGwhZLTzd4BOM7qUsFDujoFL6i0DdfctYyTSR_jOLUmqRMH9PlsKwVy8XEjANAq4mfkgSnXEBCn9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRAe4tUhOKWKCsJZ4mO1d01fGwhZLTzd4BOM7qUsFDujoFL6i0DdfctYyTSR_jOLUmqRMH9PlsKwVy8XEjANAq4mfkgSnXEBCn9 HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 223

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENllOYV1_-uZjXzGjtXQT7M&google_cver=1&google_push=AXcoOmTVSynuujoT4zRjFGAHDlW8RwU7vXHm8SbYpXoh8MSgt2SLdM-ffbBAIkum-odKR2R3J-ycYD2JDh9DzyhSjhwDPvEd5-s0-J0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM4NDIyNzQ3MTUzNTcxOTQ2OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1

Request Chain 224

https://a.tribalfusion.com/i.match?p=b6&u=CAESENoL_O2ozlbQouKmfVABXjs&google_cver=1&google_push=AXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENoL_O2ozlbQouKmfVABXjs&google_cver=1&google_push=AXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 227

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBNDjQyZyQ3gxOi-U541z8M&google_cver=1&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinnKgcGQWE_r6CeK2ZaSAMv0dxzg HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEBNDjQyZyQ3gxOi-U541z8M&google_cver=1&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinnKgcGQWE_r6CeK2ZaSAMv0dxzg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinnKgcGQWE_r6CeK2ZaSAMv0dxzg

Request Chain 228

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESENd4rcBv0DJa5VpA1ojMfq4&google_cver=1&google_push=AXcoOmTPRoCXQ8IcVcoZgRjjec1BWisG4kLvvwAdKrshq6uj-QMV7x7Y8gUJphxPkmvftW6mLUDptWQpMay7LN0VI5g0RtR-g3EVzQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTPRoCXQ8IcVcoZgRjjec1BWisG4kLvvwAdKrshq6uj-QMV7x7Y8gUJphxPkmvftW6mLUDptWQpMay7LN0VI5g0RtR-g3EVzQ

Request Chain 229

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEK7TuMo1gQzdty4oM6c-zIc&google_cver=1&google_push=AXcoOmSkwbundYg25YyqEKTzuxvbNyusev9-HQEfn4SqWML9-fndKMf_7usF9K4dJH2gFPl0vuo4qbWebZSv0Hha-GTvRmPtVyhYG0qK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmSkwbundYg25YyqEKTzuxvbNyusev9-HQEfn4SqWML9-fndKMf_7usF9K4dJH2gFPl0vuo4qbWebZSv0Hha-GTvRmPtVyhYG0qK HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 232

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBr-KWtLZAIEhDpZyKsvpRY&google_cver=1&google_push=AXcoOmSl0Wfcr4PsMkCR7HBoIa73C3Pqe5YsDv5zEhXq7eOCltJ3u_kLa3e5vwhAI4o76fPb567YCV4WWh9LgLtvhbaksFzDdRoVzVwm7LIt01wplMmIDkTD_B0iTQswheI0Me1ChgjI8Gnw6ypw_c6GYc9JoA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM4NDIyNzQ3MTUzNTcxOTQ2OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1

Request Chain 233

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_cver=1&google_push=AXcoOmQ0JDGw2EJAD-ctyuR1_kBioozp36085V6WLenQTqyvllDtUGf0mS96sHcZx-bm_I1sqG7fwNJ3D138AGSwFtt4uz8EBHwqK8kHcvNGXZCTPJrR6MBEnQJCFOcs4OOjBghIDCuMMRMWipVg3gocIkS8xw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_push=AXcoOmQ0JDGw2EJAD-ctyuR1_kBioozp36085V6WLenQTqyvllDtUGf0mS96sHcZx-bm_I1sqG7fwNJ3D138AGSwFtt4uz8EBHwqK8kHcvNGXZCTPJrR6MBEnQJCFOcs4OOjBghIDCuMMRMWipVg3gocIkS8xw

Request Chain 237

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMlg50WZ5khcWLGSSiHyxtg&google_cver=1&google_push=AXcoOmQL1ygOI_4_rt5yrBqInbkkM86WV_h5_sK7WQmLV_r4eUTENLWwpGNu_2EiQ6s13uyfDD7uSj3ZrF9_0oAlnzWegB9D6F-SnHTECFle_cgbdpFSp9rpiK367gkYkySEtVQUXjv9v0VedwinhXzWmSLY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQL1ygOI_4_rt5yrBqInbkkM86WV_h5_sK7WQmLV_r4eUTENLWwpGNu_2EiQ6s13uyfDD7uSj3ZrF9_0oAlnzWegB9D6F-SnHTECFle_cgbdpFSp9rpiK367gkYkySEtVQUXjv9v0VedwinhXzWmSLY&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B

Request Chain 238

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIJVwVShb7bgkx4-wUORT9M&google_cver=1&google_push=AXcoOmS-1wepyRaRa0WYV68exE8opySYhrZ1EmPTetdJFPDDhMh3j18J3GyYSwP5cKEAGNXLrRFH0mjJMqdTd9ohGV6DdbuGKsog5mj0mBP8dSO7_WnJA43yXaNaFCaItNazqYeEJxySrFdvtZUtSjsVijCoEag HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmS-1wepyRaRa0WYV68exE8opySYhrZ1EmPTetdJFPDDhMh3j18J3GyYSwP5cKEAGNXLrRFH0mjJMqdTd9ohGV6DdbuGKsog5mj0mBP8dSO7_WnJA43yXaNaFCaItNazqYeEJxySrFdvtZUtSjsVijCoEag HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 257

https://gcdn.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/092C6DE1A8D2068EC9C3C0B7A554D5E836957577.5B4AA52000986A904E69E762DC484F24747F3A58/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5ednsy.c.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/09F812C1D0C3AC760E938EB1D9204D22F0E32B69.36F4B8A6BBE9BF93726577E07C611F17449C0835/key/cms1/cms_redirect/yes/mh/98/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5ednsy/ms/onc/mt/1699458443/mv/u/mvi/1/pl/36/file/file.mp4

Request Chain 259

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELxDtk_1rO1lDfsfMRKeYoc&google_cver=1&google_push=AXcoOmSkeSCukE5ZYgJDVahhUuKl7CVCJ-ldlvSlgqMkYMWzfZCJ1yMEkySZZKqZrvOHPUjGquwFc-VHXfkfftq9PkL_qwqwPz28Qcc HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmSkeSCukE5ZYgJDVahhUuKl7CVCJ-ldlvSlgqMkYMWzfZCJ1yMEkySZZKqZrvOHPUjGquwFc-VHXfkfftq9PkL_qwqwPz28Qcc&google_hm=JjX3CYh4ofWjeQQ6k5sO0A

Request Chain 260

https://a.tribalfusion.com/i.match?p=b6&u=CAESELnSEsFBn6Y-YLzuEkMvPp0&google_cver=1&google_push=AXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELnSEsFBn6Y-YLzuEkMvPp0&google_cver=1&google_push=AXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 261

https://ipac.ctnsnet.com/int/cm?exc=1&acc=crimtan_au&google_gid=CAESELhBwlbKPmnku89G5sk8evg&google_cver=1&google_push=AXcoOmQJNMZTUM4SqwNme4cIugSPs9ZbY3IfQrRWO84WWl-G49z3e71VU2SrR1G7Az1_5WmWUaArM6okUX6G17G2H6IwuvkpF2DafYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQJNMZTUM4SqwNme4cIugSPs9ZbY3IfQrRWO84WWl-G49z3e71VU2SrR1G7Az1_5WmWUaArM6okUX6G17G2H6IwuvkpF2DafYs&google_hm=hdYa6iWGRlS9RFqZoKplUh0

Request Chain 264

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEG8ADGdgtxxDbbeWGxBB0ZA&google_cver=1&google_push=AXcoOmTMGH1gIhhi2stA44jMhoQzhiFiGuYsB_ofjH77qo17vZ1B0yV1WdkS-1mKcwaPHnvIaQIo4Qzp4LxBjf7EQXVMyekAMHieRw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTMGH1gIhhi2stA44jMhoQzhiFiGuYsB_ofjH77qo17vZ1B0yV1WdkS-1mKcwaPHnvIaQIo4Qzp4LxBjf7EQXVMyekAMHieRw&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B

Request Chain 268

https://fw.adsafeprotected.com/rfw/bgd/1474271/76103299/xbbe/creative/adj?p=APEucNWXGRCsI5qLZ9x1t9Q0wdOybhwwla5aY2SkcSu9uJeH22qP_aU&d=CokBAKAmf-CqRtXVrKh1eudcF6ZJoVwA7qlvrRQBJERhJu-fckQCUfbyD8fH6SVW_Tgv4pER5IcKEMAjsawaNtns0Ba-cyf5LWI0osfB2jr-vrFRI7wwrivu05J8k7HZMQCmx9UxRN8jyZJyId1mOYllIV9FJDBBHd_iLqEk_QesMccMSc_Db7UARIgSuRYAoCZ_4NfVWHwkEy1n3rG2GSqfpqLrRdpDWA7ljN7BSg2Yvh8s_MzlkccUlWH60NCHmnW4rGH6_IK6hd_wHay9KeeSDEXJ9fgmnl1rN8GaT9EjXPYdfNMavgIpAh5ph_l5TCRLlKN25XmzX0z6-kPfhmv4Y2UJzPP-QTOiJGAW_aDfHfLWGpDYdTzl8pB1naUo3peVx_gx1bpkOe-QVpFhskXkaVu3KkFrZByX7S5MJ-6wnMWujsSNmQEdn7KoiCgZuC6Esv4csMZjW852vV_wsafq47BrCl-yue5gINv-YBSrK6rYIWEchTnszVMJFweM9U_KpMJ6uZr9TKioeKdVY5eDYjyiuilU5ZaZtOFk82ujYCITcxVCy0ApexsTg-7NbSqexHAWAqEY9YxdGk_8Yoej6sKsP7b_nTCHYh2Jb6gSNtHekIaCljGA0unVPuvWVxXlVjGn8WfWcKpCgptK8EmgfLengJGHchWy61m68QPlnI2MN42N7U2_OzY-QfKWZ6Ke96j68gxaTcxDU2XdV7jE7uImD47tRyig8RF_Uq0CMiOgc-mUMBuVqOQKg8lYw-nsYwykxFBjZ8rVJDG4NgIuXASvbXvXY9CjKhC2ETdLjQWtPM4THOdnNeAEw8hrLW49GwwZ_-tB5bYrZKwkZzBA29sKKqUNqNN-u_zUrP-L3iJEBs_aDSh9C1q2UlB_XjT-aZdNK03sJyJNZOCV3bOcFZiRczWcDyK7GM_TP8PalAZmmbIeeyFRbDstnv1GHIHJFhjtWkGlaUEtQ4sLFaZJZREHZAnwbyjqm8f1yq5paMRXtKR8XNTA1CxUTFrIZm7f6G2uqeOAWncztrIG1A6NffOjIcQuU9y-Alz8DRf6oqT2brClOPMszdFr8ODucxmLABqMXQQLFWTicIFbSOW1kECpOSFQac3RqNgrLOfF9krPWquYIEnbqTTDUcYRRF8mfvqfcg9tpa5SfjQWriWoxaTWcXU4PkBSEumBIYoBbOQkwrQ7EQur1Vk325Ud-E7HHYvtYpvaVhqNfGRgRmXwDz79Smg5yXJR4I107LnlxzGD_-GPMV6wfN_F6ffNg-AsDUkUTQNer6__5FeSMpRo5Cuv7gERkIA8W2CcKjOnhCDCvSJFSptORzdMCNVG_a80ZXJYOSD71RY2m_uNqKwVVhhSIVlc1zj0lhRRA6012oeuL3DSlp70YFkVJAHenyY2_dmfNh3cUscoHB9q7YxaPygYAccNdwWmdVc6zP-YiIklQVYB_XiVt_5yiD0j7qv2_H9-XLwRUAQISoLg9tipo_6QLm4nvk-gm_Z21DpB6lVxvvnQlma2vvd0_JQaVoH_sGTpUd0ozBZF3fL-VUOCCR1RP24HaGu8_IU1SnZ1TIkcOHgNquO507zKV0ZHjAQP84r5R5vzxvvCVPevH83HYmYeSbJCIEBf75uC3G1rwofHY-up0PvTx9EzKoZldWuWPAY4saNiHQUeOEoItcOs9ucOQ3BYlhJ8m6H1h68Mk7DCxYDZ1vTKa63sR5y_inAwWAVfWhnymxKPDOVFyFtuOB8WfAqOYvHncW8dB0_MgNB58cw6aIJT-Jk2hACOuniU9_cpEjOcVYEzsD-Y2LrtAlwwFq7AhiXqkESTOtmARpC9EBfnYbxfcUoPUvEbrUZGDzJCR0beykWdIxF_kL7gG9z4qYxeW7dgz0rFdaen_Me5BrwXqm3HL2rTD-pr8inOnuUQkQJStXFiQ9hFAtmoI0WAka5csYOvl5ZxuGcGXyrapHlC_C92WAitMzrDEcgkvk6d-_UZ4KfauASy0QpF_Ue-wxSwMvMoeLKZUhdpfsu0qvgzqnlfakpEuIhZbL6iosqsogf2cuOA8OL30Bj87Ls26oXcGXW7faQhZrO8A01_c6eSMc5eJ1Zt5PnZNjN8zvM0gnKefYoz2qmHx6i-w9dvX-QwYMVAVSTvrlE4DqkPHiKWEIZbnzsYECPJkN1c1RNw3fXdVs5UxrX_e2nknufI8Yx947AM_V96UoJQI9nbyJooOGhBFTPuWXQKOICreMA22hsO9jmBUSn7ZI8pMZvCN_fM00YTTNGYE-E8_HwjvPeyD1VktBy-NEXqtCt9MRTDhU5Sp2TFZlOQaFFvPCk3yxQhaQbVcNSPjl7Vg_xuY0laQ6Q9lvWqE2xy1RaDZjnOZGbxosGjpDp8iz7gEapWBdik0jUQMUGRvN4PtgNKhnb2NsKJGQxZcB14N_DCk1F1O3KPj9ewAo4QXlBdPDMmk2ISosX4xjx5P9SBhvG8eA2mXDwbjOfJUfY7kNsZGY4COejBSxfRCPrktX4SLPpGmh7HY-pa00ynMbyAwdY7JBObxRpZS5DM8VYRyq8S3tA1KscG2WmnFEGLNLoc-xf0VtqsJxeifQ_G4HWNhOIscRa2mN8LLfcQsER3sbjpKPQ1GanZnUfMVwrYkF0vStAPXtvKj22oMTaRgZs0RqdisZSTP5vy95gc-X1idcrNnsrpujesvLIRJ7fI4Z0YvZja16wuqM598VGEBlXEzdKqwV6b8BwdhvRkumaWwSY4wkuV9GlVvXqJbw81CttnDc2UMPDorHwKDat03CAKmyoyKHNJ6K4DB-Bu927aQgEK0zX8i-AP8M414f6ao3nsoAU2dgHtzuxY5vf2p4PwO5v3vqUmjGJZWpJSLhsfYP95-4lpwMbuz9pKDF6Nif1q67UGC4SwcLY7b-4rGe1N_Xg96tFm3sdhb3z8RSy9AHh32AgmsWskyms3JqJfdZy9U07N3EncRqN8ytLR21klOZNuQhB1CoW_1KwWHxEQ5zUgonFgm0QNi7PWOqNM2JdCdqgPkAKeN2Jyh7u3cEgQBxSp-VK4Clk9E-ZC3R2BNEoBhB0CZZIjGQryhBxZUw2EUnJuesXOomQV_y0FYxe2anuw4onBfSeykIT0FaQ_6IjifRyyBoLPREiHiBOp_WyvV9YskeWhIJHpIVlt9FyWkO8QTlmQuwCUu3IPLokdC2qNiLeti51EiH04ua7Yy31jIuoTDwq4Nip8g0yld-zINRCmjeWmWKNY1jh4f549TQnKoU6NijRbf9wpIggacY7_rlBH_yKamjR-y-S8WJqkzB-ZOn1NcB5z7ayQaCt6pZIWickXniHckqaiMP6aJz5r4lZubNzM-9Gi4oagWOMYkZKbm4uyaoJo-K26tl5-VaWpKeUJwwsmyDlz6anbtLnGWinbu1bJNkUNfKFwG-QerL6gOWhGZuWjBxV2yX2TD-wSFD4Gwm17azIvP0_-i8vV50uENu-eV6MrdmSsfKTeKWRvQDa9Vd8GMQxRUb-tcA3P5nCFqjskg2madijR3NxgG4XkdHFf-N9LsHhjKAZjzyokcgOwdN1PmpVGJwIP1zUXxphyZZCQt-_vtSWNv0FWVHnPqLRmUyJAKYQ7lo9wdY7K3-dAQU-6pbdoXxDjqRKB9WC7tEspOP49D7DskfNF_XNDoEeTWPoYtxvrHhSvcKs06YHkvGHF5fTlOs-AqE8hEt1hjmKUlqqv7zRIhNvcHDlJyITksJnH2tzwb2fLfHYUl1MlVhcWKKRnvI4N4cpgl9FcHXYtExmAdstYDR6QzcAQ9mmPI-dIFTNQFHzW8rp3snxptyhrhxIA6qIcF3MD05JM9m69rMyMjV8wV_m5ReZfCOYTta2NfUACddwnSSM6RY9bsdzCsH7notfzyUUJAR_4d9v8CSGtD0VTUqej8cNgsquEESC2zibNHkOGRqmHgB_eqzwegcxKSudipf_eTjsuyLWexp15a6B6U96GH_t1f-5vRWHAtCiMM1o0PkL_7PuU4BpBCAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAFgAQ&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20123268692&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iCAbnril3t-_Sh8nxK6MRj&adsafe_url=https%3A%2F%2Fcybernews.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231106%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-5928161074779380%26fa%3D4%26ifi%3D7%26uci%3Da!7%26btvi%3D3%26xpc%3DT0Ay0Cr4Y4%26p%3Dhttps%253A%2F%2Fcybernews.com&adsafe_type=d&adsafe_jsinfo=,id:6902db01-b5a2-a30b-5a85-a20f2a9d20cd,c:toBYrJ,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-8ddb4989b-m95gh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c1%7C1d,idMap:1b*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:21,oid:b78867a4-7e4f-11ee-8aec-aaf896d523de,v:19.8.459,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 275

https://gcdn.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/4E39B6B742D24519D497BBF40EFACE633E3D9FF4.3C11BA6DB17E1D970B5A82F99289C65076434569/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/840758AAED591FBEA6378BCA6305C64B20160B17.70C64AC15B8BF151A0C2836FD329A4791D313ADA/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Request Chain 280

https://gcdn.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/4E39B6B742D24519D497BBF40EFACE633E3D9FF4.3C11BA6DB17E1D970B5A82F99289C65076434569/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E4724585F4DF9CB052D6B83A263AB345EB3B4C4.0CB5AD21EF2074F10B07BBA7B2B405401E496627/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Request Chain 285

https://fw.adsafeprotected.com/rfw/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-BtBWF5665hsQLyixw6r0pTR1H3DMeRPQG8PpZHMAvNVE9EMdtMj0EepwTAoKTedPd7mxmBtM2kiYSi5oMtZf6H2lqYafTq6NuaHXHrQjmQ1l-71Uj9GN7G7QVj9kgTFEiL8Xg1cgeOp3tYKy1WdDD97KW6Fzors_HJ7TEu4-AC61JW-EYS-RUAoCZ_4PbnsFAlOigvSmotJ-4rViQDyEmLzBpiKYOMhLBidmAimxdIXZsK32m1_l1QyP7mxvRckreqM_fMwUEzxWX3YdZsBJl7jy3j-NuQhfSoJFi3s4w5PxhQq52y4E3Hk2ay4Mp1mysqc-kqt6taFMcE57Mp3X4NBsQfmcAZpondeqYPubQ6eTdmzLZQBV-E5kaF14ImAi3wmnEDLoStPJW2h5DyYWWlv1yFKUrnn1ZPMJbDEEEZT8NTqKjIPonARcbsh2j1-OT1nv4c-Hias9ycG311XG_cf0TNwNN83Fm9Ui629crwnaWawZlhT7AbjyYI_6Z5NBvvVM-mLulfJ9bclWoq8k4sV7w9UI9wnnJKKpnJGjXFKMlHDrurmqT7frULYOC7EmjaqM1Og8CNUTL0qCAliGTQObUOpTD4GceBTQYp5t5rS6nsUzp2xx_kYcff-HwnwKVWgj61l61icVqqaFgAJOn3kI0Eos8hnKrrHvGcZHd5qEEQBnNlsnYOCTwc1ARFx6QvXC8cYqpQS19A2MpZk6ltYk7VoueyaRJzfreIkL4xOsbZAgq2f46BH2s2VkHM3nrp10TM-kzNJz8_k-phgPMF4xi-tJFZ9hU72D7JRK8MgsR30XiO4CpDPq5nbENf6vOBMTU9R-T3945fpw_RechdZryfmo0CXsAUkKXGdHjT0fCe-S1w9vSR0iewR8drf0l1zQVdX2fweX0ay2Aj2Y-T3T3qfHBNol3gXQ4-mgShisfqb111ZkROeHQw4_077oCJAX7h3pV0aFCLzx3CM4oMwZMpMGN8HJA2IbTNRtpC68T5u1RKWDTtkFmC42jeIVD918SEbYHAsA02kj9l78GXBZd1XMKFGHiv3f52K4HYJN7OlwdtjHk26yzYYwY7iQjgIWIPz7_CyY8nqljSyw64cGrvbKY1gQrMtQDeC-xCbr_8LpcVL1WtxRVo3YOCpDZZ-ihPR6pqw7Nj9uDwiTrfIAZtWeoBFNT5KHJQzIyqrCKX-sf3m3BM26jCT2IpflBgYIA-WEVZ0Fk6BrxdCqvzlA7OVTcMGNTlS7tPjEqB7yDT_Z_SEh7wqqyG6gYeNB-rSI-knbKygq2lyrHbWDJ6HWYCOercW7z69MjXpKkCEa8VsVVpovXKpWeQmrxc8M5hfDrGcMH9GtFqrh1G2bp056EYHUuybSwD1xTHNE3AUIZRR4bUL71S1xL-ZCbVpL8850zhL6cYbH_d89JW1CmZqFCFjJeQIxfuY24UCQjs3-y3D9FwjnMj700H2AKHoxFoYaSj8gXigGNZr6Xjs-f0L87elwkyHPg_q1lgUe-1b1CNDGbWE7sZuDg_zoWBiTqU6RQTF6EiqWzCH7INrATb37ZNUqL_fPmY9mNa_p8AH3z1HVJiyz18lGA1i5bZPITSj9q_X_vsa_eOrbE-tQBYWzhy9YQX1Jl6EYAnnBJRrKYTycyvHLnFuziIMInKvqIuh777TlAwj5fYVDe9WHOTDeJEtEvqNOUlSGhbCtpGdZ7qftpPBMEUl4jIPtdZT1dRnDRLrcYvORc6kCsvPu8d6v-kHLQsPrH6wr6VFMB1L5WJeTCSM577-JnO1Z0se2UoHodJ-aPm-L-lhMzIl8BApphn33VPO70_ww7LRrpY3B6weW685457lVQLay9xc-Z7wkx0C7zJzmGxE2iPjFk5XC3uZNH_ywslLQtqLjTjHZkmLq38TkW4TfqMveOIVCwlxrXoU_jeh5gzI65nOyXm5XpHuNeuW1cqc7uea8tsxT8GcrEsio9fmE8fZGU41MFqor6PKOepYKmrGNroHl4dPMFLexMsP1WS1FrPxK7ZNSFUMS9dJikiRQPCi14t6cWNp83fS_BsQStFrVVulSvP5fWIIK9YhSe78Spk8Pit5RTOY8kQJPxwjDmg9mQa_OWW2Z0UQPqzP480nGmBqwXvB-9Iarvd0EfPZ36WQk9QuREkuWiGucIyXGgMoQjzfDFKd3Am3GAza48KOIqyPSO5lcat3jVE1KdR_L0RLaEnsBO-0V5q7zn5jYIsPlLO2bCrQ2_3mMdXK0sXxRbA0-R-mL2-RC1pV_ISpXOJNdrnvymNS7dc3I3AXP1IhzdWHkGhpepNX7x_C_ONVjzgPejXp4CERPCCtG2CLBQs20blHVrEjOBG9mCub_t9oTo4QQPNc8UFuVV0J_GG1cszN5pQY9YhUZtoMJEtDCXD9ONvA8RMh9dTx95cIDtBEOUEEgkl_TWhjuQ99E8SwfAs6lKFm2hlMSWeAb72J4hSEYxdqKmKHey5kFSS_dAT6MdKd5tpjNYgvTCu0p7RVrcRHdJg4uGibaq44db9yzoTZE-zrQNL7l-BZtrGQXuGCpWn6uppbobaRxk_rXSN-ElXtwoQuoOAFdU72lGKCcYsGx6dat_39iYsf-ZCzcTQVAfX5cDJ6A_T_fY1mHIWbN1gCKJTtsCdZuxuFbWtEkKRcmxvq_8hKOUiTT9KUOfTHuRBZvqe93MPPgRVfCiqF6Q8jSYcTCpIDl5KkzNW-cVZ-7oeXKYCKEhod6IBloarWcgZp9YfElHyIdRKJizu_3CNsaGNA6o2JqfFWfal-jmLxD3sPraZmK_Gezdtet7m-g6NkwgouNxyI0H-gi6CTICNMsMVJbzNFRZpLDgCjQLJvxigCC3ZU4hNn3cOZwmlD-fYP4YUizBBSOzX1Wd-CJvy21BBMPwMZ64a7IAyN3PzntSe6ZdImigjgu6NRqkTShtF7ZVMGPSSV1tpFSIESVjKHO6_ACrkChX4qGQu2spVw9L-z7baDss8O5VBIbzCugiuj5EYpk3VYjDVBQicoGRv3g5YTEMs6yq4zrYkXDa8H3Foi7rzAdlBg28lisUZIYgWrlQPobXYqtmFm9It-nFnuBsP3ebMCUwxg04QUE43TAPwpn3CHuI8TK5GAG-TD8CpBu6trQkqvR3ZVgGpufsguCpiHsae5LtQgmt21x8dshdBD1I6JZpvoTOQhDyefzLx1qVyp6FDKX0N9UscqvzPGkiABbqYBo_ubrBkHm72FE8wHBpeDgvvtuio-zmJseXcYguuvnJk2YIkeqQVFKlAJbq5bs_xJy6Fv1MmXfBMgh4x3rKU4AWlCbt8z-iGVgeRL2hXFUlAIVQQsJmF1c7e_t-G8U0Nkp6QirRu-YxxdgIBxcb-PqN_OVmEW7zf3vJvFfMFzW8ZphW3sMhOgaADFVdwV-DrPItqgbr10It-O0BUx__eTejiO_g8X5CY2nZwCxqvtg9D0dZlRSBU_pzTFg4bu8RiYDnN2LWee_0fJQXZu4nf97Xp2a2wvKYhr8JTdZmkkoZ8ijNNLpqC64UiYxK075gVy1fhqslOLJ-n-u_s7amYR5lWvJnT_39rKpZjcrnYGem3CyX2ct8h10kW6LbodmMb2ry6QPK4-Cqzm7efxWfLrenPpbHC76u0Rc931jiQ6v-XrAWA7jJ-w4L0qnT2AS6QOJ-Cdg205fjNcLf6xYRIG1DLOSTAwa1ECLhJiVA_pcEdam0pp8BbzDm5NursGvTebYKvGti3IJr0LoD6-XJnRu2Mymd0HoxDiYEvVBzvHrEQzOpnUyaV6hTz3m5K1568k6IMYPLMvek_8F6j6Fd4YmGCMSDa9yFsQO13F2jU9uy76ATV4ABuwXT3pyjIhB4Gx5707ch-52vW0RLfZNvXmiFKVVmaKt8Wn9ckxUHZiYhuPF7nb5aOx1eEzcRTGkEIBBI7AMgJpo38HolbSeu-bLcBy8LvB5LlCwW_5LDSbYxFR6yLCoOQ8XDWus1QN4M_L7V7frKPbXEuxFY5dsIYAWAB&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20118583893&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hv6fJj42_pbGowSc7eAbe8&adsafe_url=https%3A%2F%2Fcybernews.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231106%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-5928161074779380%26fa%3D3%26ifi%3D8%26uci%3Da!8%26btvi%3D4%26xpc%3DJDZtdhKB1c%26p%3Dhttps%253A%2F%2Fcybernews.com&adsafe_type=d&adsafe_jsinfo=,id:8de24a84-3cf5-0876-587f-16ff5a2f05ff,c:toBYua,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-8ddb4989b-gzl65,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:5,mot:0,app:0,maw:0,fm:tV2dkWx+11%7C12%7C13%7C141%7C151%7C152%7C161%7C162%7C17%7C18%7C191%7C192%7C193%7C194%7C1a11%7C1a12%7C1b1%7C1b2%7C1b3%7C1c*.1474271-76103297%7C1c1%7C1d,idMap:1c*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:34,oid:b78867a1-7e4f-11ee-bf17-e6e69cff327d,v:19.8.459,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 289

https://gcdn.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/4E39B6B742D24519D497BBF40EFACE633E3D9FF4.3C11BA6DB17E1D970B5A82F99289C65076434569/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2A40AF04D5B2F5695A5F78829E50FC8F56B700C9.3272C80B8ED5CC66C8A0986343345FAE9E8A3E9B/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Request Chain 306

https://um.simpli.fi/gp_match?google_gid=CAESEH5P7qqhl95Lv_VS1wMdMFw&google_cver=1&google_push=AXcoOmTL9_CGEdLfG0zrjPRpB8T8Ih1DbfedpEN1YJaJJj4m_CAVwBxzP3QdCOgF8iDphsiW90RCmWIXH2LlWAUJMgGy46tMWyqqdFWU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmTL9_CGEdLfG0zrjPRpB8T8Ih1DbfedpEN1YJaJJj4m_CAVwBxzP3QdCOgF8iDphsiW90RCmWIXH2LlWAUJMgGy46tMWyqqdFWU

Request Chain 308

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG9Lq1syn_kdGTNyFGByYsc&google_cver=1&google_push=AXcoOmQJGqcHlWUCTTXG0eJhwOxmq1OhG7o7CvEE6X6p3T-uCNwTc2FfpXP5a0r2MEwMISMiCdjeg9ifS2Jp5evZP_pTfGt_5QHkcXI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQJGqcHlWUCTTXG0eJhwOxmq1OhG7o7CvEE6X6p3T-uCNwTc2FfpXP5a0r2MEwMISMiCdjeg9ifS2Jp5evZP_pTfGt_5QHkcXI

Request Chain 310

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJbzWd0SjHjjyExnIoicXew&google_cver=1&google_push=AXcoOmSVU54IhIF17dsx682VaCuUBnB0V1jcMSC-7_nG7eZrzqYwRqay3V3XgQuTdHgJ4gIO_AW1JbHnx3MMzXz01J2AdJiH4U2IYbTL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSVU54IhIF17dsx682VaCuUBnB0V1jcMSC-7_nG7eZrzqYwRqay3V3XgQuTdHgJ4gIO_AW1JbHnx3MMzXz01J2AdJiH4U2IYbTL

Request Chain 311

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIJVwVShb7bgkx4-wUORT9M&google_cver=1&google_push=AXcoOmTOejLsz41aflRCWkEKraR05AZBwZ4FxsjXjPpnjRvV1N-ut02d5ciJEdT46f4FkfjRSAqK6RLkTci-994FE_Lp1a_UpW32N9zfsQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmTOejLsz41aflRCWkEKraR05AZBwZ4FxsjXjPpnjRvV1N-ut02d5ciJEdT46f4FkfjRSAqK6RLkTci-994FE_Lp1a_UpW32N9zfsQ HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 322

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_cver=1&google_push=AXcoOmStpX7mF0PYEqLgJDCBY_cSeb-SsQhhjMUI7aBvXuw_cMLGWphXcGQ-13RDWTyhkEHUlOz7ogF0TQIf_2D0q5X1kqftnngS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WlV1d1BnQUNSZHNWNXdCSA==&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_cver=1&google_push=AXcoOmStpX7mF0PYEqLgJDCBY_cSeb-SsQhhjMUI7aBvXuw_cMLGWphXcGQ-13RDWTyhkEHUlOz7ogF0TQIf_2D0q5X1kqftnngS

Request Chain 323

https://um.simpli.fi/gp_match?google_gid=CAESEH5P7qqhl95Lv_VS1wMdMFw&google_cver=1&google_push=AXcoOmSiLiL4OKxhx_Md82H65-xIq2tSmUYA1sD6tPgqtPDbZEnIbRIlfgRQ9j12dcTEYRNjCiAeinsFq8xjclIx452IOC5VeVAXbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmSiLiL4OKxhx_Md82H65-xIq2tSmUYA1sD6tPgqtPDbZEnIbRIlfgRQ9j12dcTEYRNjCiAeinsFq8xjclIx452IOC5VeVAXbg

Request Chain 324

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMlg50WZ5khcWLGSSiHyxtg&google_cver=1&google_push=AXcoOmQkRtp-EfTAJwkGR4nh4kRv8NAxUGemC6QqZbiPFjIO2aqu_1IvuVQUtXGyWJiHnyWD7DBtw4ntzPfqYheGyvswrGvTfNJz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQkRtp-EfTAJwkGR4nh4kRv8NAxUGemC6QqZbiPFjIO2aqu_1IvuVQUtXGyWJiHnyWD7DBtw4ntzPfqYheGyvswrGvTfNJz&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B

Request Chain 326

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG9Lq1syn_kdGTNyFGByYsc&google_cver=1&google_push=AXcoOmTbvLmb3Vs2dpanA5NZW4Zlz7kq74AMkrrOd2C0_endcnUh-XOxcb_4jh67a893QMjx7TxAV5nAAYMOY2eXgNbl6JAIYnS1Ew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmTbvLmb3Vs2dpanA5NZW4Zlz7kq74AMkrrOd2C0_endcnUh-XOxcb_4jh67a893QMjx7TxAV5nAAYMOY2eXgNbl6JAIYnS1Ew

Request Chain 327

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJbzWd0SjHjjyExnIoicXew&google_cver=1&google_push=AXcoOmQXnC4DUiTm_MTPGysgPNfpeBRB-IE43Hr-z8r96oMim5SfYc50c_DPLMw3ZxbFgypqxWw8-xwRmB4s2w0l4bpghz8NM0CyPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQXnC4DUiTm_MTPGysgPNfpeBRB-IE43Hr-z8r96oMim5SfYc50c_DPLMw3ZxbFgypqxWw8-xwRmB4s2w0l4bpghz8NM0CyPw

Request Chain 332

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiU1RBUlQiLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0LyJ9fSwiY3VzdG9tIjp7ImN1c3RvbTEiOiIiLCJjdXN0b20yIjoiMi4wIiwiY3VzdG9tMyI6IjIuMCIsImN1c3RvbTciOiIxMTM1NzYwIiwiY3VzdG9tOCI6Ijc2MTA1NTE0IiwiZGF2M19kZXZpY2UiOiJERVZJQ0VUWVBFX1VOS05PV04iLCJkYXYzX291dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwiLCJkYXYzX3VhIjoiIiwibW9uaXRvcmluZyI6ImZhbHNlIiwicmVnaW9uIjoiaWUiLCJ4c2lkIjoiNzQ4MmYyYjgtN2FlMC00ODAwLWJhYWYtNDEzYjMzNmE2NGQ4In0sInRpbWVzdGFtcCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIiwiaGVhZGVycyI6eyJoZWFkZXIxMCI6IjIwNTA5Njk3NjU2IiwiaGVhZGVyMTIiOiJhZC5kb3VibGVjbGljay5uZXQiLCJoZWFkZXIzIjoiR29vZ2xlMiIsImhlYWRlcjQiOiI3IiwiaGVhZGVyOCI6Imlhc28iLCJoZWFkZXI5IjoiIn0sImNiIjoiMTY5OTQ1OTEzNDc2MDA5Njk3NSIsImFkRHVyYXRpb24iOjE3MDUwMzI3MDQsImlhc1NpbmdsZXRhZyI6dHJ1ZSwiaWFzU2luZ2xldGFnT3V0Y29tZSI6Ik9VVENPTUVfTV9fVkFTVF9fT01JRF9fV0VCX1BYTCJ9&advEntityId=1135760&pubEntityId=76105514 HTTP 303
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A1%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D

Request Chain 337

https://pixel.adsafeprotected.com/rfw/st/1135760/76105515/skeleton.gif?xmtp=v&xmapp=0&xsId=7482f2b8-7ae0-4800-baaf-413b336a64d8&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_campId=1008772806&ias_pubId=pub-5928161074779380&ias_placementId=20509697656&ias_chanId=1&ias_dealId=&ias_impId=v4~~ABAjH0jHKSgm4m9ZBTAwesRLlbiJ&ias_dspId=3&ias_creativeId=203224912&ias_=&ias_xappb=&mon=76105515 HTTP 302
https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=7482f2b8-7ae0-4800-baaf-413b336a64d8&ias_=&ias_xappb=&mon=76105515

Request Chain 356

https://gum.criteo.com/sid/json?origin=publishertag&domain=cybernews.com&sn=ChromeSyncframe&so=0&topUrl=cybernews.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=fYonl3xsY3FGMGJ0RzhVMHA5eHV1M21rODlJa0k1WEtscWhNdE03TkZsTWp3SnZiRkh5LzFobUloM1VFNm1iNzNrUWJlS1BLM3BQRzZxeXBWZWlyZjNMaUVDa1Q3QVN5ZGduek8zY0M4RzFRaEJkM2g1MGwxMEYxamZieWZyZ09sTUFNWjJSa1l0OTdaZXd2SGlFUmU2R25PMkNrenYyWVZBeWpnUStGUUQrOWYzalZZWGh0ZFh1dncrMXg3Zkkrd05qVVFqeFVyUXZuVTEzbkFIS3BuUUhybUFNYWVhMFdqT25CVVArNTA2NnZQZjZaL0xzaTlLQm5rczhlOTBONXNyak5tTktTYlNZMXFETGx2OUFsM2JuTVdpUT09fA&cppv=2

Request Chain 380

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiUVVBUlRJTEUxIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY1YTE0NWQwNjk2IiwiYmlkUmVxdWVzdCI6eyJzaXRlIjp7InBhZ2UiOiJodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC8ifX0sImN1c3RvbSI6eyJjdXN0b20xIjoiIiwiY3VzdG9tMiI6IjIuMCIsImN1c3RvbTMiOiIyLjAiLCJjdXN0b203IjoiMTEzNTc2MCIsImN1c3RvbTgiOiI3NjEwNTUxNCIsImRhdjNfZGV2aWNlIjoiREVWSUNFVFlQRV9VTktOT1dOIiwiZGF2M19vdXRjb21lIjoiT1VUQ09NRV9NX19WQVNUX19PTUlEX19XRUJfUFhMIiwiZGF2M191YSI6IiIsIm1vbml0b3JpbmciOiJmYWxzZSIsInJlZ2lvbiI6ImllIiwieHNpZCI6Ijc0ODJmMmI4LTdhZTAtNDgwMC1iYWFmLTQxM2IzMzZhNjRkOCJ9LCJ0aW1lc3RhbXAiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImhlYWRlcnMiOnsiaGVhZGVyMTAiOiIyMDUwOTY5NzY1NiIsImhlYWRlcjEyIjoiYWQuZG91YmxlY2xpY2submV0IiwiaGVhZGVyMyI6Ikdvb2dsZTIiLCJoZWFkZXI0IjoiNyIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2OTk0NTkxMzQ3NTk3MTc1NzkiLCJhZER1cmF0aW9uIjoxNzA1MDMyNzA0LCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwifQ==&advEntityId=1135760&pubEntityId=76105514 HTTP 303
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A2%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D

Request Chain 385

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiUVVBUlRJTEUyIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY1YTE0NWQwNjk2IiwiYmlkUmVxdWVzdCI6eyJzaXRlIjp7InBhZ2UiOiJodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC8ifX0sImN1c3RvbSI6eyJjdXN0b20xIjoiIiwiY3VzdG9tMiI6IjIuMCIsImN1c3RvbTMiOiIyLjAiLCJjdXN0b203IjoiMTEzNTc2MCIsImN1c3RvbTgiOiI3NjEwNTUxNCIsImRhdjNfZGV2aWNlIjoiREVWSUNFVFlQRV9VTktOT1dOIiwiZGF2M19vdXRjb21lIjoiT1VUQ09NRV9NX19WQVNUX19PTUlEX19XRUJfUFhMIiwiZGF2M191YSI6IiIsIm1vbml0b3JpbmciOiJmYWxzZSIsInJlZ2lvbiI6ImllIiwieHNpZCI6Ijc0ODJmMmI4LTdhZTAtNDgwMC1iYWFmLTQxM2IzMzZhNjRkOCJ9LCJ0aW1lc3RhbXAiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImhlYWRlcnMiOnsiaGVhZGVyMTAiOiIyMDUwOTY5NzY1NiIsImhlYWRlcjEyIjoiYWQuZG91YmxlY2xpY2submV0IiwiaGVhZGVyMyI6Ikdvb2dsZTIiLCJoZWFkZXI0IjoiNyIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2OTk0NTkxMzQ3NjAyODM2NDUiLCJhZER1cmF0aW9uIjoxNzA1MDMyNzA0LCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwifQ==&advEntityId=1135760&pubEntityId=76105514 HTTP 303
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A3%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D

Request Chain 389

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiUVVBUlRJTEUzIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY1YTE0NWQwNjk2IiwiYmlkUmVxdWVzdCI6eyJzaXRlIjp7InBhZ2UiOiJodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC8ifX0sImN1c3RvbSI6eyJjdXN0b20xIjoiIiwiY3VzdG9tMiI6IjIuMCIsImN1c3RvbTMiOiIyLjAiLCJjdXN0b203IjoiMTEzNTc2MCIsImN1c3RvbTgiOiI3NjEwNTUxNCIsImRhdjNfZGV2aWNlIjoiREVWSUNFVFlQRV9VTktOT1dOIiwiZGF2M19vdXRjb21lIjoiT1VUQ09NRV9NX19WQVNUX19PTUlEX19XRUJfUFhMIiwiZGF2M191YSI6IiIsIm1vbml0b3JpbmciOiJmYWxzZSIsInJlZ2lvbiI6ImllIiwieHNpZCI6Ijc0ODJmMmI4LTdhZTAtNDgwMC1iYWFmLTQxM2IzMzZhNjRkOCJ9LCJ0aW1lc3RhbXAiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImhlYWRlcnMiOnsiaGVhZGVyMTAiOiIyMDUwOTY5NzY1NiIsImhlYWRlcjEyIjoiYWQuZG91YmxlY2xpY2submV0IiwiaGVhZGVyMyI6Ikdvb2dsZTIiLCJoZWFkZXI0IjoiNyIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2OTk0NTkxMzQ3NjA0NTcyNzIiLCJhZER1cmF0aW9uIjoxNzA1MDMyNzA0LCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwifQ==&advEntityId=1135760&pubEntityId=76105514 HTTP 303
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A4%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoThirdQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D

Request Chain 399

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiQ09NUExFVEUiLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0LyJ9fSwiY3VzdG9tIjp7ImN1c3RvbTEiOiIiLCJjdXN0b20yIjoiMi4wIiwiY3VzdG9tMyI6IjIuMCIsImN1c3RvbTciOiIxMTM1NzYwIiwiY3VzdG9tOCI6Ijc2MTA1NTE0IiwiZGF2M19kZXZpY2UiOiJERVZJQ0VUWVBFX1VOS05PV04iLCJkYXYzX291dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwiLCJkYXYzX3VhIjoiIiwibW9uaXRvcmluZyI6ImZhbHNlIiwicmVnaW9uIjoiaWUiLCJ4c2lkIjoiNzQ4MmYyYjgtN2FlMC00ODAwLWJhYWYtNDEzYjMzNmE2NGQ4In0sInRpbWVzdGFtcCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIiwiaGVhZGVycyI6eyJoZWFkZXIxMCI6IjIwNTA5Njk3NjU2IiwiaGVhZGVyMTIiOiJhZC5kb3VibGVjbGljay5uZXQiLCJoZWFkZXIzIjoiR29vZ2xlMiIsImhlYWRlcjQiOiI3IiwiaGVhZGVyOCI6Imlhc28iLCJoZWFkZXI5IjoiIn0sImNiIjoiMTY5OTQ1OTEzNDc1OTkxNDMxOCIsImFkRHVyYXRpb24iOjE3MDUwMzI3MDQsImlhc1NpbmdsZXRhZyI6dHJ1ZSwiaWFzU2luZ2xldGFnT3V0Y29tZSI6Ik9VVENPTUVfTV9fVkFTVF9fT01JRF9fV0VCX1BYTCJ9&advEntityId=1135760&pubEntityId=76105514 HTTP 303
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A5%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoThirdQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoComplete%2Csl%3An%2Cad_duration%3A1705032704.1151%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D

396 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cybernews.com/security/hello-alfred-data-leak/ 121 KB
29 KB 262ms
213ms Document
text/html 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

679b595d7bfb8436d3421d3093f4eefe1424b9526f694a31a8e596cf59ddde21

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 822f05184a021c6d-FRA
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-site
ct-content-bucket: Security
ct-content-type: Editorial
ct-date-published: 2023-10-26
date: Wed, 08 Nov 2023 15:58:52 GMT
expires: Wed, 08 Nov 2023 19:58:52 GMT
last-modified: Wed, 08 Nov 2023 12:56:58 GMT
permissions-policy: geolocation=(), camera=(), microphone=()
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 87ms
36ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0d7eace6de7a123701ad163455f50ea9f6f51c5985a49f4d1f6e797009fbdb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1251
etag: W/"2a3bbde818bef34d53a0df862ead5d5f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 822f0519fb1d65e0-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Sat, 11 Nov 2023 15:58:52 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 244 KB
85 KB 85ms
27ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

065aaede60acea7e4d05da9187852ad98658ce6b5b83e709fca18ee52012640b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86984
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 08 Nov 2023 15:58:52 GMT

GET
DATA 200
OK truncated
/ 61 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e138d129f38769d7080ed6ac6519dce8a4d546b7da5709b12aedff39673fa021

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f290a3a287182664a81ea150c04e7d1a451f1bf74f6738b43d382e3d40d98002

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 63 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad6db7c36b35bf8533b381662fc4581191e101a4ecb7b1927bb08d2a7d61828e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 65 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f691574e18790031fbbe273fd5c2399a8beb28538cf67311a962b688796cf930

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 63 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fca9ae04b4bca7ef7d4f2c43505769b1f03fd173ecf3871dd7b7ee0f115dd48

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 62 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab8f0b6cec3eb6cd02efd0a9324053b868cac7dcda99fc89871b4e87141bdf14

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 base-69f914aba75b1bb036ab.js Show response
cybernews.com/js/ 24 KB
10 KB 53ms
51ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/base-69f914aba75b1bb036ab.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b49a24935c33b6588afe92ff18fd96fb3186453e8ce83caf438101329c9c35ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 13366
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=24352
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 08 Nov 2023 07:00:07 GMT
cf-bgj: minify
server: cloudflare
etag: W/"654b31f7-5f20"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
permissions-policy: geolocation=(), camera=(), microphone=()
cf-ray: 822f0519dc2a1c6d-FRA
expires: Wed, 08 Nov 2023 19:58:52 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 120ms
69ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea07af78a4eadab873011143d003e90f2190122141be6574d67a04f740188574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://cybernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52108
x-xss-protection: 0
server: cafe
etag: 10402397235676443258
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:52 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 99 KB
31 KB 149ms
98ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfe2c0f5f07a746268624eada80d4e18e178fbecb5dd45e9298efffa7c748671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31112
x-xss-protection: 0
server: cafe
etag: 681 / 19669 / m202311020101 / config-hash: 6902417098709738194
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:52 GMT

GET
H2 200 5774 Show response
stpd.cloud/saas/ 342 KB
103 KB 141ms
88ms Script
text/javascript 2606:4700::6812:1e31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/saas/5774
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1e31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fef97ab35217e2ce4eac36ca6655dfb3cdb9f90832c9d45f0147887fdb487840

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 19:58:52 GMT
date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 08 Nov 2023 15:56:02 GMT
server: cloudflare
age: 170
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 822f051a2e749153-FRA
stpdhash: cache

GET
H2 200 0SC5DrekRDjdgGgthQ2yi4 Show response
open.spotify.com/embed/episode/ Frame A645 12 KB
5 KB 162ms
98ms Document
text/html 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy / Next.js

Resource Hash

de08f3748f5b484777108134650d041a15e2b51048d9f6e3d52a27eba000ed5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 08 Nov 2023 15:58:52 GMT
etag: "bn9misj3ed9cz"
server: envoy
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: HTTP/1.1 fringe, HTTP/2 edgeproxy, 1.1 google
x-content-type-options: nosniff
x-envoy-upstream-service-time: 66
x-powered-by: Next.js

GET
H2 200 Paulina.jpg
media.cybernews.com/2022/12/ 28 KB
29 KB 101ms
54ms Image
image/jpeg 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/2022/12/Paulina.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfb9d227112112ea799160522621bcd75f35c3e5df888be3298cbfa24d1b9a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7d2716fe283418b87c2df69e15b55944.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 6787
x-amz-cf-pop: AMS58-P3
cf-polished: origSize=30591
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 28901
last-modified: Wed, 14 Dec 2022 10:03:02 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "0a6d524cc0d74b82582791ae4959cd2c"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=15780000
accept-ranges: bytes
cf-ray: 822f051a8b5037d8-FRA
x-amz-cf-id: UjuU4xnBi6ftZPw18KCLp2lJqhMtlL5RUg_4vq_pqs6U0rN72wkjbg==
expires: Thu, 09 May 2024 07:18:52 GMT

GET
H2 200 Hello-Alfred.jpg
media.cybernews.com/images/750w/2023/10/ 22 KB
22 KB 321ms
273ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/750w/2023/10/Hello-Alfred.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d5ffd0495903034c89cf155045566a73ead73662efcf3e8343f236340f06581

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3201e5fb77f9faaa881f4f324226564a.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 22713
cf-resized: internal=ok/e q=0 n=43+182 c=0+0 v=2023.9.8 l=22713
last-modified: Thu, 26 Oct 2023 08:34:34 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfz6reBtULxvNRASvo64_-UkcFu5KfpxHRw9djGO55DQ:d4dba690bfac288f408a1accb23571c5"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 822f051a8b4b37d8-FRA

GET
H2 200 bookreviewGoingInfinite.jpg
media.cybernews.com/images/thumbnail/2023/11/ 18 KB
18 KB 97ms
50ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail/2023/11/bookreviewGoingInfinite.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b6230cb6538ab0738ccf6f068b860283f95c5c52a32404d366907c360f3e0b8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 18394
cf-resized: internal=ram/h q=0 n=0+87 c=0+0 v=2023.9.8 l=18394
last-modified: Fri, 03 Nov 2023 09:23:01 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfHERaeuOC290kjeDOKlwEiBU2Pri99XVCPD58WiJxDQ:426f6847c5633ebbe712da743193bfd6"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 822f051a8b4d37d8-FRA

GET
H2 200 exoplanet-discovery-ai.jpg
media.cybernews.com/images/thumbnail_small/2023/10/ 3 KB
3 KB 94ms
47ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/10/exoplanet-discovery-ai.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b05cd13161a893b6d815c353de95b25ff3a273e4baa4b503376817ec5c0ab259

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 2934
cf-resized: internal=ram/h q=0 n=0+0 c=13+55 v=2023.9.8 l=2934
last-modified: Tue, 31 Oct 2023 14:13:06 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfNAOz1sw3sRX4-W8CjRF6wvIh8iFZYhIqdjUqgfspDQ:0e244048c1ad101ee733562a41d8a8bd"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 822f051a8b4e37d8-FRA

GET
H2 200 finding-waldo-missing-person.jpg
media.cybernews.com/images/thumbnail_small/2023/11/ 4 KB
4 KB 95ms
48ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/11/finding-waldo-missing-person.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7842050c8ca63ebd3d9fd3b93af4f92d7677b26d6182bdc567cf79c6b3eeead

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 4187
cf-resized: internal=ok/h q=0 n=12+0 c=4+64 v=2023.9.8 l=4187
last-modified: Mon, 06 Nov 2023 13:55:20 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfvKevg11G5TmJL1i0-mCDqzZG8iFZYhIqdjUqgfspDQ:69bd180c63ef9907b586150fed461f46"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 822f051a8b4f37d8-FRA

GET
H2 200 gary-mckinnon-one.png
media.cybernews.com/images/thumbnail_small/2023/10/ 3 KB
4 KB 101ms
55ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/10/gary-mckinnon-one.png

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7514b57976180ef294d9334ebf14d8dbc62cbe8f164bf119f64e352c384cbbb4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 3560
cf-resized: internal=ok/h q=0 n=42+0 c=25+79 v=2023.9.8 l=3560
last-modified: Mon, 30 Oct 2023 09:17:34 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf2Jdktgf93kbK6advbdVao6Bf8iFZYhIqdjUqgfspDQ:0ce6d9da1b2a046257b34a6c120563e4"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 822f051a8b5137d8-FRA

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 56ms
55ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

425197a561a2dc98259d7e284f708115b672f426a8adc0955f6f42fbaa61d7ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1251
etag: W/"7f9669464fe15e6a516c0eb693b26dbb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 822f051a4bb865e0-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Sat, 11 Nov 2023 15:58:52 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 263 KB
89 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

49a9f88bd476c1080e47203e9ae15d3a23f09be2fa1749662a3e2ed7ace92a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 08 Nov 2023 15:58:52 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 324ms
107ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230023-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/589784210/ 3 KB
2 KB 78ms
32ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/589784210/?random=1699459132593&cv=11&fst=1699459132593&bg=ffffff&guid=ON&async=1&gtm=45He3b60v813159125&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&hn=www.googleadservices.com&frm=0&tiba=Hello%20Alfred%20app%20exposes%20user%20data%20%7C%20Cybernews&auid=1408738122.1699459133&uamb=0&uaw=0&data=contentBucket%3DSecurity%3BcontentType%3DEditorial&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4282a83ed5c1f861dfe7f733c3ae1137b4bc9b126ebc4a5624184a05c245f2b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1317
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 92ms
31ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 08 Nov 2023 15:58:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: b6ml5UEaskgVxDnsoOJMOBkh8yu9tFViQ9iNHgE9Sf4Uac6pFqdSYwLyTIQ0xb/WyJaSE3Z2HNwQwjI+SM0ufA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/ 400 KB
135 KB 127ms
86ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5928161074779380&plah=cybernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c74fa63aebd853ae46e804bc6547d1d22f79a1849a8f0b3dc92522d056438f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138482
x-xss-protection: 0
server: cafe
etag: 13254174326459560444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:52 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231106/r20190131/ Frame B5C9 10 KB
5 KB 18ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231106/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55216
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 00:38:36 GMT
etag: 251720774729838433
expires: Wed, 22 Nov 2023 00:38:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 461cd0504da4fff1.css
embed-cdn.spotifycdn.com/_next/static/css/ Frame A645 26 KB
4 KB 95ms
28ms Stylesheet
text/css 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6774d0e6dbba4c5415a213fef260efef3d5717c2f86040ce29c1ac65825eea0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160212
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 4043
x-served-by: cache-chi-klot8100136-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "3844664dded56c7b73a495ad23f0d6aa"
x-goog-generation: 1698298758576245
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 26326
x-amz-checksum-crc32c: mp080w==
accept-ranges: bytes
x-cache-hits: 64, 116942

GET
H2 200 9973e6d97b9c343b.css
embed-cdn.spotifycdn.com/_next/static/css/ Frame A645 37 KB
6 KB 101ms
34ms Stylesheet
text/css 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/css/9973e6d97b9c343b.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4c2b28adf36ab604d55c95d79a695562571aa0fd2e70e2ec56f4a699b5f13265

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 3141
x-amz-meta-goog-reserved-file-mtime: 1699454656
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 5731
x-served-by: cache-chi-klot8100082-CHI, cache-fra-etou8220100-FRA
last-modified: Wed, 08 Nov 2023 15:04:03 GMT
etag: "a1d7894d7188374c9a8e47dc9446830f"
x-goog-generation: 1699455843501407
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 37731
x-amz-checksum-crc32c: /GGyjw==
accept-ranges: bytes
x-cache-hits: 54, 880

GET
H2 200 34daf6dc8453991b.css
embed-cdn.spotifycdn.com/_next/static/css/ Frame A645 23 KB
3 KB 92ms
25ms Stylesheet
text/css 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/css/34daf6dc8453991b.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 680f6ed5aca5390614f68ddd6e2957f92d87ad54af751ec95804a424c3944497

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160209
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 2353
x-served-by: cache-chi-kigq8000096-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "da6f07ecb4cd01e8c36cc4bba47dd24f"
x-goog-generation: 1698298758464567
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 23064
x-amz-checksum-crc32c: TpUcsA==
accept-ranges: bytes
x-cache-hits: 40, 64013

GET
H2 200 webpack-033f2e1b958e4907.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 5 KB
2 KB 81ms
27ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-033f2e1b958e4907.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d9ac710c1c0aa2b51990dc038b72bd1f0575c9b267a53f37d551a1d11fda9668

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 3141
x-amz-meta-goog-reserved-file-mtime: 1699454656
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 2271
x-served-by: cache-chi-klot8100123-CHI, cache-fra-etou8220100-FRA
last-modified: Wed, 08 Nov 2023 15:04:03 GMT
etag: "dc1b7b37a04076804b1b90efa6e3b6ee"
x-goog-generation: 1699455843705939
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 5427
x-amz-checksum-crc32c: fxuP6g==
accept-ranges: bytes
x-cache-hits: 52, 887

GET
H2 200 framework-9061fa2704610d1a.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 138 KB
45 KB 80ms
27ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/framework-9061fa2704610d1a.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1bba521ed06e4ccfdefd0d2f2f9d829f17802e95dcd262bf9efe47254b82cc6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 45437
x-served-by: cache-chi-kigq8000100-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "3a8a615aa4a9e0b823b9b7ed90258d45"
x-goog-generation: 1698298758626142
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 141024
x-amz-checksum-crc32c: 9VJjdA==
accept-ranges: bytes
x-cache-hits: 62, 126404

GET
H2 200 main-45d0e026ad3339d5.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 162 KB
44 KB 81ms
27ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/main-45d0e026ad3339d5.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f95269e2ecd6c23625565acbe850594e0925509b9a0f1f46b7e4b874ca337780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 45184
x-served-by: cache-chi-klot8100109-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "6b579bb28f22fefff1c28c3379cec4df"
x-goog-generation: 1698298758805944
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 165456
x-amz-checksum-crc32c: MBEhFQ==
accept-ranges: bytes
x-cache-hits: 60, 126462

GET
H2 200 _app-d46354b8699e0f40.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/pages/ Frame A645 568 KB
154 KB 28ms
26ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f94d6dc34de684bb71f3d7207429bd0971c286ea6a6389ab637fd78bbb70e188

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 3142
x-amz-meta-goog-reserved-file-mtime: 1699454656
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 157109
x-served-by: cache-chi-kigq8000036-CHI, cache-fra-etou8220100-FRA
last-modified: Wed, 08 Nov 2023 15:04:03 GMT
etag: "b3db92437affde04b21549187d095142"
x-goog-generation: 1699455843732173
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 581268
x-amz-checksum-crc32c: o1IBcA==
accept-ranges: bytes
x-cache-hits: 53, 16

GET
H2 200 fec483df-e793d3f4aac0c1fc.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 329 KB
101 KB 28ms
26ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/fec483df-e793d3f4aac0c1fc.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9f70c6bc78c1e830ee3244dd756082d2e3dfbe9a809006428dcde4afbea7f187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 103057
x-served-by: cache-chi-klot8100069-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "1f12dbb57191baf719fc28be6cc46cc3"
x-goog-generation: 1698298758694817
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 337275
x-amz-checksum-crc32c: VOr8ew==
accept-ranges: bytes
x-cache-hits: 62, 129124

GET
H2 200 594-284e2b73b8c68654.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 26 KB
6 KB 28ms
26ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/594-284e2b73b8c68654.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ee50c5f5238272eb60e1f8fe3f03b89f610155e444be734e56804fa5f4340cbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 6213
x-served-by: cache-chi-kigq8000038-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "d2b6ab501c35bb2dfd688aae45398da2"
x-goog-generation: 1698298758153783
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 27053
x-amz-checksum-crc32c: XOVw0Q==
accept-ranges: bytes
x-cache-hits: 63, 117222

GET
H2 200 695-b77246172f6c9a78.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 325 KB
85 KB 28ms
27ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/695-b77246172f6c9a78.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 88abbc30117128b8b9b5bb8ad6de38e87703be1d9b801cf398740d9810ea97c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 87153
x-served-by: cache-chi-klot8100148-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "6b9e51fa2c5720c396ae49da6a88c59a"
x-goog-generation: 1698298758529568
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 333184
x-amz-checksum-crc32c: aE1vyw==
accept-ranges: bytes
x-cache-hits: 63, 128377

GET
H2 200 723-32a6c0272f88546a.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 175 KB
40 KB 29ms
27ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/723-32a6c0272f88546a.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 076edd8d3867ece8fa512ffd52c198c67f25f422701f3c79d29fb86173105a13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 41101
x-served-by: cache-chi-kigq8000177-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "9939f0eeb1eca8d9534ce59a275fce5d"
x-goog-generation: 1698298758548732
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 179660
x-amz-checksum-crc32c: c2Pbzw==
accept-ranges: bytes
x-cache-hits: 61, 125451

GET
H2 200 463-2220e801f8656537.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 17 KB
5 KB 39ms
38ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/463-2220e801f8656537.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5bd6e50b8df617e7cd4d45bf9ca6c2338f82f4a31cb79fc7fdc06f9e7a9bdab6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 4524
x-served-by: cache-chi-kigq8000171-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "953474ec43e5ad223a4ae92300c5ef00"
x-goog-generation: 1698298758266777
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 17745
x-amz-checksum-crc32c: 2GZAAA==
accept-ranges: bytes
x-cache-hits: 42, 65194

GET
H2 200 %5Bid%5D-6e61c049da5df53e.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/pages/episode/ Frame A645 2 KB
1000 B 40ms
38ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/episode/%5Bid%5D-6e61c049da5df53e.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a15a249e1f78ab1ceae88587aa9a1f8639e0b3eac4bc7d8d3d8961a0587d3e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 1160209
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 831
x-served-by: cache-chi-kigq8000065-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "784c9dab352597d749a3179e69ca3d75"
x-goog-generation: 1698298758430324
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1664
x-amz-checksum-crc32c: 2IhHOg==
accept-ranges: bytes
x-cache-hits: 33, 44052

GET
H2 200 _buildManifest.js Show response
embed-cdn.spotifycdn.com/_next/static/dc6dc4b5-85df-4f36-a2a0-d2af65afbdd6/ Frame A645 2 KB
1 KB 39ms
38ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/dc6dc4b5-85df-4f36-a2a0-d2af65afbdd6/_buildManifest.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 701edad6a36100fcabd36a8f1275d6079c49d45a89ce94c75a5250c7b60b2bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 3141
x-amz-meta-goog-reserved-file-mtime: 1699454656
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 926
x-served-by: cache-chi-klot8100037-CHI, cache-fra-etou8220100-FRA
last-modified: Wed, 08 Nov 2023 15:04:03 GMT
etag: "e153dbe42d806349b73bb3b2f14d96c8"
x-goog-generation: 1699455843660977
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 2479
x-amz-checksum-crc32c: Wwffig==
accept-ranges: bytes
x-cache-hits: 52, 892

GET
H2 200 _ssgManifest.js Show response
embed-cdn.spotifycdn.com/_next/static/dc6dc4b5-85df-4f36-a2a0-d2af65afbdd6/ Frame A645 77 B
251 B 40ms
39ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/dc6dc4b5-85df-4f36-a2a0-d2af65afbdd6/_ssgManifest.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
age: 3141
x-amz-meta-goog-reserved-file-mtime: 1699454656
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 61
x-served-by: cache-chi-kigq8000092-CHI, cache-fra-etou8220100-FRA
last-modified: Wed, 08 Nov 2023 15:04:03 GMT
etag: "b6652df95db52feb4daf4eca35380933"
x-goog-generation: 1699455843529603
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 77
x-amz-checksum-crc32c: Ypo4GQ==
accept-ranges: bytes
x-cache-hits: 51, 890

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/ 426 KB
134 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0691590289efab8aecb842f768940fb34fc23791ca890f77b1e6b7aeec03126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 143
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136626
x-xss-protection: 0
server: cafe
etag: 12374074705736737879
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 07 Nov 2024 15:56:29 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 72 B
82 B 99ms
56ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=cybernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b65665e32c89ce2e092011b269b0fa005ab33c1ef15cb74f8e9a43838ff2300d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58
x-xss-protection: 0
expires: Wed, 08 Nov 2023 15:58:52 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
243 B 88ms
29ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KT8DKCHF41&gtm=45je3b60v882489589z8813159125&_p=1699459132436&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=465876904.1699459132&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699459132&sct=1&seg=0&dl=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&dt=Hello%20Alfred%20app%20exposes%20user%20data%20%7C%20Cybernews&en=page_view&_fv=1&_ss=1&ep.contentBucket=Security&ep.pagePostAuthor=Paulina%20Okunyt%C4%97&tfd=598
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
252 B 87ms
27ms Ping
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KT8DKCHF41&cid=465876904.1699459132&gtm=45je3b60v882489589z8813159125&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 105ms
46ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KT8DKCHF41&cid=465876904.1699459132&gtm=45je3b60v882489589z8813159125&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2071687379

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/589784210/ 42 B
455 B 82ms
30ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/589784210/?random=1699459132593&cv=11&fst=1699455600000&bg=ffffff&guid=ON&async=1&gtm=45He3b60v813159125&u_w=1600&u_h=1200&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&frm=0&tiba=Hello%20Alfred%20app%20exposes%20user%20data%20%7C%20Cybernews&data=contentBucket%3DSecurity%3BcontentType%3DEditorial&fmt=3&is_vtc=1&cid=CAQSGwDICaaNzwMRrzRyr-kLLpTRBjsk2FOYXfWAHg&random=658335821&rmt_tld=0&ipr=y

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/589784210/ 42 B
455 B 84ms
32ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/589784210/?random=1699459132593&cv=11&fst=1699455600000&bg=ffffff&guid=ON&async=1&gtm=45He3b60v813159125&u_w=1600&u_h=1200&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&frm=0&tiba=Hello%20Alfred%20app%20exposes%20user%20data%20%7C%20Cybernews&data=contentBucket%3DSecurity%3BcontentType%3DEditorial&fmt=3&is_vtc=1&cid=CAQSGwDICaaNzwMRrzRyr-kLLpTRBjsk2FOYXfWAHg&random=658335821&rmt_tld=1&ipr=y

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1031670724691978 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 34ms
32ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1031670724691978?v=2.9.138&r=stable&domain=cybernews.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9ec169e17d05c2935b44d196fe74a35c7c1ea22182fb146394f12b30d4396891

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 08 Nov 2023 15:58:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 35312
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: sdSu3qFcF+HCDwxx0k7OARZgSDt9BazNpsZetrlPc1A01d27GRihH/SWp+e1Ae2I4qIyxa3LcCnXD4ufbc5VAw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 105ms
37ms Preflight
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcybernews.com%2F&domain=cybernews.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cybernews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 08 Nov 2023 15:58:52 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 197140
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 135 B
414 B 70ms
20ms XHR
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

7c2589f966c01479236dda131a4942c70ba281e3be202cc12d56680f86977a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 json Show response
gum.criteo.com/sid/ 2 B
372 B 106ms
37ms XHR
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcybernews.com%2F&domain=cybernews.com&cw=1&lsw=1

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 272852
expires: 0

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 81ms
34ms XHR
application/json 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20231108

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39a268fda0b2f2099a2df8d8c03602c3b7f2b0810c3c5dae9592240066a3f439

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 43078
x-jsd-version: 1.0.1867
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230139-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"63b-JnTlFCqqRyZz2+hti6jCfqm7a4s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WLdPppZ0najMvA1jhZaYjDU%2FBfkHLHTUglsITBoL0hFCqtA1iUFu0vsz4aDysjZGXeOzdkF4n8rceoAxFg2yWhUsMJdrNvtTqoVtY0asJBZCI6EVy0r2sBzAEcZFNu1tWyxsKAMNVpzDwRwVYlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 822f051c78ea363e-FRA

GET
H2 200 ab67656300005f1f558de8a5049efd90f07a7766
i.scdn.co/image/ Frame A645 40 KB
40 KB 180ms
26ms Image
image/jpeg 2a02:26f0:480:10::213:7e94
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.scdn.co/image/ab67656300005f1f558de8a5049efd90f07a7766
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/css/9973e6d97b9c343b.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:10::213:7e94 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5e72a1406df8afa60fdc08dec526c247887f352a1abc63382d6a896dd0724383

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://embed-cdn.spotifycdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
last-modified: Wed, 25 Oct 2023 11:38:06 GMT
etag: "e47bef64739be36f2bfc9fe4220262f6"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: private, max-age=15780000
x-amz-checksum-crc32c: zVOu7w==
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: range
content-length: 41060
expires: Thu, 09 May 2024 07:18:52 GMT

GET
H2 200 CircularSpTitle-Bold-2fbf72b606d7f0b0f771ea4956a8b4d6.woff2
encore.scdn.co/fonts/ Frame A645 85 KB
86 KB 192ms
38ms Font
font/woff2 2a02:26f0:480:10::213:7e94
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://encore.scdn.co/fonts/CircularSpTitle-Bold-2fbf72b606d7f0b0f771ea4956a8b4d6.woff2

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:10::213:7e94 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1d752805498ebd36b9c69ad1d3da93b1561ea6b33f58ec89a66a4228a357dfe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://embed-cdn.spotifycdn.com/
Origin: https://open.spotify.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
content-length: 87344
last-modified: Thu, 19 May 2022 07:59:23 GMT
etag: "db1a27b35e26398fef4be920ea96078d"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
x-amz-checksum-crc32c: r/+ZKQ==
accept-ranges: bytes
access-control-allow-headers: range
expires: Thu, 07 Nov 2024 15:58:52 GMT

GET
H2 200 CircularSp-Book-4eaffdf96f4c6f984686e93d5d9cb325.woff2
encore.scdn.co/fonts/ Frame A645 82 KB
82 KB 172ms
18ms Font
font/woff2 2a02:26f0:480:10::213:7e94
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://encore.scdn.co/fonts/CircularSp-Book-4eaffdf96f4c6f984686e93d5d9cb325.woff2

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:10::213:7e94 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9b7413f945c8b8bb3f75eb10513c7ad79d386e98494d541e5f1fa9301ffbddd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://embed-cdn.spotifycdn.com/
Origin: https://open.spotify.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
content-length: 84027
last-modified: Fri, 13 May 2022 11:38:51 GMT
etag: "f7b12903dd7a2d536ceb2b7cd1dba2c1"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
x-amz-checksum-crc32c: rmKVPg==
accept-ranges: bytes
access-control-allow-headers: range
expires: Thu, 07 Nov 2024 15:58:52 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 66ms
18ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1031670724691978&ev=PageView&dl=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&rl=&if=false&ts=1699459132881&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1699459132880.224237003&ler=empty&it=1699459132785&coo=false&rqm=GET

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 08 Nov 2023 15:58:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ 1 KB
930 B 92ms
37ms XHR
application/json 172.67.68.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.68.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecba8dd895231b21ef771131a87411fb1e0a7e0234dda37b50467f631010a8be

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FB4IBMRz9LC%2Bja9zlF4wc3pxXqaBLvfNvoOMjTHHoinZV2Deleh5jaLw1mEXpBh4sE71OC8RbwBXlrc6g5uqrCF1jElxW%2Bor9ratGfM8uxv6dkRT0u30EhZl8zmyIN%2FN%2Bxf0bigFrjQL"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 822f051cfee96913-FRA
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ 483 B
659 B 238ms
186ms XHR
application/json 172.67.68.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.68.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29c10040f781c55d4d92cb87459dd231e26d7905fdad7e5406943f9978691395

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-prebid: pbs-go/0.234.0-3-gde6ed827
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2Bn3OrDmeSKjSQY3FKCPvMwP1mfPTrcyb1BHGCvOEcOBOq0UcqfBvTTA%2BPFy5sbMjhhiHTwygMJ7yazTAEyYIfAsAUVnelHdHHBbgy%2FinzP75K3Rho8qJvMG%2Bikq6AYrwppJV1JemFJz"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 822f051cfee46913-FRA
expires: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
176 B 119ms
29ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 08 Nov 2023 15:58:53 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 13 KB
5 KB 292ms
166ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: c218bd3c56c97cda0ed519bd36e25b115e4013aebd85802f17a09709c2f2bc99

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:52 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://cybernews.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
192 B 125ms
55ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.54.0&cb=35768782912&lsavail=1

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
400 B 126ms
45ms XHR
application/json 216.52.2.86
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.54.0
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 New York, United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: d30d27ce061c4711fe8831ae584d4107583468159daff1cd98710e2bcae1520a

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 08 Nov 2023 15:58:52 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://cybernews.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
273 B 71ms
20ms XHR
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

42f46f121c847301008874d12ed145c9b002b4d34873aedcaaf06ec9c0ab1ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

POST
H2 200 monitoring Show response
open.spotify.com/embed/ Frame A645 2 B
279 B 89ms
88ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed/monitoring?o=22381&p=4505164808585216

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 google, HTTP/1.1 fringe, HTTP/2 edgeproxy, 1.1 google
server: envoy
vary: origin,access-control-request-method,access-control-request-headers, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 54
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
604 B 119ms
29ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=cybernews.com&callback=_gfp_s_&client=ca-pub-5928161074779380

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5928161074779380&plah=cybernews.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a6520b4110c6568082eecdefa00b3289613223304eacb3fd338abdd379dd441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 252
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7AD6 252 KB
59 KB 722ms
719ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&adk=1812271804&adf=3025194257&lmt=1699448218&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x810_l%7C188x675_r&format=0x0&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132616&bpp=2&bdt=199&idt=348&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1607993712573&frm=20&pv=2&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=369

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

717bde4da2a09ffbc079e2024cacdae4e72a25f4c64fa02891aabff3eb7af418

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 59567
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:53 GMT
expires: Wed, 08 Nov 2023 15:58:53 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
apresolve.spotify.com/ Frame A645 273 B
269 B 77ms
26ms XHR
application/json 2600:1901:0:524d::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash: e806cacbd686ca171f3fba74d5b61e0be4b30f0a70b33d1328b8d1c85f9b0506

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 644E 94 KB
30 KB 1118ms
1118ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

321d13ecd1d04580bbd6323999ea463288c4bf9f83c97ea83253b50fcdcd19be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:54 GMT
expires: Wed, 08 Nov 2023 15:58:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ 251 B
530 B 60ms
20ms XHR
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

f35c85d96606ffe575c5f0e0c011ece8d396ac7702cf42a429dd7482d30363aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 cookie
cm.adform.net/ 43 B
107 B 111ms
32ms Image
image/gif 37.157.6.243
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24UID
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.243 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
BLOB 200
OK 29337114-2870-48a7-8bcb-72f4098aa4a9
https://open.spotify.com/ Frame A645 46 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://open.spotify.com/29337114-2870-48a7-8bcb-72f4098aa4a9
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/0SC5DrekRDjdgGgthQ2yi4?utm_source=generator
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3436a3567df14bd76a0e5b2ab1edba77ff61c49fb811b64de0dd23899103ecdc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Length: 46922
Content-Type

GET
H2 200 369.97564cd9245c0123.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 58 KB
12 KB 19ms
19ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.97564cd9245c0123.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-033f2e1b958e4907.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 20968a95fe4087eaed97cc577c2c89bf297aec5bdbe9a22e1e20237b8d850b74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 12356
x-served-by: cache-chi-kigq8000140-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "5e38b838aaabf80ae0f9541d9a7d3c47"
x-goog-generation: 1698298758154424
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 59485
x-amz-checksum-crc32c: OTiT6w==
accept-ranges: bytes
x-cache-hits: 63, 115978

GET
H2 200 882.5b0e87b314d9b89e.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 5 KB
2 KB 19ms
18ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/882.5b0e87b314d9b89e.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-033f2e1b958e4907.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 878341c8bf0fe01e502a2b43fad08b1c8a66732629656626f1643844eabde53e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
age: 1160212
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 1792
x-served-by: cache-chi-kigq8000038-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "96fa0b5e9898b32de2ae5cd4f8b0f1e8"
x-goog-generation: 1698298758788948
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 5321
x-amz-checksum-crc32c: 5zWPcA==
accept-ranges: bytes
x-cache-hits: 64, 110674

GET
H2 200 825.00162ca43e3a63fd.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 111 KB
32 KB 19ms
18ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/825.00162ca43e3a63fd.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-033f2e1b958e4907.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: efbeeb45d8aeb9c5909841ad8b74ebb6931097c3bbeac37cec815d7bd849657d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 32829
x-served-by: cache-chi-kigq8000097-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "42fac2ca5bc88f8227cb85bafd144e7f"
x-goog-generation: 1698298758402792
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 113939
x-amz-checksum-crc32c: DlrL7g==
accept-ranges: bytes
x-cache-hits: 63, 119927

GET
H2 200 373.66fe85f39a44ac05.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 244 KB
54 KB 20ms
20ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/373.66fe85f39a44ac05.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-033f2e1b958e4907.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3d043230a9837887d2c4159310b09874fb55f9aed6e9563d7fdb5c0b800d9f53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 54680
x-served-by: cache-chi-klot8100044-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "3c45fa7c71aeab0946a1d77f10265346"
x-goog-generation: 1698298758493289
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 249527
x-amz-checksum-crc32c: DAhcrA==
accept-ranges: bytes
x-cache-hits: 63, 121731

GET
H2 200 spotify_player_o.9133370a5a6b6b75.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame A645 27 KB
8 KB 21ms
21ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/spotify_player_o.9133370a5a6b6b75.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-033f2e1b958e4907.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b4d44ef4775947631f0238cefb75d395547ca5b9cbf2d87a0d5695a18c2dbf25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
age: 1160211
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 7737
x-served-by: cache-chi-klot8100144-CHI, cache-fra-etou8220100-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "49b1f966e6e794d246bbfe3bbf6d67c1"
x-goog-generation: 1698298758708974
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 27162
x-amz-checksum-crc32c: ktB53A==
accept-ranges: bytes
x-cache-hits: 62, 113443

GET
H2 200 / Show response
apresolve.spotify.com/ Frame A645 273 B
174 B 27ms
27ms Fetch
application/json 2600:1901:0:524d::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash: cca95ef2a816865f55df96aedf861e29dd6dbe5c7c968a53de535de77089c6ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E136 104 KB
29 KB 758ms
758ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132620&bpp=1&bdt=203&idt=496&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2675&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HzfWThWLJ9&p=https%3A//cybernews.com&dtd=498

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2987aeb63fa6953b751235846c150157141c0d3ae29f4d6d09d781604e9ffe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30032
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:53 GMT
expires: Wed, 08 Nov 2023 15:58:53 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adsct
t.co/1/i/ 43 B
379 B 181ms
123ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=8a301740-f5b4-4712-b473-ed7cc22de874&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=0c29c860-f5d1-4a7f-a542-6ff14d8df2c2&tw_document_href=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&tw_iframe_status=0&txn_id=o3auk&type=javascript&version=2.3.29

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-response-time: 102
date: Wed, 08 Nov 2023 15:58:53 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 76b531beeb95bfbf
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: c59e24749ce859dcb81adb935b9416fd049d66b8eeca246b344d42a4fe5355d1
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
728 B 230ms
178ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=8a301740-f5b4-4712-b473-ed7cc22de874&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=0c29c860-f5d1-4a7f-a542-6ff14d8df2c2&tw_document_href=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&tw_iframe_status=0&txn_id=o3auk&type=javascript&version=2.3.29

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-response-time: 157
date: Wed, 08 Nov 2023 15:58:52 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 08f49c378910799c
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 1d8309f193088e892a7af131b421853be5ff4f8666865559cfda237d22036fe4
content-length: 43

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2098 89 KB
29 KB 696ms
696ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=9812672228&adk=3541318952&adf=1004996698&pi=t.ma~as.9812672228&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132621&bpp=1&bdt=204&idt=516&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=7mAbIqZrvp&p=https%3A//cybernews.com&dtd=519

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a986af77b6c88db63cf6024a51d32330175e0deb54c093ee0c2b1b63385bdfec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 29441
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:53 GMT
expires: Wed, 08 Nov 2023 15:58:53 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 CircularSp-Bold-fe1cfc14b7498b187c78fa72fb72d148.woff2
encore.scdn.co/fonts/ Frame A645 87 KB
88 KB 18ms
18ms Font
font/woff2 2a02:26f0:480:10::213:7e94
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://encore.scdn.co/fonts/CircularSp-Bold-fe1cfc14b7498b187c78fa72fb72d148.woff2

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:10::213:7e94 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

039130d456855a745451bff40707bee5512bc4466373224b2258f67cc6c6d879

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://embed-cdn.spotifycdn.com/
Origin: https://open.spotify.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
content-length: 89529
last-modified: Fri, 13 May 2022 11:38:50 GMT
etag: "216b12b5a9657850b1b324e158454f8e"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
x-amz-checksum-crc32c: 3OfNxA==
accept-ranges: bytes
access-control-allow-headers: range
expires: Thu, 07 Nov 2024 15:58:53 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
12 KB 429ms
428ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3033088582938210&correlator=4123201387288580&output=ldjh&gdfp_req=1&vrg=202311020101&ptt=17&impl=fifs&iu_parts=21924397842%2Ccybernews.com_300x600_sidebar_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D9c033e45bf55c6b4-22973c9ccce40061%3AT%3D1699459133%3ART%3D1699459133%3AS%3DALNI_MYZ5BPiBdRjw0JJm-MB49HjZN_1Ww&gpic=UID%3D00000cbc541b7dcc%3AT%3D1699459133%3ART%3D1699459133%3AS%3DALNI_MYc4twP3Q3jG4DDItDC5taSpPZ8aA&abxe=1&dt=1699459133215&lmt=1699448218&adxs=1023&adys=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&vis=1&psz=350x20&msz=350x0&fws=516&ohw=350&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=true&dlt=1699459132417&idt=373&prev_scp=hb_env%3Dweb%26hb_source%3Dclient%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.04%26hb_adid%3D20c5715b46caef3%26hb_bidder%3Dsmartadserver&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=3686707683&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1eef946f7dad2ce011d3d1dc2479394dd7df44346400bf30588926664e0af47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11838
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0FC8 6 KB
3 KB 111ms
34ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:53 GMT
expires: Thu, 07 Nov 2024 15:58:53 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 111ms
29ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 08 Nov 2023 15:58:53 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H2 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 111ms
29ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 08 Nov 2023 15:58:52 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

POST
H2 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame A645 13 B
166 B 59ms
59ms Fetch
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 15:58:53 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

POST
H2 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame A645 13 B
104 B 141ms
140ms Fetch
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 15:58:53 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

GET
H2 200 sync
ssbsync-global.smartadserver.com/api/ 0
45 B 148ms
41ms Image
text/plain 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:52 GMT
content-length: 0

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 94 KB
30 KB 142ms
68ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Nov 2023 09:08:30 GMT
server: nginx
etag: W/"6549fe8e-17704"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Nov 2023 15:58:53 GMT

GET
H/1.1 204
No Content /
ap.lijit.com/beacon/prebid-server/ Frame A123 0
0 37ms
37ms Document
text/plain 216.52.2.86
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 New York, United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Wed, 08 Nov 2023 15:58:53 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap4ams1

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 93 KB
30 KB 142ms
69ms XHR
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 Nov 2023 15:58:53 GMT

GET
H2 200 container.html Show response
00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5D6B 6 KB
3 KB 23ms
20ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:53 GMT
expires: Thu, 07 Nov 2024 15:58:53 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B345 624 B
242 B 63ms
60ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhiI6sL1ATAB&v=APEucNXl1QrDgfI7oPV9e4nVV7vtgyT5yYtqJ2AOD7MYR6DKmcm3FweqgjlJ1-uEFyQO6i6AC6swUpM6tnYgSGpGEePFOd0hIZCc6_RG5XNeEITqHlWJr5yp3A_F3Dhh40H7Ueb1ODg9ZCRao6DuXeMXNKylUKi55_BEHiRxSI--Snl1YPWRLC4

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5D6B 92 KB
32 KB 84ms
82ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3420da2b260abe345161cc29857cbbc84426d366c896a1738302e7aa56e9496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32794
x-xss-protection: 0
server: cafe
etag: 4863332729753539511
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:53 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D6B 42 B
63 B 55ms
53ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZhm_IdYaLKSJAnEtw6tNQlLUmL2Ejv3nsb7U8rN0MltTreuOlUp0yEjENja5nL4cixV2ki_MToydEU0AT8VW572fxAmNAaK6nG93uiuQbn-no4c0

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D6B 0
20 B 56ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15755765673417644998&x=1&ct=119

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 5D6B 3 KB
1 KB 109ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/window_focus_fy2021.js

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:32:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26811
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 22 Nov 2023 08:32:02 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 5D6B 20 KB
9 KB 107ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71789
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5D6B 0
0 29ms
27ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR9d9HgBEt1TqXgsSQiuxrh2LxyucRT5wxiUVCbBqZa0g802OSdGGUOKKjb5swXC9UkB77HJdnk7X1nvV_bHu4c68GmrQ
Requested by: Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D6B 190 KB
60 KB 120ms
66ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:53 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/ 160 KB
55 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcb27378f3a6aaed99f68ca8bc81cc083561aba44bbf878da18372afab044b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55821
x-xss-protection: 0
server: cafe
etag: 1683054841143277588
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:53 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame B345
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELo59E3K-Yidsqgtv7GVg_8&google_cver=1

43 B
336 B

41ms
40ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELo59E3K-Yidsqgtv7GVg_8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhiI6sL1ATAB&v=APEucNXl1QrDgfI7oPV9e4nVV7vtgyT5yYtqJ2AOD7MYR6DKmcm3FweqgjlJ1-uEFyQO6i6AC6swUpM6tnYgSGpGEePFOd0hIZCc6_RG5XNeEITqHlWJr5yp3A_F3Dhh40H7Ueb1ODg9ZCRao6DuXeMXNKylUKi55_BEHiRxSI--Snl1YPWRLC4
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aypQBlrWfblLZNVpZg3g4EQ7PJBkfX2eP8Dt3D3ASjAIUZUOvN%2F4JFhVNjMZcIWJQ7HvT10hTYRiigHDCCKGz2uloEgxi1YLzP0qjqZUxaaFEbwRTQixbv%2Bc2kjsFnSktxsE4aAUWGrk6g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 822f0522de0c9022-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELo59E3K-Yidsqgtv7GVg_8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B345
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUuwPS4D6p3cEgUOB9WtHQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1

43 B
776 B

40ms
38ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhiI6sL1ATAB&v=APEucNXl1QrDgfI7oPV9e4nVV7vtgyT5yYtqJ2AOD7MYR6DKmcm3FweqgjlJ1-uEFyQO6i6AC6swUpM6tnYgSGpGEePFOd0hIZCc6_RG5XNeEITqHlWJr5yp3A_F3Dhh40H7Ueb1ODg9ZCRao6DuXeMXNKylUKi55_BEHiRxSI--Snl1YPWRLC4
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XmYbF4l6BDbcUIQ64Qq6OEZmaQ2k3yhTfJ1G9%2BPLXoQEKMCXL0YkANDALuIBldYTg7%2BlmWTH9XL7elUEGLUptT%2FCPS%2FemmClnMm5tOZ%2F%2FACmwpClAhowCowgP1yqH8qIrf9bv2Xe7W60MA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 822f0523898b2c4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame B345
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKVARIhySNk2DPkqBa2UPCA&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKVARIhySNk2DPkqBa2UPCA%26google_cver%3D1

43 B
891 B

33ms
33ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKVARIhySNk2DPkqBa2UPCA%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhiI6sL1ATAB&v=APEucNXl1QrDgfI7oPV9e4nVV7vtgyT5yYtqJ2AOD7MYR6DKmcm3FweqgjlJ1-uEFyQO6i6AC6swUpM6tnYgSGpGEePFOd0hIZCc6_RG5XNeEITqHlWJr5yp3A_F3Dhh40H7Ueb1ODg9ZCRao6DuXeMXNKylUKi55_BEHiRxSI--Snl1YPWRLC4

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
an-x-request-uuid: 512ff05c-6760-4543-affd-873f2f4f34e3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.29; 217.114.218.29; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
an-x-request-uuid: 1eebbae0-6e44-41cd-b035-6ae2947831de
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKVARIhySNk2DPkqBa2UPCA%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.29; 217.114.218.29; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B345
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMTYxMjYyMzc3OTM4OTY5Ng%3D%3D

170 B
244 B

29ms
29ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMTYxMjYyMzc3OTM4OTY5Ng%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
an-x-request-uuid: 20c18b92-6fdb-44f4-a852-be7bbc221155
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYzMTYxMjYyMzc3OTM4OTY5Ng%3D%3D
x-proxy-origin: 217.114.218.29; 217.114.218.29; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D6B 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8294671994967&version=m202311060101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D6B 0
20 B 58ms
58ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8294671994967&version=m202311060101&ct=119&x=1&cor=15755765673417644000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5D6B 90 KB
38 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9HnYYVT6EfMNlxkWpm7FWpWXiyTCjmU0ZJLmWJvFV1fVgJOUGgJKp-jc4_7meZgxf3IkRNxE8IQSsyL8ilJD73kR66AZRqLlCGSiL38pgTslujJx-MdWT0ooq1KlwVtAv3bI6x0SNFrobJgt16BhAs-QBoBSivG1PE_4pDCI9paXmjyU&cry=1&dbm_d=AKAmf-C7-hSALGmzXLH3hWA2O0WeZvyYo67_s669uR9hBRAUKIohUoCdY-uiTaYI5jErGBm13MEsU-_22ZGvIBXICaHwQFlU2KG9419-ZbyPHefBgVCxm7NFp59Rz8kb6svcRMz5QwXmf_oB2vYNKYIjM1Z7KHqrZpsm4Kf2KyUoiTmddgTMEM-_ZRIY80xqZj-xxryEgPjVz2U666ARIbDqs0pGr6ADxRGdkorJ02CzvUWKAYHzru2FXGTshfdXiY3fzNeQ_KP3nztz1vlu0YsNjPilkOM-yse0gwK9JC4M43W4QfhR5-cNjNAhooBpX98RkIEysWV4Xa-VFH8Tc35cUyGohAwc6hbA25FkDurwFs3eefzAlsbK51jT6odCoyYgkk_m_wCZkesQI_HpB_f1ctCh3qMFsnmesSo7mpaWbU5MlqqsuexyD8RT_QSofax-Z_VsvQT3I6X__DtEnC9GWB7aBWdbPGX7qe8VGmJcd4g3ggEdKaf8aRQa5xrpTxuuct2WUZzwQvxPFThT4xYnZNIDj9YRnluAoHxHBgH1__THw3YE8Ypgz9iiSCyNi3ANCzLvha6BHg7LKMGxUYfl2QIlWMWhkom-BkZ-f1sz7xien_TtPr6L7yAKPNR6IygWQS3xcabwAi0D39cKWr_KJxnUMK3xQCRqtqOWA791uf_jaQB1erftCTZ1l7Nt0vMVr4o-N0iUdyhOGfOpszIfHqIGlNWbbw1ES3lYoUX8FtV3ANoQqa02LjyFkZgDpi0vItgFVLa32QNU-6b8xN6Nqw401ud3DzlLJvJwbruvw0qI2FOzsloXTFTdX_FZPnnO1Fte9MAHpM7k25LfocZTY3yr60DaYzigISRKYTAs6BLEP0yQUky2x4zYyp1_-bWeXq1Vnc3t3J8W1Pvr4WX9JniCxD_Gi-CkuWf1FkHb8zIPbi793_IFbRc9jpVySPWQGUmq97beRi7DN_DaZU7sMTweQJzAwljIZFrHzxY6bF0UYcXhosIRrGdgY9SgQsEXmCoPnkM8zRTXGOilBnvZ41XaZ5L0eewNvZKYrmaX9IqJqy--aCiOKDsf-V7su6Y_8vLkw93FSSrj6qXlNQ-amvDd18IWggIw7I1RXa6ueBTqmFJIHWpu7muA4zGhUhxMKtJ_rSkr92GACrBhTyH8JdQNAqmWNV7PDECjyX4jIg6h4_IIz_4JWBuynwkiqRDLCv_JU6t-avcWln3pWKMCi1ettxQOr9fE10kVfBzKsGjJKgeZy9dULMN4qPvH6ZHKdscQGMz9QCok7WxEqorcbhNaE_0IybnbeJ5nZ8dlX_3WMigTHhjyekFZTEP9279SpWqEFNnJiyZ7ygwjJSLvlqt1yka1PUo5y5Ga7TroMvTwxTQ3VLUbZof6Pt7-CRiC16EkQpd86jhXhv9CI3BQQD0wsCpLVQTXzHAjcCAA5LrETkfO5bfy54yFNmhItcRmZ3Vlh9Z9V6fT1cSc_sHEWc5lTKmk3fNPfR9Hv2xoxaI0A2JuOErHKYdPvYZlsey2uZi_Ini--psl80j724B-r8OOBojwMynqOLqbHEbm_qF4u0hqkD1jhI9FBBsE_uwc4ZX9xdq6-n0VIpjx03beBG0HQssffypmnhTLLbdvMM9JkSVd0L-5Y4H11fWpmVBju62C9xpjfhceg-sOmUFWPN4RvhC0vLFDSGZW0bdZDMvcPqyRhn_3tY9mBh_XKnVkqc3LL1nunLAk_m9pu3HrnX2HEiEA0-1QqfQj1j2bcWgzN_IkveXkyYHOarWUaMoEqZKWR6hsryeID8PtWJ19bAs3aA5nN-XP6JLDcCX9N2JtD0jMTBz9grCLaMUqQqtCp50a41wUFL_7-5Jy-D2JM0fD8MiGlxT6ycHfLjMX_VNGvPZWUDzr7W94k0MAMgavHoAaVU9Q8uCJofw1rJ2HI2FFwVkctMhte71ZpQt4Mgk6KpI_1IJhq0BY1elA49bc3LuSzuuYDpZzPYmaa6U_NWRf9CDBqMvWuQXX77_RviPJ40wU2RUO7GH9zUseelPdJJ1tOVDVZATyol1rSNFenRMeMhKTSGefBaD4vaPoU8Q5zaVSGSpxH7xIcukheIiUyFtPuoJk1XzvWfRNvU_T27daDQXVkG3TCthgaT3xGOqbCXvX390RfzdOX0843bbpKrO5Ljv4Wgokqa3R_mS3k9CfUh01JgaGnu3dt2SSu3PPbQbZBkYlS914NRNH8oy4NXEt7eH_Wmwpy8-pGJcF7L_iWC16GevYfy6PjQ_pktMtwEtfh5wyqywli0x3evREMY1CO7aW_Sq34xYbDLGb-bJogJiE2lZabss8w-EWOAKE_rdvpi4JCJUTK4DqBQa5PWJFeP7PeHeno_jnrOLgXMiyDytPrUbgCWrnczRZB1TyKLYU0bAOc-Kwff5mUwLQNWfNPpTyz8lQUjgIo5uqNDOgi8eV_3tk5WpYHBVyVS9JbtVF26uR-COkpvdrpVqrtH1qRgAYSAF9TVTLSqghCgrB-c8HC5xcHGEooaytEnyVXti1ePsmMoJ9QCzyGVpGmf_JNrhIn4jiCy3tuSAsKu-gmpESSx-ItLNMo3JH1a_rPssuvmdy5iDVa1njph18M0S7jY7rw6BCI_g0_oYfoK8iKkm_W4U_0_kbfEPJIKCmjaqABsJcZoRU9x3Ef_QHthRYXa8wg8ramoYcOX00JJMP8GHSMpVRe7Tz7vuW_TnMl9sd93LrNYMKZANY19Q61KwcaMMt91ReImeLVfDuXHmJMIW_BpxWKdlk2XuCYkvEMS0lUbcj7ndbehPI6CDddF4rt8SWq6rTtpaQzXgxI_SI9madNprNfIZWFD6WFtOCYh8XKqY1v5JBXLM3-_InND2vo3Md7CbJajxJu_rYhnKYu6W5Hw-CyHUdJQB7t4LV2_6jjJ1QQYt_1r_o2Y7Fags2nhgJasgZB1Gurm7q70r_vuujvqZV8D2HD3t0Nx3muSP9JlSpxYf6AJnOf6uPw3LI4opd2GbcPcMZgRxzq7BSMFI-wkqumvveJ7BXlMFeoV3bY8l466YsRWCcF4wcqezYCgFu2_4EONzaOou5-t2rXCthznwFfFfkoRqaGO__9rmURiM1mbCM75A8hmdJQ7HFKEsNRLKsLfbf5v17K8Oz1UbnCsM4bbJDHz0Vsya-QHk9X5LbU3YlUzGnifyFHnImNOyM5tagu8S-phgkdaXFanpyozTiJ_iM0yQs0DvqbGPNZRKuuEx6GqmWGTcAIAn7mrGYYow5BNOHu9m7s0Y45Et0Clrsc41g5WkKG78fBfTvjhGbbQBApX21GvBk00vCkA56h3syr3cxlule2lGY_ulwZHVRcZdvhtVCabblzBf-aVFceyclR7kyfcRlTMSoDe4h9qhSep_7GmdwQWI7hRLZNAbjkZtz7bsoBrjsZe1JBCUcOkUFSyjSnzwv1DK6d4HnP7Twv_Q8HRR2Cf1r47DEDIsQVHjL93mcgfnuCLTvQUlKI7HOfiy3pqn8CnH5rzAVWCRxPdtNrqZhGBfrCjHwJi3YgnUHJl1xQpxF4kaxA9PcW7PQzBhdHISvlMJU8BMlo0CoZPv-2AN1wAh5Afpf_-bfiHE9ApECkLheIm5nIS64DTKEe4sJ5i9RH-pXokZlSOo0zKeCgu8THxwlnzAAxXLkdgMcenzkA-VKXitvqzsTCsGLuT3h98LDBlc8miKxMG4m1ewl3cBxtlX9h6MZpJiJVJlDhVeRSFTg-NGQTNJQO5tKFNrHXQKb1c9pWSoOwAm3j5uP4ISfSorkZ2dIJk1nvDqRkquCnPLjhIAwoQnlMvV0zAxQo7h3Ya7yQO9w531mtuh3xf30u6UnchyXMm2f5fnq_nSfjjcPVJkpKvSqsMeSteNulkNP_tMdRMZpcBW2IVzGEov3qO236kgWPEUqvwbQar1agPIMEvesOkV4hMqZchTszs0rloR7ER5Ba1FqWQIuk62LqQeU7HS4tcVDerI3obTfgn6OUzzL31E&cid=CAQSPADICaaNcv9BKP84tASMNcrvpj4jxQtdGTHFD0fDEdiCQbD38djZKX9OE-opPWFcTfa7hX2GHancgc-UdxgB&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=15755765673417644000&adk=2086295851&idt=93&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fae2fdc8a603159b54bb240845aa9880b1c95d17782b0572d475a74503a3aeb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38537
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/ Frame 2098 23 KB
9 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=9812672228&adk=3541318952&adf=1004996698&pi=t.ma~as.9812672228&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132621&bpp=1&bdt=204&idt=516&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=7mAbIqZrvp&p=https%3A//cybernews.com&dtd=519

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71789
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2098 8 KB
1 KB 89ms
31ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 15:30:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 15:58:53 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame 2098 15 KB
3 KB 91ms
20ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame 2098 376 KB
131 KB 91ms
21ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c9ee4bf9f0e069ecf0037a5cde67640a7a323072f95efeecea32fb7177a518d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133662
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 2098 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71789
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2098 0
0 30ms
29ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSUsdfMvjm5_OH1qgjegCEb9Dgz8baVnm1LOE5EbcNpWgTnaLp2VUczIp8DkBlZaDxX8ZHwC7M9FfZG07w4LgWLyageAA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=9812672228&adk=3541318952&adf=1004996698&pi=t.ma~as.9812672228&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132621&bpp=1&bdt=204&idt=516&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=7mAbIqZrvp&p=https%3A//cybernews.com&dtd=519
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/ Frame AA17 10 KB
4 KB 42ms
20ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 11:13:02 GMT
etag: 251720774729838433
expires: Wed, 22 Nov 2023 11:13:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/ Frame 93FD 10 KB
4 KB 28ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 11:13:02 GMT
etag: 251720774729838433
expires: Wed, 22 Nov 2023 11:13:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/ Frame D767 10 KB
4 KB 23ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 11:13:02 GMT
etag: 251720774729838433
expires: Wed, 22 Nov 2023 11:13:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/ Frame E136 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132620&bpp=1&bdt=203&idt=496&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2675&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HzfWThWLJ9&p=https%3A//cybernews.com&dtd=498

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71789
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E136 8 KB
824 B 34ms
32ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 15:09:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 15:58:53 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame E136 15 KB
3 KB 34ms
21ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame E136 376 KB
131 KB 59ms
45ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c9ee4bf9f0e069ecf0037a5cde67640a7a323072f95efeecea32fb7177a518d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133662
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame E136 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71789
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E136 0
0 30ms
29ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ41JiR4rPteZynrGe1s9j5Uz_2tYJtSkp7sWJAoBZQrw-wmwe7uT9uzXnDQ5I54BRKE0SYJM_9zxi2nrFzoov9PbhFqg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132620&bpp=1&bdt=203&idt=496&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2675&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HzfWThWLJ9&p=https%3A//cybernews.com&dtd=498
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5D6B 111 KB
39 KB 94ms
22ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
Origin: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 14:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Nov 2023 14:17:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231106/r20110914/elements/html/ Frame 5D6B 11 KB
4 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231106/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9HnYYVT6EfMNlxkWpm7FWpWXiyTCjmU0ZJLmWJvFV1fVgJOUGgJKp-jc4_7meZgxf3IkRNxE8IQSsyL8ilJD73kR66AZRqLlCGSiL38pgTslujJx-MdWT0ooq1KlwVtAv3bI6x0SNFrobJgt16BhAs-QBoBSivG1PE_4pDCI9paXmjyU&cry=1&dbm_d=AKAmf-C7-hSALGmzXLH3hWA2O0WeZvyYo67_s669uR9hBRAUKIohUoCdY-uiTaYI5jErGBm13MEsU-_22ZGvIBXICaHwQFlU2KG9419-ZbyPHefBgVCxm7NFp59Rz8kb6svcRMz5QwXmf_oB2vYNKYIjM1Z7KHqrZpsm4Kf2KyUoiTmddgTMEM-_ZRIY80xqZj-xxryEgPjVz2U666ARIbDqs0pGr6ADxRGdkorJ02CzvUWKAYHzru2FXGTshfdXiY3fzNeQ_KP3nztz1vlu0YsNjPilkOM-yse0gwK9JC4M43W4QfhR5-cNjNAhooBpX98RkIEysWV4Xa-VFH8Tc35cUyGohAwc6hbA25FkDurwFs3eefzAlsbK51jT6odCoyYgkk_m_wCZkesQI_HpB_f1ctCh3qMFsnmesSo7mpaWbU5MlqqsuexyD8RT_QSofax-Z_VsvQT3I6X__DtEnC9GWB7aBWdbPGX7qe8VGmJcd4g3ggEdKaf8aRQa5xrpTxuuct2WUZzwQvxPFThT4xYnZNIDj9YRnluAoHxHBgH1__THw3YE8Ypgz9iiSCyNi3ANCzLvha6BHg7LKMGxUYfl2QIlWMWhkom-BkZ-f1sz7xien_TtPr6L7yAKPNR6IygWQS3xcabwAi0D39cKWr_KJxnUMK3xQCRqtqOWA791uf_jaQB1erftCTZ1l7Nt0vMVr4o-N0iUdyhOGfOpszIfHqIGlNWbbw1ES3lYoUX8FtV3ANoQqa02LjyFkZgDpi0vItgFVLa32QNU-6b8xN6Nqw401ud3DzlLJvJwbruvw0qI2FOzsloXTFTdX_FZPnnO1Fte9MAHpM7k25LfocZTY3yr60DaYzigISRKYTAs6BLEP0yQUky2x4zYyp1_-bWeXq1Vnc3t3J8W1Pvr4WX9JniCxD_Gi-CkuWf1FkHb8zIPbi793_IFbRc9jpVySPWQGUmq97beRi7DN_DaZU7sMTweQJzAwljIZFrHzxY6bF0UYcXhosIRrGdgY9SgQsEXmCoPnkM8zRTXGOilBnvZ41XaZ5L0eewNvZKYrmaX9IqJqy--aCiOKDsf-V7su6Y_8vLkw93FSSrj6qXlNQ-amvDd18IWggIw7I1RXa6ueBTqmFJIHWpu7muA4zGhUhxMKtJ_rSkr92GACrBhTyH8JdQNAqmWNV7PDECjyX4jIg6h4_IIz_4JWBuynwkiqRDLCv_JU6t-avcWln3pWKMCi1ettxQOr9fE10kVfBzKsGjJKgeZy9dULMN4qPvH6ZHKdscQGMz9QCok7WxEqorcbhNaE_0IybnbeJ5nZ8dlX_3WMigTHhjyekFZTEP9279SpWqEFNnJiyZ7ygwjJSLvlqt1yka1PUo5y5Ga7TroMvTwxTQ3VLUbZof6Pt7-CRiC16EkQpd86jhXhv9CI3BQQD0wsCpLVQTXzHAjcCAA5LrETkfO5bfy54yFNmhItcRmZ3Vlh9Z9V6fT1cSc_sHEWc5lTKmk3fNPfR9Hv2xoxaI0A2JuOErHKYdPvYZlsey2uZi_Ini--psl80j724B-r8OOBojwMynqOLqbHEbm_qF4u0hqkD1jhI9FBBsE_uwc4ZX9xdq6-n0VIpjx03beBG0HQssffypmnhTLLbdvMM9JkSVd0L-5Y4H11fWpmVBju62C9xpjfhceg-sOmUFWPN4RvhC0vLFDSGZW0bdZDMvcPqyRhn_3tY9mBh_XKnVkqc3LL1nunLAk_m9pu3HrnX2HEiEA0-1QqfQj1j2bcWgzN_IkveXkyYHOarWUaMoEqZKWR6hsryeID8PtWJ19bAs3aA5nN-XP6JLDcCX9N2JtD0jMTBz9grCLaMUqQqtCp50a41wUFL_7-5Jy-D2JM0fD8MiGlxT6ycHfLjMX_VNGvPZWUDzr7W94k0MAMgavHoAaVU9Q8uCJofw1rJ2HI2FFwVkctMhte71ZpQt4Mgk6KpI_1IJhq0BY1elA49bc3LuSzuuYDpZzPYmaa6U_NWRf9CDBqMvWuQXX77_RviPJ40wU2RUO7GH9zUseelPdJJ1tOVDVZATyol1rSNFenRMeMhKTSGefBaD4vaPoU8Q5zaVSGSpxH7xIcukheIiUyFtPuoJk1XzvWfRNvU_T27daDQXVkG3TCthgaT3xGOqbCXvX390RfzdOX0843bbpKrO5Ljv4Wgokqa3R_mS3k9CfUh01JgaGnu3dt2SSu3PPbQbZBkYlS914NRNH8oy4NXEt7eH_Wmwpy8-pGJcF7L_iWC16GevYfy6PjQ_pktMtwEtfh5wyqywli0x3evREMY1CO7aW_Sq34xYbDLGb-bJogJiE2lZabss8w-EWOAKE_rdvpi4JCJUTK4DqBQa5PWJFeP7PeHeno_jnrOLgXMiyDytPrUbgCWrnczRZB1TyKLYU0bAOc-Kwff5mUwLQNWfNPpTyz8lQUjgIo5uqNDOgi8eV_3tk5WpYHBVyVS9JbtVF26uR-COkpvdrpVqrtH1qRgAYSAF9TVTLSqghCgrB-c8HC5xcHGEooaytEnyVXti1ePsmMoJ9QCzyGVpGmf_JNrhIn4jiCy3tuSAsKu-gmpESSx-ItLNMo3JH1a_rPssuvmdy5iDVa1njph18M0S7jY7rw6BCI_g0_oYfoK8iKkm_W4U_0_kbfEPJIKCmjaqABsJcZoRU9x3Ef_QHthRYXa8wg8ramoYcOX00JJMP8GHSMpVRe7Tz7vuW_TnMl9sd93LrNYMKZANY19Q61KwcaMMt91ReImeLVfDuXHmJMIW_BpxWKdlk2XuCYkvEMS0lUbcj7ndbehPI6CDddF4rt8SWq6rTtpaQzXgxI_SI9madNprNfIZWFD6WFtOCYh8XKqY1v5JBXLM3-_InND2vo3Md7CbJajxJu_rYhnKYu6W5Hw-CyHUdJQB7t4LV2_6jjJ1QQYt_1r_o2Y7Fags2nhgJasgZB1Gurm7q70r_vuujvqZV8D2HD3t0Nx3muSP9JlSpxYf6AJnOf6uPw3LI4opd2GbcPcMZgRxzq7BSMFI-wkqumvveJ7BXlMFeoV3bY8l466YsRWCcF4wcqezYCgFu2_4EONzaOou5-t2rXCthznwFfFfkoRqaGO__9rmURiM1mbCM75A8hmdJQ7HFKEsNRLKsLfbf5v17K8Oz1UbnCsM4bbJDHz0Vsya-QHk9X5LbU3YlUzGnifyFHnImNOyM5tagu8S-phgkdaXFanpyozTiJ_iM0yQs0DvqbGPNZRKuuEx6GqmWGTcAIAn7mrGYYow5BNOHu9m7s0Y45Et0Clrsc41g5WkKG78fBfTvjhGbbQBApX21GvBk00vCkA56h3syr3cxlule2lGY_ulwZHVRcZdvhtVCabblzBf-aVFceyclR7kyfcRlTMSoDe4h9qhSep_7GmdwQWI7hRLZNAbjkZtz7bsoBrjsZe1JBCUcOkUFSyjSnzwv1DK6d4HnP7Twv_Q8HRR2Cf1r47DEDIsQVHjL93mcgfnuCLTvQUlKI7HOfiy3pqn8CnH5rzAVWCRxPdtNrqZhGBfrCjHwJi3YgnUHJl1xQpxF4kaxA9PcW7PQzBhdHISvlMJU8BMlo0CoZPv-2AN1wAh5Afpf_-bfiHE9ApECkLheIm5nIS64DTKEe4sJ5i9RH-pXokZlSOo0zKeCgu8THxwlnzAAxXLkdgMcenzkA-VKXitvqzsTCsGLuT3h98LDBlc8miKxMG4m1ewl3cBxtlX9h6MZpJiJVJlDhVeRSFTg-NGQTNJQO5tKFNrHXQKb1c9pWSoOwAm3j5uP4ISfSorkZ2dIJk1nvDqRkquCnPLjhIAwoQnlMvV0zAxQo7h3Ya7yQO9w531mtuh3xf30u6UnchyXMm2f5fnq_nSfjjcPVJkpKvSqsMeSteNulkNP_tMdRMZpcBW2IVzGEov3qO236kgWPEUqvwbQar1agPIMEvesOkV4hMqZchTszs0rloR7ER5Ba1FqWQIuk62LqQeU7HS4tcVDerI3obTfgn6OUzzL31E&cid=CAQSPADICaaNcv9BKP84tASMNcrvpj4jxQtdGTHFD0fDEdiCQbD38djZKX9OE-opPWFcTfa7hX2GHancgc-UdxgB&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=15755765673417644000&adk=2086295851&idt=93&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:09:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:09:55 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231106/r20110914/ Frame 5D6B 31 KB
12 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231106/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13ba2997ea62a564075f4e9d586d98c0f2662d6f23042e5f39366b2f27f320a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:06:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71562
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11881
x-xss-protection: 0
server: cafe
etag: 5723174479369309319
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:06:11 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5D6B 41 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 207151
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 06:26:22 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame AA17 4 KB
745 B 34ms
30ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 15:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 14:08:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 15:58:53 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/elements/html/ Frame AA17 15 KB
7 KB 26ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ccc4eb3e8c138e0ac4c09d09e765d3228f6fdf29b134613b5a2331c47b39aef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 22:17:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63665
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6703
x-xss-protection: 0
server: cafe
etag: 18125926408851158271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 22:17:48 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/elements/html/ Frame AA17 21 KB
9 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfd4745fee7e2635754df4ff32e620ff7356b538283d881968cf48255db8eebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 21:14:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67436
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8785
x-xss-protection: 0
server: cafe
etag: 17726888854999048520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 21:14:57 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B231 1 KB
643 B 25ms
24ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34308
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5D6B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f191f9225414dd6c172413b2b7fd5d49a7c2dce231704687052638ae020c758

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D868 624 B
242 B 65ms
59ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjMrI38ATAB&v=APEucNWZJDActTSSz4pPwBMP_NttlrE5g2jb8vQJavPkz586tPkiY3tjtlMpfCkPnZ5P2AErhXghmWyezu7fGW-OAuDGHtK0E6pHV3XjXEs6Xg8P448dY7tDq9YStloGjq3oRRbbFa0yvYw9jl4cvPfm7xYxfwLWv5tOUZjZbJqyJeW6hr8eLMk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 93FD 89 KB
31 KB 118ms
117ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:54 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 93FD 42 B
63 B 60ms
57ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AMBHDB7I1zyKZOlZIQZLGjiLIHAD_8cf57FnRlC2F5dAa2DMoStZH7bRIiSru56rlO9DnnzKSE8DX_EP_QB0IyO2c0GOylxOZxO-Hy1U14ZlmNeGw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 93FD 0
20 B 60ms
58ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11627810586163493107&x=1&ct=76

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1474271/76103299/xbbe/creative/ Frame 93FD 261 KB
79 KB 201ms
47ms Script
application/javascript 54.75.153.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1474271/76103299/xbbe/creative/adj?p=APEucNWXGRCsI5qLZ9x1t9Q0wdOybhwwla5aY2SkcSu9uJeH22qP_aU&d=CokBAKAmf-CqRtXVrKh1eudcF6ZJoVwA7qlvrRQBJERhJu-fckQCUfbyD8fH6SVW_Tgv4pER5IcKEMAjsawaNtns0Ba-cyf5LWI0osfB2jr-vrFRI7wwrivu05J8k7HZMQCmx9UxRN8jyZJyId1mOYllIV9FJDBBHd_iLqEk_QesMccMSc_Db7UARIgSuRYAoCZ_4NfVWHwkEy1n3rG2GSqfpqLrRdpDWA7ljN7BSg2Yvh8s_MzlkccUlWH60NCHmnW4rGH6_IK6hd_wHay9KeeSDEXJ9fgmnl1rN8GaT9EjXPYdfNMavgIpAh5ph_l5TCRLlKN25XmzX0z6-kPfhmv4Y2UJzPP-QTOiJGAW_aDfHfLWGpDYdTzl8pB1naUo3peVx_gx1bpkOe-QVpFhskXkaVu3KkFrZByX7S5MJ-6wnMWujsSNmQEdn7KoiCgZuC6Esv4csMZjW852vV_wsafq47BrCl-yue5gINv-YBSrK6rYIWEchTnszVMJFweM9U_KpMJ6uZr9TKioeKdVY5eDYjyiuilU5ZaZtOFk82ujYCITcxVCy0ApexsTg-7NbSqexHAWAqEY9YxdGk_8Yoej6sKsP7b_nTCHYh2Jb6gSNtHekIaCljGA0unVPuvWVxXlVjGn8WfWcKpCgptK8EmgfLengJGHchWy61m68QPlnI2MN42N7U2_OzY-QfKWZ6Ke96j68gxaTcxDU2XdV7jE7uImD47tRyig8RF_Uq0CMiOgc-mUMBuVqOQKg8lYw-nsYwykxFBjZ8rVJDG4NgIuXASvbXvXY9CjKhC2ETdLjQWtPM4THOdnNeAEw8hrLW49GwwZ_-tB5bYrZKwkZzBA29sKKqUNqNN-u_zUrP-L3iJEBs_aDSh9C1q2UlB_XjT-aZdNK03sJyJNZOCV3bOcFZiRczWcDyK7GM_TP8PalAZmmbIeeyFRbDstnv1GHIHJFhjtWkGlaUEtQ4sLFaZJZREHZAnwbyjqm8f1yq5paMRXtKR8XNTA1CxUTFrIZm7f6G2uqeOAWncztrIG1A6NffOjIcQuU9y-Alz8DRf6oqT2brClOPMszdFr8ODucxmLABqMXQQLFWTicIFbSOW1kECpOSFQac3RqNgrLOfF9krPWquYIEnbqTTDUcYRRF8mfvqfcg9tpa5SfjQWriWoxaTWcXU4PkBSEumBIYoBbOQkwrQ7EQur1Vk325Ud-E7HHYvtYpvaVhqNfGRgRmXwDz79Smg5yXJR4I107LnlxzGD_-GPMV6wfN_F6ffNg-AsDUkUTQNer6__5FeSMpRo5Cuv7gERkIA8W2CcKjOnhCDCvSJFSptORzdMCNVG_a80ZXJYOSD71RY2m_uNqKwVVhhSIVlc1zj0lhRRA6012oeuL3DSlp70YFkVJAHenyY2_dmfNh3cUscoHB9q7YxaPygYAccNdwWmdVc6zP-YiIklQVYB_XiVt_5yiD0j7qv2_H9-XLwRUAQISoLg9tipo_6QLm4nvk-gm_Z21DpB6lVxvvnQlma2vvd0_JQaVoH_sGTpUd0ozBZF3fL-VUOCCR1RP24HaGu8_IU1SnZ1TIkcOHgNquO507zKV0ZHjAQP84r5R5vzxvvCVPevH83HYmYeSbJCIEBf75uC3G1rwofHY-up0PvTx9EzKoZldWuWPAY4saNiHQUeOEoItcOs9ucOQ3BYlhJ8m6H1h68Mk7DCxYDZ1vTKa63sR5y_inAwWAVfWhnymxKPDOVFyFtuOB8WfAqOYvHncW8dB0_MgNB58cw6aIJT-Jk2hACOuniU9_cpEjOcVYEzsD-Y2LrtAlwwFq7AhiXqkESTOtmARpC9EBfnYbxfcUoPUvEbrUZGDzJCR0beykWdIxF_kL7gG9z4qYxeW7dgz0rFdaen_Me5BrwXqm3HL2rTD-pr8inOnuUQkQJStXFiQ9hFAtmoI0WAka5csYOvl5ZxuGcGXyrapHlC_C92WAitMzrDEcgkvk6d-_UZ4KfauASy0QpF_Ue-wxSwMvMoeLKZUhdpfsu0qvgzqnlfakpEuIhZbL6iosqsogf2cuOA8OL30Bj87Ls26oXcGXW7faQhZrO8A01_c6eSMc5eJ1Zt5PnZNjN8zvM0gnKefYoz2qmHx6i-w9dvX-QwYMVAVSTvrlE4DqkPHiKWEIZbnzsYECPJkN1c1RNw3fXdVs5UxrX_e2nknufI8Yx947AM_V96UoJQI9nbyJooOGhBFTPuWXQKOICreMA22hsO9jmBUSn7ZI8pMZvCN_fM00YTTNGYE-E8_HwjvPeyD1VktBy-NEXqtCt9MRTDhU5Sp2TFZlOQaFFvPCk3yxQhaQbVcNSPjl7Vg_xuY0laQ6Q9lvWqE2xy1RaDZjnOZGbxosGjpDp8iz7gEapWBdik0jUQMUGRvN4PtgNKhnb2NsKJGQxZcB14N_DCk1F1O3KPj9ewAo4QXlBdPDMmk2ISosX4xjx5P9SBhvG8eA2mXDwbjOfJUfY7kNsZGY4COejBSxfRCPrktX4SLPpGmh7HY-pa00ynMbyAwdY7JBObxRpZS5DM8VYRyq8S3tA1KscG2WmnFEGLNLoc-xf0VtqsJxeifQ_G4HWNhOIscRa2mN8LLfcQsER3sbjpKPQ1GanZnUfMVwrYkF0vStAPXtvKj22oMTaRgZs0RqdisZSTP5vy95gc-X1idcrNnsrpujesvLIRJ7fI4Z0YvZja16wuqM598VGEBlXEzdKqwV6b8BwdhvRkumaWwSY4wkuV9GlVvXqJbw81CttnDc2UMPDorHwKDat03CAKmyoyKHNJ6K4DB-Bu927aQgEK0zX8i-AP8M414f6ao3nsoAU2dgHtzuxY5vf2p4PwO5v3vqUmjGJZWpJSLhsfYP95-4lpwMbuz9pKDF6Nif1q67UGC4SwcLY7b-4rGe1N_Xg96tFm3sdhb3z8RSy9AHh32AgmsWskyms3JqJfdZy9U07N3EncRqN8ytLR21klOZNuQhB1CoW_1KwWHxEQ5zUgonFgm0QNi7PWOqNM2JdCdqgPkAKeN2Jyh7u3cEgQBxSp-VK4Clk9E-ZC3R2BNEoBhB0CZZIjGQryhBxZUw2EUnJuesXOomQV_y0FYxe2anuw4onBfSeykIT0FaQ_6IjifRyyBoLPREiHiBOp_WyvV9YskeWhIJHpIVlt9FyWkO8QTlmQuwCUu3IPLokdC2qNiLeti51EiH04ua7Yy31jIuoTDwq4Nip8g0yld-zINRCmjeWmWKNY1jh4f549TQnKoU6NijRbf9wpIggacY7_rlBH_yKamjR-y-S8WJqkzB-ZOn1NcB5z7ayQaCt6pZIWickXniHckqaiMP6aJz5r4lZubNzM-9Gi4oagWOMYkZKbm4uyaoJo-K26tl5-VaWpKeUJwwsmyDlz6anbtLnGWinbu1bJNkUNfKFwG-QerL6gOWhGZuWjBxV2yX2TD-wSFD4Gwm17azIvP0_-i8vV50uENu-eV6MrdmSsfKTeKWRvQDa9Vd8GMQxRUb-tcA3P5nCFqjskg2madijR3NxgG4XkdHFf-N9LsHhjKAZjzyokcgOwdN1PmpVGJwIP1zUXxphyZZCQt-_vtSWNv0FWVHnPqLRmUyJAKYQ7lo9wdY7K3-dAQU-6pbdoXxDjqRKB9WC7tEspOP49D7DskfNF_XNDoEeTWPoYtxvrHhSvcKs06YHkvGHF5fTlOs-AqE8hEt1hjmKUlqqv7zRIhNvcHDlJyITksJnH2tzwb2fLfHYUl1MlVhcWKKRnvI4N4cpgl9FcHXYtExmAdstYDR6QzcAQ9mmPI-dIFTNQFHzW8rp3snxptyhrhxIA6qIcF3MD05JM9m69rMyMjV8wV_m5ReZfCOYTta2NfUACddwnSSM6RY9bsdzCsH7notfzyUUJAR_4d9v8CSGtD0VTUqej8cNgsquEESC2zibNHkOGRqmHgB_eqzwegcxKSudipf_eTjsuyLWexp15a6B6U96GH_t1f-5vRWHAtCiMM1o0PkL_7PuU4BpBCAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAFgAQ&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20123268692&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iCAbnril3t-_Sh8nxK6MRj
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.153.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-153-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: db5c2af8baa30dd31a5f3bb195efbc118dafc8c358815b48843bd8eee0304f38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 93FD 3 KB
1 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:32:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 22 Nov 2023 08:32:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 93FD 20 KB
8 KB 28ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71790
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 93FD 0
0 32ms
30ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQGMuPeKz7_1zleoX8rVclX3mUvUbb0bZR25JoJxDQj5zX6SnAP-P19R2LL8gUFS8hQI8jCkVGuuL-N6qJpzt4j-V28eg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 93FD 190 KB
60 KB 124ms
121ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:54 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 483A 640 B
262 B 93ms
59ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNXf89JFUwC9a2U-IU9_uV3Rp3y8S1_HJqGn4t0C9hjx42RtkpXeVf3qPC0IdtJdKm-nbk67G-gnLFdCTkT_Sm4mDhcrye9iuvRuC7X-VnBADid6BdLXUsXSymIMqoNYgZNWy1Af5sm9rUzyUx8FP07ErCyudVfNyJ1-odek5GmgGXvZv4g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D767 89 KB
31 KB 190ms
190ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:54 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D767 42 B
63 B 59ms
57ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BQOg5Sxvt2eTCYY2ou2tXf25QqVN6C4BaJC7FwKIREQsfANxtdCDB7fgumyL86mZH9Rb75g5YmkD6OuUhi6Mcz7aDOxgXBiokD42LLOU4sTnAkifQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D767 0
20 B 68ms
57ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18273098108107033687&x=1&ct=76

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1474271/76103297/xbbe/creative/ Frame D767 260 KB
79 KB 272ms
134ms Script
application/javascript 54.75.153.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-BtBWF5665hsQLyixw6r0pTR1H3DMeRPQG8PpZHMAvNVE9EMdtMj0EepwTAoKTedPd7mxmBtM2kiYSi5oMtZf6H2lqYafTq6NuaHXHrQjmQ1l-71Uj9GN7G7QVj9kgTFEiL8Xg1cgeOp3tYKy1WdDD97KW6Fzors_HJ7TEu4-AC61JW-EYS-RUAoCZ_4PbnsFAlOigvSmotJ-4rViQDyEmLzBpiKYOMhLBidmAimxdIXZsK32m1_l1QyP7mxvRckreqM_fMwUEzxWX3YdZsBJl7jy3j-NuQhfSoJFi3s4w5PxhQq52y4E3Hk2ay4Mp1mysqc-kqt6taFMcE57Mp3X4NBsQfmcAZpondeqYPubQ6eTdmzLZQBV-E5kaF14ImAi3wmnEDLoStPJW2h5DyYWWlv1yFKUrnn1ZPMJbDEEEZT8NTqKjIPonARcbsh2j1-OT1nv4c-Hias9ycG311XG_cf0TNwNN83Fm9Ui629crwnaWawZlhT7AbjyYI_6Z5NBvvVM-mLulfJ9bclWoq8k4sV7w9UI9wnnJKKpnJGjXFKMlHDrurmqT7frULYOC7EmjaqM1Og8CNUTL0qCAliGTQObUOpTD4GceBTQYp5t5rS6nsUzp2xx_kYcff-HwnwKVWgj61l61icVqqaFgAJOn3kI0Eos8hnKrrHvGcZHd5qEEQBnNlsnYOCTwc1ARFx6QvXC8cYqpQS19A2MpZk6ltYk7VoueyaRJzfreIkL4xOsbZAgq2f46BH2s2VkHM3nrp10TM-kzNJz8_k-phgPMF4xi-tJFZ9hU72D7JRK8MgsR30XiO4CpDPq5nbENf6vOBMTU9R-T3945fpw_RechdZryfmo0CXsAUkKXGdHjT0fCe-S1w9vSR0iewR8drf0l1zQVdX2fweX0ay2Aj2Y-T3T3qfHBNol3gXQ4-mgShisfqb111ZkROeHQw4_077oCJAX7h3pV0aFCLzx3CM4oMwZMpMGN8HJA2IbTNRtpC68T5u1RKWDTtkFmC42jeIVD918SEbYHAsA02kj9l78GXBZd1XMKFGHiv3f52K4HYJN7OlwdtjHk26yzYYwY7iQjgIWIPz7_CyY8nqljSyw64cGrvbKY1gQrMtQDeC-xCbr_8LpcVL1WtxRVo3YOCpDZZ-ihPR6pqw7Nj9uDwiTrfIAZtWeoBFNT5KHJQzIyqrCKX-sf3m3BM26jCT2IpflBgYIA-WEVZ0Fk6BrxdCqvzlA7OVTcMGNTlS7tPjEqB7yDT_Z_SEh7wqqyG6gYeNB-rSI-knbKygq2lyrHbWDJ6HWYCOercW7z69MjXpKkCEa8VsVVpovXKpWeQmrxc8M5hfDrGcMH9GtFqrh1G2bp056EYHUuybSwD1xTHNE3AUIZRR4bUL71S1xL-ZCbVpL8850zhL6cYbH_d89JW1CmZqFCFjJeQIxfuY24UCQjs3-y3D9FwjnMj700H2AKHoxFoYaSj8gXigGNZr6Xjs-f0L87elwkyHPg_q1lgUe-1b1CNDGbWE7sZuDg_zoWBiTqU6RQTF6EiqWzCH7INrATb37ZNUqL_fPmY9mNa_p8AH3z1HVJiyz18lGA1i5bZPITSj9q_X_vsa_eOrbE-tQBYWzhy9YQX1Jl6EYAnnBJRrKYTycyvHLnFuziIMInKvqIuh777TlAwj5fYVDe9WHOTDeJEtEvqNOUlSGhbCtpGdZ7qftpPBMEUl4jIPtdZT1dRnDRLrcYvORc6kCsvPu8d6v-kHLQsPrH6wr6VFMB1L5WJeTCSM577-JnO1Z0se2UoHodJ-aPm-L-lhMzIl8BApphn33VPO70_ww7LRrpY3B6weW685457lVQLay9xc-Z7wkx0C7zJzmGxE2iPjFk5XC3uZNH_ywslLQtqLjTjHZkmLq38TkW4TfqMveOIVCwlxrXoU_jeh5gzI65nOyXm5XpHuNeuW1cqc7uea8tsxT8GcrEsio9fmE8fZGU41MFqor6PKOepYKmrGNroHl4dPMFLexMsP1WS1FrPxK7ZNSFUMS9dJikiRQPCi14t6cWNp83fS_BsQStFrVVulSvP5fWIIK9YhSe78Spk8Pit5RTOY8kQJPxwjDmg9mQa_OWW2Z0UQPqzP480nGmBqwXvB-9Iarvd0EfPZ36WQk9QuREkuWiGucIyXGgMoQjzfDFKd3Am3GAza48KOIqyPSO5lcat3jVE1KdR_L0RLaEnsBO-0V5q7zn5jYIsPlLO2bCrQ2_3mMdXK0sXxRbA0-R-mL2-RC1pV_ISpXOJNdrnvymNS7dc3I3AXP1IhzdWHkGhpepNX7x_C_ONVjzgPejXp4CERPCCtG2CLBQs20blHVrEjOBG9mCub_t9oTo4QQPNc8UFuVV0J_GG1cszN5pQY9YhUZtoMJEtDCXD9ONvA8RMh9dTx95cIDtBEOUEEgkl_TWhjuQ99E8SwfAs6lKFm2hlMSWeAb72J4hSEYxdqKmKHey5kFSS_dAT6MdKd5tpjNYgvTCu0p7RVrcRHdJg4uGibaq44db9yzoTZE-zrQNL7l-BZtrGQXuGCpWn6uppbobaRxk_rXSN-ElXtwoQuoOAFdU72lGKCcYsGx6dat_39iYsf-ZCzcTQVAfX5cDJ6A_T_fY1mHIWbN1gCKJTtsCdZuxuFbWtEkKRcmxvq_8hKOUiTT9KUOfTHuRBZvqe93MPPgRVfCiqF6Q8jSYcTCpIDl5KkzNW-cVZ-7oeXKYCKEhod6IBloarWcgZp9YfElHyIdRKJizu_3CNsaGNA6o2JqfFWfal-jmLxD3sPraZmK_Gezdtet7m-g6NkwgouNxyI0H-gi6CTICNMsMVJbzNFRZpLDgCjQLJvxigCC3ZU4hNn3cOZwmlD-fYP4YUizBBSOzX1Wd-CJvy21BBMPwMZ64a7IAyN3PzntSe6ZdImigjgu6NRqkTShtF7ZVMGPSSV1tpFSIESVjKHO6_ACrkChX4qGQu2spVw9L-z7baDss8O5VBIbzCugiuj5EYpk3VYjDVBQicoGRv3g5YTEMs6yq4zrYkXDa8H3Foi7rzAdlBg28lisUZIYgWrlQPobXYqtmFm9It-nFnuBsP3ebMCUwxg04QUE43TAPwpn3CHuI8TK5GAG-TD8CpBu6trQkqvR3ZVgGpufsguCpiHsae5LtQgmt21x8dshdBD1I6JZpvoTOQhDyefzLx1qVyp6FDKX0N9UscqvzPGkiABbqYBo_ubrBkHm72FE8wHBpeDgvvtuio-zmJseXcYguuvnJk2YIkeqQVFKlAJbq5bs_xJy6Fv1MmXfBMgh4x3rKU4AWlCbt8z-iGVgeRL2hXFUlAIVQQsJmF1c7e_t-G8U0Nkp6QirRu-YxxdgIBxcb-PqN_OVmEW7zf3vJvFfMFzW8ZphW3sMhOgaADFVdwV-DrPItqgbr10It-O0BUx__eTejiO_g8X5CY2nZwCxqvtg9D0dZlRSBU_pzTFg4bu8RiYDnN2LWee_0fJQXZu4nf97Xp2a2wvKYhr8JTdZmkkoZ8ijNNLpqC64UiYxK075gVy1fhqslOLJ-n-u_s7amYR5lWvJnT_39rKpZjcrnYGem3CyX2ct8h10kW6LbodmMb2ry6QPK4-Cqzm7efxWfLrenPpbHC76u0Rc931jiQ6v-XrAWA7jJ-w4L0qnT2AS6QOJ-Cdg205fjNcLf6xYRIG1DLOSTAwa1ECLhJiVA_pcEdam0pp8BbzDm5NursGvTebYKvGti3IJr0LoD6-XJnRu2Mymd0HoxDiYEvVBzvHrEQzOpnUyaV6hTz3m5K1568k6IMYPLMvek_8F6j6Fd4YmGCMSDa9yFsQO13F2jU9uy76ATV4ABuwXT3pyjIhB4Gx5707ch-52vW0RLfZNvXmiFKVVmaKt8Wn9ckxUHZiYhuPF7nb5aOx1eEzcRTGkEIBBI7AMgJpo38HolbSeu-bLcBy8LvB5LlCwW_5LDSbYxFR6yLCoOQ8XDWus1QN4M_L7V7frKPbXEuxFY5dsIYAWAB&bundleId=&ias_dspID=3&ias_campId=1012200182&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20118583893&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hv6fJj42_pbGowSc7eAbe8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.153.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-153-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 914da89c4b0c33ffc5104c3c03453ab4145cac6b6b785df4fce4ec2920d8782e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame D767 3 KB
1 KB 39ms
29ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:32:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 22 Nov 2023 08:32:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame D767 20 KB
8 KB 41ms
31ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71790
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D767 190 KB
60 KB 167ms
153ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Nov 2023 15:58:54 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 068E 38 KB
13 KB 24ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 207152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 06:26:22 GMT
expires: Tue, 05 Nov 2024 06:26:22 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/ Frame 4446 23 KB
9 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71790
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4446 8 KB
848 B 35ms
30ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 14:39:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 15:58:54 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame 4446 15 KB
3 KB 23ms
18ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame 4446 376 KB
131 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c9ee4bf9f0e069ecf0037a5cde67640a7a323072f95efeecea32fb7177a518d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133662
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 4446 20 KB
8 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71790
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4446 0
0 29ms
28ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSERWKhkpoufXZL1Pu7YJnnTqboH69zOvBNeW6_fLbLdIcsMOnwU67vYffcFCpMUucK91WF6QLbwQjYAHEIat8VNSuRLg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame B231
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOYJdClpu-8IgWnzAuylpgs&google_cver=1&google_push=AXcoOmT0wbI_kDzN3DvaOWAlLhl5b-fVB5kuAetZNpdgnOJiNYrdgtRxx5HY7u7WDbsvjnRyd_siT97SeOmDNY9jw7M7PeSvCoaI
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM4NDIyNzQ3MTUzNTcxOTQ2OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENllOYV1_-uZjXzGjtXQT7M&google_cver=1

43 B
398 B

50ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENllOYV1_-uZjXzGjtXQT7M&google_cver=1
Requested by: Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENllOYV1_-uZjXzGjtXQT7M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B231
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJ7iA5XanUmRU3QzsBWJbd0&google_cver=1&google_push=AXcoOmR1bgvc2CWpo8F6oUHc-K_hqjkZ8i-iBszb_hMpHuQICihMu9_olkkf1GObQZXyQFQqtgJRl4JvV_9v3ZneRoAwtgmX8nbL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmR1bgvc2CWpo8F6oUHc-K_hqjkZ8i-iBszb_hMpHuQICihMu9_olkkf1GObQZXyQFQqtgJRl4JvV_9v3Zn...

170 B
188 B

70ms
64ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmR1bgvc2CWpo8F6oUHc-K_hqjkZ8i-iBszb_hMpHuQICihMu9_olkkf1GObQZXyQFQqtgJRl4JvV_9v3ZneRoAwtgmX8nbL

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmR1bgvc2CWpo8F6oUHc-K_hqjkZ8i-iBszb_hMpHuQICihMu9_olkkf1GObQZXyQFQqtgJRl4JvV_9v3ZneRoAwtgmX8nbL
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 07 Nov 2023 15:58:54 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B231
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEDoW_-szeHeubIKDwzxwlyg&google_cver=1&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6Q...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDoW_-szeHeubIKDwzxwlyg&google_cver=1&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6QudnKP

170 B
188 B

44ms
39ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6QudnKP

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQh6MyyrtJs7TouXa6wtdJL0mJ0KQ4OcLyXHWbZ0508VrQ7wEo4UFkAqU5tXR8fYY23_c7nlBm_TeHaSkSRWssdF6QudnKP
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame B231 43 B
363 B 107ms
30ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTR16h1Ve1QMGpQQZ_xDMWROI6eF_Ty3GeAKOoo3yZ2yTY7DBkZRnn5-f-4nnUKth6T76KFNsgITU-Y5NWNjgVylaEwkJ8k&google_gid=CAESEEOvdt2vImLXKR2KhylW_bU&google_cver=1

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 272123
expires: Wed, 08 Nov 2023 00:00:00 GMT

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame B231 0
166 B 112ms
33ms Image
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPXcXTUmJSVRcUqC0l6CZU4&google_cver=1&google_push=AXcoOmQpLZZwxUm5AojkI6DwhOXe8s7oqzP-se0lufya4tezu3Po0qr6hWGSJYt4Xo5BnbROl5lz3GKuFxrWCdccxU3Qkk_zIdYR
Requested by: Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Wed, 08 Nov 2023 15:58:52 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B231
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESED34t1RHgUg2CqTtANAcdOU&google_cver=1&google_push=AXcoOmQM6sKjHSj7QAhClHYr9Xc2fWDob9E63oh-97vBGZ_IjrM2QtBn0JnxTF2T9fHqc8EmAZa...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9QWTM4QjctMVotNU5XNw==&google_push=AXcoOmQM6sKjHSj7QAhClHYr9Xc2fWDob9E63oh-97vBGZ_IjrM2QtBn0JnxTF2T9fHqc8EmAZa7gmZX-QsWzePTmslbwymxKFF2

170 B
188 B

54ms
54ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9QWTM4QjctMVotNU5XNw==&google_push=AXcoOmQM6sKjHSj7QAhClHYr9Xc2fWDob9E63oh-97vBGZ_IjrM2QtBn0JnxTF2T9fHqc8EmAZa7gmZX-QsWzePTmslbwymxKFF2

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9QWTM4QjctMVotNU5XNw==&google_push=AXcoOmQM6sKjHSj7QAhClHYr9Xc2fWDob9E63oh-97vBGZ_IjrM2QtBn0JnxTF2T9fHqc8EmAZa7gmZX-QsWzePTmslbwymxKFF2
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e8e3ec71b160ae7345e4e302cc752a77
Expires: 0

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame B231 0
44 B 118ms
42ms Image
text/plain 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGH_twZqkUhhs1_YlKMlr7I&google_cver=1&google_push=AXcoOmQ5FIitr8X9CYcAsQzyZw8T6rUo-4-JnphBcocBfWO-K_ug27b9s8XKeIAWXUKzDaVPB-6Hv0lFVAqZg3t7qlxzZBWt1sw
Requested by: Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:53 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B231 0
12 B 29ms
26ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JOt6Jom5bCGmX4p78aL7tm9bKnDb7k4OFZ_QsfQPcu9KM6PLgMg7-LnK3wpDF-MXQ23n-d

Requested by

Host: 00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com
URL: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D868
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1

43 B
738 B

55ms
54ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjMrI38ATAB&v=APEucNWZJDActTSSz4pPwBMP_NttlrE5g2jb8vQJavPkz586tPkiY3tjtlMpfCkPnZ5P2AErhXghmWyezu7fGW-OAuDGHtK0E6pHV3XjXEs6Xg8P448dY7tDq9YStloGjq3oRRbbFa0yvYw9jl4cvPfm7xYxfwLWv5tOUZjZbJqyJeW6hr8eLMk
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yS5a%2Fxbv8%2BVj7Li26cgoSKV5i9GTjV%2BKq%2BpRinnX6MJtXdpUUbt8Zo6BDTDmkz31nHQoWnkZA7otTEGzDg5Oudilk9MjH1k0SUj6CqTcxKxScBK%2FGiUgRJK9HkNo4UWEQSlV1gLAK1TDog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 822f05247ae12c4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D868
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUuwPS4D6p3cEgUOB9WtHQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1

43 B
736 B

92ms
57ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjMrI38ATAB&v=APEucNWZJDActTSSz4pPwBMP_NttlrE5g2jb8vQJavPkz586tPkiY3tjtlMpfCkPnZ5P2AErhXghmWyezu7fGW-OAuDGHtK0E6pHV3XjXEs6Xg8P448dY7tDq9YStloGjq3oRRbbFa0yvYw9jl4cvPfm7xYxfwLWv5tOUZjZbJqyJeW6hr8eLMk
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0oAqK37S5Cjfs1kmRwqKEWZMFZGmZtvJaGKqt2FIiyEoQvfyd27G9RF0E6jzN1aokbAq%2FeeR0TLBzgPIV3dFwZ50Fdtho58lkUx85QdB6bD5cHTnYYEWyhRyzHGmCN%2F4OXodo9v%2BSSdog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 822f05253c1b2c4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJNhlpOo3wP33mNUxELyns&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame D868
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKX5EXS2KfSL4chA0fGDEjk&google_cver=1

43 B
843 B

106ms
14ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKX5EXS2KfSL4chA0fGDEjk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjMrI38ATAB&v=APEucNWZJDActTSSz4pPwBMP_NttlrE5g2jb8vQJavPkz586tPkiY3tjtlMpfCkPnZ5P2AErhXghmWyezu7fGW-OAuDGHtK0E6pHV3XjXEs6Xg8P448dY7tDq9YStloGjq3oRRbbFa0yvYw9jl4cvPfm7xYxfwLWv5tOUZjZbJqyJeW6hr8eLMk

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
an-x-request-uuid: 3e0d60c4-ffec-4423-8bcd-dd6539f949a5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.29; 217.114.218.29; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKX5EXS2KfSL4chA0fGDEjk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D868
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE0MDk1MTgzNDE4NTU4NDI2OA%3D%3D

170 B
188 B

92ms
55ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE0MDk1MTgzNDE4NTU4NDI2OA%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
an-x-request-uuid: 8d37576a-082e-4169-b0b2-29c8cf26d454
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE0MDk1MTgzNDE4NTU4NDI2OA%3D%3D
x-proxy-origin: 217.114.218.29; 217.114.218.29; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 2098 0
235 B 399ms
122ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lopy3894&c=8501616529858&slotId=4250808264929&qqid=CNvrzc_itIIDFW9cDwIdSiULxQ&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2098 15 KB
16 KB 127ms
19ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 354095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 13:37:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2098 15 KB
16 KB 105ms
0ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 474722
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 04:06:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2098 0
20 B 71ms
71ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CfUkyPbBLZZvZEu-4vcAPysqsqAzB37iHdIGa6vuKEvAuEAEgttfpe2CVgoCAoAfIAQWpAjT2-VDP5LE-qAMByAObBKoEpAJP0IsR08RzCrWyYM4ECk9EHHk770O3s4POkbIPEk9Tboqb_wilBavSDJmnsXu6w76EDkitEYWxIJtBD7MJ-pMV0Icu-KFRKGqbKW0bk_vWGFk9DR_BsdnduZHNgJ00tUbERtUVt3it6z5F3e5um3jNGAiOf8Dpf-N5BrJP7VC4n0YR6VUkgEfPRPxtpLsHy2XuTJ38R6Z6xQShw3_hhf1EJRpD7_RhrPYc7A95xmbA952W4OLHkAjNB0d33v1EES1jTubv-GDNYv-nLI4iBlKEZpNbwvYyPeaquZYErxc-U4py7ELsFAtgdQFqf2ZVYENeeqpugCWx5MyOV8idiitVGGiiBL04CvYXU3unmCzR8maG2BNOHpC-fCiktGyuLKdd9MiBwASnx7GQxATgBAOIBd3Yw6hNkAYBoAZ2gAet0_2aBagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsB4AsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE8mptBXIE9K57uMD0BMA2BMKiBQG2BQB0BUB-BYBgBcB6BcF&eventType=clickstring&clientTime=1699459134112&ai=CfUkyPbBLZZvZEu-4vcAPysqsqAzB37iHdIGa6vuKEvAuEAEgttfpe2CVgoCAoAfIAQWpAjT2-VDP5LE-qAMByAObBKoEpAJP0IsR08RzCrWyYM4ECk9EHHk770O3s4POkbIPEk9Tboqb_wilBavSDJmnsXu6w76EDkitEYWxIJtBD7MJ-pMV0Icu-KFRKGqbKW0bk_vWGFk9DR_BsdnduZHNgJ00tUbERtUVt3it6z5F3e5um3jNGAiOf8Dpf-N5BrJP7VC4n0YR6VUkgEfPRPxtpLsHy2XuTJ38R6Z6xQShw3_hhf1EJRpD7_RhrPYc7A95xmbA952W4OLHkAjNB0d33v1EES1jTubv-GDNYv-nLI4iBlKEZpNbwvYyPeaquZYErxc-U4py7ELsFAtgdQFqf2ZVYENeeqpugCWx5MyOV8idiitVGGiiBL04CvYXU3unmCzR8maG2BNOHpC-fCiktGyuLKdd9MiBwASnx7GQxATgBAOIBd3Yw6hNkAYBoAZ2gAet0_2aBagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsB4AsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE8mptBXIE9K57uMD0BMA2BMKiBQG2BQB0BUB-BYBgBcB6BcF

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 2098 0
55 B 385ms
124ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lopy389u&c=8501616529858&slotId=4250808264929&qqid=CNvrzc_itIIDFW9cDwIdSiULxQ&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.rd&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 2098 32 KB
17 KB 494ms
296ms XHR
text/xml 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-ASezoId7NWgMdzrPvqgCTsJEjW8PU-ngkXnTKiDdBy_dt0z-GQ2avgN6VbvIOvQiK14JcRdd55k-ikcwBNdAV_QftOMA&cry=1&dbm_d=AKAmf-A5EINULLJWklAZ5YtR0qpEQ_Fb-AKDfUIM5eSn6JS3blNdHVHHaJcsC5x_VaxLyKAgvxw0Yzm1h-n-fUsE_61ZmyG292KNVA_2es4LQMuTKeC1oYyKWMkRcBVeoHSQ5RfqIbG2PwR0QIKIX5r_Lz9edd_6lRRvSOeoQCJlxTfH0eAuegTNfNL2RRA8Yl62kV8iJN0s-5rejLEZQXfYpUVjUwN-DFUz5f-tCm4ebKMVQTkeVur7_0TXJLj_Tw106O4w7gW1paexJ1JA6kgJOEYmlnobqzjoCOa24NooiHkUchHQv4ABfRaekKcEJvEdaVwMLUdfWuAuy2QxHYi7xjPSsCNOWg9txwTA2gARXmDgXORCzzqVKzvPaz4s4Kpoi4wuSJEPoOK4d2JdgR2xtNd5wec5KOOsvcpov86DgomF81Y_rnNU5m5CreSdhDARwjIn9LpOJJGHyJ9KT4carNbVi3W8zG1dLZZNpb2EIi26k5B9nwuj5EayR_94xhdMOWM4W_0jdFWod07mz9IdxBFbC-RqyPgsf8WBAZ8CV_e3gqBCk5DM871iwudYpmptA8Kr1UOPM5kKicUyLqknL4oGglXk3s_8yqoJCfkKMVekn_AxzemIGxXAGIoGYNUJ05zH4K4mVICTSS-fjZg1rC0UHe-_oFaQnA9GlaJjNO5-hjH4RWpUv7vJSRX9xtHo5RCQg1rzwakNT9hp9QTJ-o2InfIYiKacC_xO60lQ_NF_b2xsCq0n9nVf6NpPVJ_mbXLijFk25w5QjVa3u1mweVU7TGnP99_zCcPrdqzRQb3QbzFl1vav_kTIIc5uvVQDR4HBy6rluSPtb92roV7ORs7nQJAq6YCwP5_8oM5qRzxKdNs8iLanC48jSWZmCrrQJxLZoi2UlNLi7rPGDEh8ZP1b0yW0Pm0DQ9yRX0AXUxqzNZgch-eZjCviYOE3NfyiH8uKnyQ1y0VUTTyQtjp8sgqqFl3cEr-OBOnQjijWwHUs7IcdVgVdph5nLQ0zsXE6LOLIpeGjrJ3EyBM90BqEoGV8tvGbDWsNOgmCAuNzzyLngZJPLqfI0U-ZifBSa9TfbTTSrSQpga44AhlPyObPakGl-TgvQIKw46GcKC6AteqZoz94RbScWOoexDNw6usvXb1GD9dJXsBHVa4TKgRgPhrsmno0HXff-DOYvyM-zkd23X2Lo-dqEfX9YsmA0bI-pAJDw0DdwGt6cxJJCvQQDUsO39eiiILB63hWKe7UpLfJ-wkPh8LwRkEEOhYeDnBeYPyudR1gNLEyrW403cbE0hDnMcQ4xxHWG8SGT_MUkoAJHL4MGtVyjtAmypUbgYjhPlq94eq-iQh-nl1tGj7UhsXWfrTMx6pfJMjYByFCDxXQPLv3hHUiRI9pfEncWL1Kqi3pt2WvuFC3CKRowKLKqtoSAClVInReKCG6jQa-_4vW6JX46XPmdBXVfiC40nohKJpBjE7CNlfClzQVa92_7hG6AJPymaNgHl-_LtKU5_MXgFxBROXLmoNIPu5RxLlF1KOfGL_CNB2BcmDW9xGZr1skrMlRPrU0JZ_SHe5tFhoN5R-xkiszQ7WoXN9CKrZBeYZSLFs9TPxnIa8xXdUI4zunxiyfTGbve2HWsPQbAExfTrhcxtT2Ms4RP_cZDPcOMIsVYlFFDHA5A32nqZMPpxOK2m8qthoma9KvB9qiKy9TpvEnQqhq6plKQPhMmUnKt5dhlCv_ZQlFA231ha6cfMRkCBu_18zmAT-Tmdz0Hm77iLWqMDzdCbtVvV-xRPX1w6_1VP0Q40lGQizYIr518EFXT0PSxxa6fzGQqd-cVKIIi-R9Ry-1eSfrV6a_eVigS0UFf9GeVrlHnEMK-0nd72DZmMQZ20KqHuFRRzNZBoGal0_pla-fdM5LjxFnFfedYxcFqq08tn7lnUayKPsjgqIF1t4GszAEXzbkVKIea109fuRBqn9xBkKCNv5p0nx3z8QhYTXqrMXpMfK0RCH0y6X0ibE2NdeYipLfDoQ5GoRrk1cVJQJOFs--xVHZV4KujEQIbxgNHI5vS310NrVZoXhWeBVH2jSs4WyhGxPzKcYyJcSFdDhi4lJxhlSUsWe3_LwQIpTdZ4JZ-kpYylhPX3g0Vag4oj1HAKTYsPQY7QnZZt1EZCy7OTnjl1qcORQWedj5gR1DMFtDTDzcKFVl_NAfazPiMwUcw0ICIqtgd7ZzmgGML4uIHXBaWDNByVkISWEfhghFpbEGHzhOXPCy1WJ57j8xLWv0VcthUERtrFm1LSeHCyFt4t8X2vhrY7cVD3YMmROh52p63SrIH9jB94Taclwhvq7_NSbaqVnHu5VIK_PdfR6dYW_a50JXXPCInyrPJxMVN_SqtKEA_nIZCAfj972GxCXm8JUCuS3O-6DlgIMYMKqDt7pmYwIk2jJHRVi0mkFeZykWvVELXy1y-ogDBC4CVPCPpKcPt_jr3f1tGo7Y27xQpHVUPj6zFWbPRjfIN7QDjeTHUNPVgJ7cQKxeoRdihnG_8LNccRxAZrAdr6mkoRoiBSotJyQLKuO7T0KnyUXzK8MDShw5T9JvwowPh1gnRA7pdC0of_VJIk6lF2suinNTHjPfJ_5we-uwR9xJdXyb9lum8XsCkFS92HdWrPc9DhjQ8HidBOUbA1TLkq575EYQKvRDjtTvovqovs92bzdT0M_V-ZmTQLikLhDDZ8oFyvVl5DyxGqOjcuEr27aNX6kM6NRnErmv6UpAPcoBOOQ-TFdwdUzewIHpRHvG4kbU0jQv3g7qksRe_7A44xnuf_V6b1JNONXdXr76esNPCGm3KPvXsozyAvcqVl8Jfw4aLPQKcSD_uqjWqiQ9mqtWRyQ7RhKJiNSvaMrTcYvxvIJ7Qx7nrtNcW9Y1TK6xj-w5a3eAyQhD0xn-lze7zO1X794orhcZoOnyDlZ268n2FPvjsLfhJUlpEWYN8Ep5OnJB8ZfjiVozu82yl2tZmf2kJQlcsZU0iFK_yP5sZAxWMqDQMnojZYKPqs9kJPfLejZaTHublAb4U_p8nru0O3-pp4uKCnK3O-u8Na8_OLS4rVDXd7m3orwbkk6PvmQu4b1koKDPtseiaeLyy0xNgTm4hLFD8Xk-As8G9KusFROzP9t7gweM1xnK-aFjU4QoIMGOysZi70SpKvIFivi0Yke1i-Q67pww7ryScSVfVd65DsxsdmVpMkKdd1dCLPY_ykH-T77YpdJPnixemVOmSSXsh3BqMlTxhGv-qslbauI_hlMmzvI2J34ej_W9-q01P62KaDHKGiGMmfJ-oAW06LUeXZi_dQOlxpTR9owONIbx0w8k7klfQ_zPcBVRGeIZd5QY3eI5vnsG-XGbU8PaeIpYSNoo9Mq5_d13kaud3s8E7AhjShfPN4yhvFC3wNB2kyX13gtU3pD08YT26ndVFUlU6B2xDAfZmmS0MqxoJeunodU1gs44NF7CdA6g0dnG2TV03j1yXSxjYOSq7MACjuV8ATHw1SjeKyBzmw4uH-chCHc-1sHz6cvbzhmiCAHJvs_tl0K4fH-GNWpAZOQhsVQwjctEh5z7Qj5_uYDtLeyJDI77YuGJNCuW0vmWqrceVycMbEhB5yKAzZOV2hDZ0emkYWdgzlNlMJGna-EVlmeULuMReZULsZUxzWyEI_rGD1xWJfD785zbphdbHnjxlBf2Ojwg7bb64ynVGLvtwq9LRSWqZNsCRUemugY-HOeMWzNVhUNI-8HP8FkVkBSs7AjISDCiqdOAaujteAPWignLY_LB4B63ZapFu96nmsP4BUvx4AdCRY9JWYA9JqXs_Ncf0RwWFdcfvXkmv_xyVTGCfbKz&cid=CAQSOwDICaaNoisvc_0ILxWKYa-zN7wsuX7z7JiaFM9EPkS0l7S0N_x1PsEgyKsfJig_rVR0AEFAN9O89HArGAE&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fda04479b64d4e2751e2ab6a2073e652bde8167b393156bfb6c6a8c8dd188c4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17341
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E136 0
55 B 379ms
123ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lopy389d&c=1875502023121&slotId=937751011560.5&qqid=CJenzM_itIIDFcVNDwIdyhoK7Q&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E136 15 KB
16 KB 125ms
33ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 354095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 13:37:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E136 15 KB
15 KB 92ms
1ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 474722
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 04:06:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E136 0
20 B 66ms
63ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CBEFyPbBLZdeUEcWbvcAPyrWo6A767Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_QsNfUdQv6kWqiI6Kv-d-ouqjzfaSzxRwaZGCKjfa8YGrwxOLwpjdkiSIqPor_S6_vZEw3Q6wf2xKo2TJDDWK7giFzSNRlI9Hg2b3bXKcPoo9QI8qu6iKEl3qwWzFhtIiIgeO0Z84O1uvfIqrFqGPZ4IZ9goIFhL1XOZq1fo-htaTxIhjMUUZgS9WMCeLTIgWhTYgb33tXv3Vyz0rfRq3-lkZES7IC6pGYehiOGBPbO7M-0OqwgHR_Ga8Akkq0KlldHcHCLkTe_kCMwQmNK7Ihi1kCLHkk75CysJkgWQtg3CFquqiqwWP6R_GXHjr-tqoljM6SU7i6pT4ylhHRRHQXgSTcXzFrzPT9bqirngU-B8tZokPBHxufAXUjzQVtsh589OVkBa5JTevABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1699459134135&ai=CBEFyPbBLZdeUEcWbvcAPyrWo6A767Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_QsNfUdQv6kWqiI6Kv-d-ouqjzfaSzxRwaZGCKjfa8YGrwxOLwpjdkiSIqPor_S6_vZEw3Q6wf2xKo2TJDDWK7giFzSNRlI9Hg2b3bXKcPoo9QI8qu6iKEl3qwWzFhtIiIgeO0Z84O1uvfIqrFqGPZ4IZ9goIFhL1XOZq1fo-htaTxIhjMUUZgS9WMCeLTIgWhTYgb33tXv3Vyz0rfRq3-lkZES7IC6pGYehiOGBPbO7M-0OqwgHR_Ga8Akkq0KlldHcHCLkTe_kCMwQmNK7Ihi1kCLHkk75CysJkgWQtg3CFquqiqwWP6R_GXHjr-tqoljM6SU7i6pT4ylhHRRHQXgSTcXzFrzPT9bqirngU-B8tZokPBHxufAXUjzQVtsh589OVkBa5JTevABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E136 0
55 B 373ms
124ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lopy38af&c=1875502023121&slotId=937751011560.5&qqid=CJenzM_itIIDFcVNDwIdyhoK7Q&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.sd&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame E136 29 KB
18 KB 226ms
42ms XHR
text/xml 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DRizeGFe40q7Ekhvkv1xrdXVFP0ocHOa3Abx6nqrfvkT7QWmGoP6p4K6KwEqpJu10c6H2qCqSdLaPcHDmUjf8qpV3adg&dbm_d=AKAmf-AkGIxNnre9v-52uqhaB1wiBoDEw778FteffgVYTVrZOMfGzvnkq2xCu19gEsV3VaS2S71m9iKqgFh5VrVU9NAGcyU1tiaZaJz6uUFf4A0njMlHo8Bm2GQ6Uk37UyvYEtPH1FpSkTu_ocd_9Uag0CdYDTQ8xmlNcCD2voVwVIiDOgbNE3C_lDNDMUrJUOZWjYVAkeG4GC6jx3Q9x5qR7WyIg6gxGvf6i2XNVSZ6BEWKHdZGk3ZC3y731qx5LwTqdoPWcQvVT9BYi4pp5jsM9eZ_nK7LLhz7KHFQ-FBdp6l_4RwLeyz2AhUOJaChQ-9-y_M4N_MpemXLUHTkgSt3-l9BzZpGb_FJ0JAiKX14_--vQIA3WVF_YJicfxFKCJi0-vCqxfK29KXXQs83Dl5J6caBmtANJObhc2dXGMAJ_RWmch1T-Q0Cw5eltmDhQTnYqFIwrm5IQd6TQxk9aV-AR2bSgNHH_UuBAQCIjNtr0EaGc1WydgtdvXD_PyrAX7zBseiqpeLmgvtapM6Y5V9obI2rRphR3S5cmtG1Q8jjvRRUiXZkp0afn-rKZ_65Y9LqXo6_oVEhViXVQmcf_HeqTvqFD8qwepIV83eh2n8uxUyZbfV6Ah4QHv9v0b2fXeZrF1sBGme_N2J82qj3gbJrTZCeDizw704E9TsQ5xZGkH1PpxwyrrvpCMFb1cg0edOWpvSTZRAyCfBWjMaiSg8tOXAARswQ140RSAp6Y1ny0zTAt7Ctsxkwn1uY1RFTqrv-BxnIfws4Eu6KvOQoqiX-Ub58rkl0qz07uanNDtaFUBtRqKfpmHZ6xaZgHwm7LD2n7Z6BBNmQftFn-HPtCHgTg-kRZSF6LiIbv7ciFcb_YBrD_guKZAe1EcQvsdrPrGQ7MvI5w3KUjuM66MHa2c_KpJgC3BbjmXYaC_prSgSjfZFFmLwoCyvjW7sgiJK728bgI1MFVbHaMwRz8vjWpdCJrHVs69R1XWuEQDJbJ5XfD7mpXESGG4aBw9h8VqU1-oQZPppVxMlRjrz-Zo5qYIwBMRO4wbY_gqFcY8v-uyRRvjXfupFytAWwHswoG9NAoF_M9HblxNQb5G1OGkVRwI3BJDDUiQ1rZF-BVp9afBrx4IxmYfLdq6_NBD3w7GMODezI_whL48JXY348C5A_uHDf_IV66iMWPSz_YMpVbUDbDXnPDIXPhxKr2WZUgq5HaWOyBFxLnLsoilzESZKNMTMKYTLlaJwdDeKXk7Y8dFXMgLLp2pTnWNS5ULaOTgFzPFL8qfiYXqPJ7FYv9G8CayqCFJzbwRqsshnVMMATqfrhoTjoftzsJIhncqyRps-UVL4RERUjhlOY-IXZggIf3wA218M__CVcj_yUAgSUwO7KHoQYfLxJBuMyAQpDZSbvD-CvJ4b2stzcVF7tYScDCSj_zTv82RqwnBiU2WoEgVXat8qTAUc6zhiidLILF-4MBrRrScp0I0iKSnI1v11mVaczBtk-2xsz7tbcHu8MFh76ptCWMm-wSXKHbupsLE2U827I3Oc2fncc1pg4hOvXpnqP2-AXvFG--WOkaMsO5_SXRf0g1JNZvrlnovsydHGwdmIyGKdu9S8rKgKtNy7IzjJTIMVopupZtGKpQq-1Z2chzzCLI-tSnGmz9u-X9impH17xtqzRNDLzKdOuX5z4MsVpY7c2E6Bkd3Nx5-dV9qM1w5q9E13NPKtZNSl0fzkGKnjBmqjZ13qy5uui4RmQPy0M2Qbp1my93siFFt5ej_K1oz0pMkDTSNr2S-yDy67cFA9E9iPWsKf-A9p0RPqi3XFjU1BWdSWpv0girgCDSTvjBaJlCJ5S9RMKYATBCVeomiHQ3ciO5PSr_FLgkeIbRUIlMOalN9dtftUTHbW7MDLwQS614Uad8wuPq0P39hVM4WRxrR7JBYIaIOGBlGJWWeedUwH0nr-7_NxKX0zE5uoAhl6EhdoYwocGC_ccx9NrOkYo1a6I9C0Ni9R5YUsJUptorOKn5Kuniti9i3Kt8uGO1uSaf-tiCDECtAHRnjNwzNo0Ui0s4HU2zFoc3VpgDxTA8HL9FpT-bGWhm7JqhGwXEgkiB8m8SvXGxHL834PEYoorFTFsBjdKeML9nE3z2Phr74Clj5xZRxttBdVTNH_T3N6uTnX0b9gXTPrYM4rYzBwbhvvCVwvhql0ezEO1_4eROFSMknQK-8k_FHV9k0GYV31wYRo5Ca9rIjjXj74f4wGlGKWhFFTsNiLlaizNXa_t8qHVH6unq9XPn2KG5EAcd2ys8OtFf90o2XFyXVVeT2tXyhOBTnHGJ1HuAfIwxYyXmUMcRLWp2PPSEmvRpw6fus8g69RJM9at2GIqiHCZf2CMG1Jkml_netiz-Tay6nHoyzBW1gvre8XQjCOVOKTykGiU9hP2xM6kGCxrLlr2_XZFQaBoN_w6LAqwi-qQnNHc44yodfPerCqa0Wt1nyhFEpqTVLMCmjp32f2XiUPqptkWvnTDPJMiil6jemaEl2S7gDT-PXJj7vE2nszZ3bF4jKFXpM_lPDOJw4icRROAY_Awq4UuLKhQ11iTL4aCGmP0jsbK6aDAUYzdeWdZXHD0ee3zRMjKOPwGdY-At-_B7G-z8Emxs9GsyqOZAcbrNpt0jfkZgqhTSlLCMjlybHTF13bgKrc6U4lXeaD0Odb5391JhLoqQemJrz177Gd9aVoccwkltn8Upn3JnO6lmzOdrKdCTZCQZ9mPawhC9UdAjYzicSJzME9FAa8dCRr_HWkSreZSFntG7iHW6o4ld3OMCdGWWBQIexM_rFc_NdiqFIsEaznqjumhS_WHiutQa4X8OvecH_XyuOxn-aDxHsruDZlpXVdIpQaJvtKDDvSSVIbOtFuCc3uWbPfeIMR7pc-oC3oPbaf2k7T0NTNKs8E2Uc6PxytKF7siiSDwnK-1QO7XqKeOQs80IBItD-7QPgRaLY6c0W4CmAqAUFthecx4b797t0bhcTyJ493BCc3zjJylx_Je_DuPFiUozc-3suqvAbl6zDdwG-JGDT1srcmckAkOZqgMUEztwb_C7gkLdY6JASbPVyphuancPS4vXs27GpFiZLRUKQOHlQ7OtgO0xJS4kEnMceCoFQMgm_FXQd7wP4axZAUuaSQr6aHEmPweFeOUffwa8kQXKy_sACZ0S6RaUqCddiH_7eaeYw1lXI5T2d6LJLqVyB7eN8Bl4lPl2MZNU5gv7O1M-7pK_tdcVFkSwOkmKlHgC6Le6HC-s3iv8Ap3v7gKWWss39432jzwwxqKnbzwZ0CPhzMtlb_zwzcYT4qAs0DDD42CJGiPvk23ZAmRAw0WkwVPapM3VVt9utucfiOnMdffa-tXkNWTrTLNnPoLBD2y2jdd_KyoOpSaxunyBfLrA53DUZx8jXjBfTg6ka_NzcMQAC60Lu3uAEbfcAMYkhCv_04Hes0VYH0n8Mg-svpiTaToWy9e9f2rNpLKezk-qHNrlthgp6Q_REnQj0uWwVlJGK7_YABrancBgNRPMsBRPydD1Bonif1IQeRP-kpGMPkWdHxJU4zFcdAovWIXvqQ-sIo34PWEbQtSZHBgogKi2Oz-CxyCEDF-VJBBL9n2bn_IBbmOV8SFmFszuUfGqbbz6WeQnLQMJjm1u2PMkk_r7UvB5REKhpl6k6nDctJa0MvugoyOYt-jN8zFLAoozjvg6jngWzAlrvvuHoa6bTzy2YlGhTC-akDtsC0x1H9VFG1mAZP8JIcb0OxkL8XTdzHzuI_NBkpdh9YB4FnkKbXHvKIMHHHZcPAY2_uWKzpT5suWZ7ulEFOY178JjHO0uE82EMcTO6NB9ije_jfDXi2i&cid=CAQSPADICaaNLmoUyGisCtJ-eqUbJ4FupGZjf7MQ6QZOR6x1gNFzJAp9py03neUQ_RLiL10whROdiB9s0ExqLRgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b88388eea61549dcb726c86ce763b27593396793bd2223bedb294a9f56e68a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18244
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15800777205133435205/ Frame 389A 247 KB
56 KB 93ms
40ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15800777205133435205/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a83159315a77c9b9ec9bde4d6f81e60db60989b64912f1e2db39db1077dceac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 199559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 57487
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 08:32:55 GMT
expires: Tue, 05 Nov 2024 08:32:55 GMT
last-modified: Tue, 05 Sep 2023 07:54:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5D6B 0
0 225ms
50ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEJ3P3MtJy0n93Irrbr57uGnHK_EHU18rEf43U67fE8cPrgGLm1ZEvS4JrL4xqXGwvXNM1Ks3u8X7TQEI0sL_o8evhGL57EnJ4sZO2RjhfheKpQn6hI6lNQ84wrlTLPENXVnq0oYzZruhTYTP-Db78pyxst4LFShhjxlzsjlZdS5voBYFMsqSLEc0n6WHExlaXPfkF-1s5ll0XhT1kMPSzCovQAueLtQxma3-0TGqCyC-KLw-VJ6FoklNRZs5DE7cQ_ZIaWUW4QOeFUpj_QD0eJya6USt_y22uRtdK76ghOWzY4eVGQuHf2P7KYmbgE3l3j3qB-avj0knwmBHr5by5hTUTgtfksDzonqmrKUWLtw4eXJWTDgXlqjg0hpERgivgRZQstsHg-VmnMxOnOIWIzQLlxZmSEbaxsMXGhdE6ail17Ah11blHtV7goUQOQ0I_QbS1_v_7k9OaPohyFsVVlG6ExFscEdi2JvSEaVk8XpTw8Eueywz-h8ABGf0lyzUW4V9LS6LA2qgNuSV1Uxfag3ZBmfIC0mBUlRAJcKfbqEc-rFjRhAOHttLWPfA1VYcog32E1mYaIhQaQCd59etOoZr9dfM624k2ni7Gfx7usiMH8AH3VSUkPKgskZN7MMOz6_szeoNL3MjX_XDZuh2ShOLcTZzdi24FqEmILDPK-c3pnImPdyoL3qXae4xTlmfQ2cw6ehI50QzY-z2OfcUxn8YhiK-iNfRwG1Ui8Kf2bzZO2XdEfoxWxIUXcf7F11-TKBWR0v-1-QEXwh73DJAcJqDig2L4SPnR7uCpf6LdamcPXFGO8IdquyM3mZpR92pxuQJVaEY_xmhxmS4TfPiGZCXudogkwDAlspqaK1F0nKZVf5ukl_Kp0EBGDcrqDULI7553LsOVjDa7KlLTnWyutWr5a0W-eB0ngmoCt7th0vZAR1-RpzdALg0ZqNsCpw_UhgBYAfmcy1OtDJ_P8yGpvk5oKKd5wFaC7dFBIULd1ICh0SX5u5KXn5yJRX5t2vTozZ5kRUYQIpZDFd4444KgvZpwLoodIPv5kLv12CJWG7CC8CrXUKs12Mk_dVYukVsEwLajHviGmb_6CjX1a0d0FVBZgqr0mNWQuXcmXHu_2y_JtoNvJMMXs3rXT7OcFT1lO_qmn97xXK4srGrWzOQ0s8z3z0-iw4tEtowc3pAzytG-VnZEBIz_9VrfiakRSeI49pB_uWGN7gQEhz18uczBpvEK4mnItUJdZaWsEYAIEbVDhGgk8GuFe49a5IMykGALtq_20tWBfZMcik7E_XNCvzKpoEV_xEe_s2lZSMWgydyPCfRJwHBA7OFNPkOcnfPfyhsHk-TatVz4vPNhXk2rI9a5NHe_Rkh5JibeiV75V5J1wE9jpVsyj3gkeA&sai=AMfl-YQnXtTvU354PhNnZ2H8XaQP99LW62T66QIjCZv7w4Wr8HJ7XcrOs-6wqrHyPv1koAdKdfjnVQXlVa8mwpSLMJqQclIZsy43irEs3hAs9URprMxmoA6SFdHGkis6gXTwHUU7dST6nEMrBxz9HjF4LGdy3p4V3BDZ7qpanW6fp6o1f4v225CpetrMTVzD4f8LDh6d_mhOaVCigT6umNNYt7qVJ7hThUYHvwRgFiG0hEvq_W5mT1k6DU9B6fYcWqQIKdW69oc&sig=Cg0ArKJSzCF22c9S18CSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=221&cbvp=1&cstd=219&cisv=r20231106.89667&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 483A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKdtbTzL4JbAz2JAlwds6Lc&google_cver=1

43 B
115 B

127ms
28ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKdtbTzL4JbAz2JAlwds6Lc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNXf89JFUwC9a2U-IU9_uV3Rp3y8S1_HJqGn4t0C9hjx42RtkpXeVf3qPC0IdtJdKm-nbk67G-gnLFdCTkT_Sm4mDhcrye9iuvRuC7X-VnBADid6BdLXUsXSymIMqoNYgZNWy1Af5sm9rUzyUx8FP07ErCyudVfNyJ1-odek5GmgGXvZv4g
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKdtbTzL4JbAz2JAlwds6Lc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 483A 43 B
305 B 189ms
28ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNXf89JFUwC9a2U-IU9_uV3Rp3y8S1_HJqGn4t0C9hjx42RtkpXeVf3qPC0IdtJdKm-nbk67G-gnLFdCTkT_Sm4mDhcrye9iuvRuC7X-VnBADid6BdLXUsXSymIMqoNYgZNWy1Af5sm9rUzyUx8FP07ErCyudVfNyJ1-odek5GmgGXvZv4g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 483A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEItoTFuZXEGaVn3JEUnU9wo&google_cver=1

23 B
165 B

127ms
58ms

Image
image/gif

23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEItoTFuZXEGaVn3JEUnU9wo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNXf89JFUwC9a2U-IU9_uV3Rp3y8S1_HJqGn4t0C9hjx42RtkpXeVf3qPC0IdtJdKm-nbk67G-gnLFdCTkT_Sm4mDhcrye9iuvRuC7X-VnBADid6BdLXUsXSymIMqoNYgZNWy1Af5sm9rUzyUx8FP07ErCyudVfNyJ1-odek5GmgGXvZv4g
Protocol: H2
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 15:58:54 GMT
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEItoTFuZXEGaVn3JEUnU9wo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 483A 23 B
165 B 252ms
72ms Image
image/gif 23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjPlIz8ATAB&v=APEucNXf89JFUwC9a2U-IU9_uV3Rp3y8S1_HJqGn4t0C9hjx42RtkpXeVf3qPC0IdtJdKm-nbk67G-gnLFdCTkT_Sm4mDhcrye9iuvRuC7X-VnBADid6BdLXUsXSymIMqoNYgZNWy1Af5sm9rUzyUx8FP07ErCyudVfNyJ1-odek5GmgGXvZv4g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 15:58:54 GMT
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6CE9 1 KB
643 B 56ms
43ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 09AD 1 KB
643 B 56ms
45ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 4446 0
55 B 309ms
123ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lopy38c6&c=2872762141030&slotId=1436381070515&qqid=CMLXxM_itIIDFfNNDwIdQZEGJA&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4446 0
20 B 106ms
82ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CGoHnPbBLZYLFCfObvcAPwaKaoAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCSAGOn3_nsT6oAwHIA5sEqgSjAk_QLlaa6oJdDVHstwg4enl6CV79WxkqPYd4Mr-CnXHkx101dFG_E_84Q8woJcEq_qK6KEwzvmLjOZr6ZmI-tmDzbjlcwiKDLxuJCijBM-nvs5C_7lRNIcgLmCNlImPBlNxM-828GbiN-6g_3U0w3DVTL4hHOzAp2MeJ9C-bJ6Mf9_uEQwW_ThOqqEOGkGKt6zkVwC5VidIzIJgayV5-uB0ld6JDtX1xVVsH3l46emppqBnDbtj984zR8Qx3kjzZpQ8faP1PxrtLr94n57dr9pIDYDSgw1sFSZw7agV9PyyKQsUyTFg15X476RB_lUfkTYifQ3g2VU1k0_uCHxqyCHk1uVuHHDJqHxDWrU0WLhTRxuGE9Q-qIpT1-4sGEl89C2Lr8MAE7fHf67ME4AQDiAX4zOSzTJAGAaAGToAHioPffKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE-TktRXQEwDYEw2IFArYFAHQFQH4FgGAFwE&eventType=clickstring&clientTime=1699459134204&ai=CGoHnPbBLZYLFCfObvcAPwaKaoAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCSAGOn3_nsT6oAwHIA5sEqgSjAk_QLlaa6oJdDVHstwg4enl6CV79WxkqPYd4Mr-CnXHkx101dFG_E_84Q8woJcEq_qK6KEwzvmLjOZr6ZmI-tmDzbjlcwiKDLxuJCijBM-nvs5C_7lRNIcgLmCNlImPBlNxM-828GbiN-6g_3U0w3DVTL4hHOzAp2MeJ9C-bJ6Mf9_uEQwW_ThOqqEOGkGKt6zkVwC5VidIzIJgayV5-uB0ld6JDtX1xVVsH3l46emppqBnDbtj984zR8Qx3kjzZpQ8faP1PxrtLr94n57dr9pIDYDSgw1sFSZw7agV9PyyKQsUyTFg15X476RB_lUfkTYifQ3g2VU1k0_uCHxqyCHk1uVuHHDJqHxDWrU0WLhTRxuGE9Q-qIpT1-4sGEl89C2Lr8MAE7fHf67ME4AQDiAX4zOSzTJAGAaAGToAHioPffKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE-TktRXQEwDYEw2IFArYFAHQFQH4FgGAFwE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 4446 0
55 B 306ms
123ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lopy38cc&c=2872762141030&slotId=1436381070515&qqid=CMLXxM_itIIDFfNNDwIdQZEGJA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.xy&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 4446 26 KB
17 KB 203ms
79ms XHR
text/xml 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AEVOBR36zbDjOb-sQoK2JG2VwSbX_BRrIzQOlVeIYOvn03zYdyx7WAu--fkahy_d0bo9NlZgTfSLXridOvmVI_jaAj4A&dbm_d=AKAmf-CbP97nX_08pgPUYIGtt4TYP9fpJNCLuGeweXP9AR9h24ssVFWtcmEXBlvVvp1cBxA6WBYrPrMldKsoOLqVu2lNqjuYfrPor4hpYi_nMed7gFJkVh6ET05HUpMAlwA5aAXVfVr1h-9fIXAAr8gHk_R_u52c1uwE3_cfKEEmSK-osCCX5QZoWrULED4qW7f5l4Lse2kwNpP7VqHfmATyUCnPgqw2EyhitGv7Dx4mKO6hovNXtMveFQ1KT31v7XyrYtLq-sAnAsN_XPyfoaom92OHBvUTvhH4aNQwrwIrvP8i6o9vljuGNZhZeJMfz-ZnLC-3RxBeuY7aL-l6rAFvm2y5L8wG9yUWkRp5BK1KIVsIOjMS4eTwBS-UdaNt56GVoZRcTLK3jKUhdHc6kpeeWw7sQilCBe-TQtfnIQ3P5jU390z5voqDwAUpolugu2PJD-VZl8_675TZOGE-c5OUjbikRBzZhM4JVeKdpnL_KdPJ6P13onkiWaJ5jLqUl3kVyTo9sBX_D9y93U1-45J-lglVWpF9pHxGyM5ddgh9fyn7bbHNaScO6z0ByE3HqPTKv4F4xQe6M7dcf0ccQQ_bOxyKZNu2y7tnxuLYJfv3s4zH-uw-wJeV8troLJTPNDski3d2UxUhy1PqzJsCP-9gsZjm1krljbG-DsVY5sRDHLnsQ7GzyMKAZaL92pfHobZJc0bZv7RupPQdN8g_MHX-cKS2Bpxpio4i8BFRGwv6MfIN-Ngoidci8RV2z3ZN72WVX-ebL01HgUAPIpCp6g4vtEXiMU-TN1kTn6O_rCRDidwAkkB5f5x5uy1Br9H5uMFnh2IUfzkSez8sV1ckXEJDlfC3TGWgKhJXyd5NmxRXxuaMCp235ExHOJ589aVGusgA6mbWkdvONbEEMAgQAig8xRimTiRNJQxhH01PpQDsOSIEMVYIL2hUgxQt7UqcNPWkEvSeuGhxmH-Z5MPd6fMDkTSlGEVHJwRs5uX2sI1vPRwqYiE6_R_KMQnUOdbi6x_Qh99x9I6jav5JnfvyB1HBUNSeO_tFSKkHGHUbywqR4fS7euJtR4XQ3xKBGwA_KpEM9rarkKvOV9xfFThu6eS44-ElLkucYPXsnS-a-BXwtA169XlrvONANgFN523qcNR-11NgSLKC4EeeN77hFeDx3rgMU8PFT4pYJi2nxZAVnUnSj6eKvNy8zlXprTyZp8vDA1BQvAkjso564vjo-eWsvX2PQcAUCBAX0gRLADDaNWcfsy7YXEsRlPHiSqd5iE8CBq6AFLS4eQBYaFHHlBBAmvNkETcx9m-afRUbYjZz7PTRjDH9DuBKC5l-pvTX4UsaEgfkbHEqB8Cwd4qONkjP3XfVFuutr9gk5omWKfttFP-23yzJYnETCN42I4b-8V2xpnkUckrwwpttYhTv2EhyAFGfpJAnU2L5E2y4tiQDk4tZPvZGpfmPm-D8jOUAcZKhMg0VkzKjJdrEYs_C4Y9t_bMZ3DwzgpvdfKkB3r5GlLrN3uiuIz4WkI2UqCP86WbFYpY7w3_pn5Ym4iNso5rfDolzPb81BmvQWTf4z1ey2gXSw43fBJDrfYbTLvOl2-Lwo-M8LKiNQTwhnlun_urBnaMGjrMfEFZmwbpbC8YYUxI3QWgx8kdaPggk9LaT-HDX__PLlA8ESHt37dygZ7mFD9W3E-54Nz3Koclyi6JMoY1azb4FRFNIR4rzEPTl9Csq7g7NB6FPgjPtOlGKVenEBGt4sfxCVsYYUNDEmmWXBq7mqvoYz01qHvEyd61RYLrjwFjG2sUkcqVmsnFFZau392MpVPP72bLwRPjekyvuh56EGNWGDJbWdkE4f7dcW2jTIPI7mmuzBH02eHSP9gffMcuzHx7LmsSdpy5YVr-1dMKXzxdKTx5uTSC5CisDsaPrO6Vdmja32hLPnBEGd192fd0uIP04ASRq2qLdV4PU7tl9Vr8SE82ib4O-ffLipcElGwBHfyOoOl7VxNxM3OXTu5V7SE9DOUdoBd_aJq06IyULg-dgvQTYDoOzW6KiYXovcLIACNWZiXv1UY-3EUBOuwm0v-LoFtYQPWHgLegtglN5Zve8Lo_4JjrM8-GBvctQv9YuT67qPTr9ToAnqLSDPoo0ZOAg0IqPvCwUKew1L-_dX-aHMvhugZv9A-P80cSBfoAJ1zFUNN2gxIU7Zbf1zsmQsYYl_46z01BoCSD7QWSwMuStkGRih8zZgUw62-m3I9MaoP4NuyAPdJcnA9Lc-oFElGP6V6jC1EroaVR5l2hX0hTOSfk5fOIu-ZHaNzIRr_jvs1eqRqmZfexoYmu5J-b42RCISStjjt8RDPTqNed5e1voltm5YzOCV122IFrSTzdGnBSBUwptEmYNqG5oTycJhfgknxMxwPGN8hmuA_PpeaIWU_ZmcELTIvoUO5a_1kyAYZztua8b5ydggL5rg1Pi7DX16Uizjht_1I51oBgyVp2CEs4hk9i53j7pRtVYuQ8rgEwDMg9dzCCdT9eS_u403nUi5gV2UsUalzvPXZvsH_QwRhknAgXWmxtdAvso4VrWCysh0KIZBG_CfYNrpLe1PsKt92cgMVb8--G_7frZBkWk50FWvEAmyijlG-iBouFs01xGlc2J492ly4nNN2Hw08D9leQCfktYwuS_u7f5nbuzHbJE38aLPCIxFko99prMiW6iTZ_zOf5Gj8cwoJHbWzmUyTJP4bMPooZzAwwqFF5Hp3h_EynaM94PXchlg7q0sxhYbuodPexaz2g-WUr3GynzyKY3d1_-cbi1dIJ-YmRIPdShZljjNfWwg9TDqDGq1aldH75qLlt1LtGmesDKukL4bcP9-xeAsHhStB2cFwiXfBtsbozpgEwoyxPpB-tZ043ElYCN_LTefNr_SjwXkwkwy6FNrceGtcMjzFcWg0G3PjPJFw6iRwdpw7VlWvjJsRtJxpDtTHdpY6JQWp5C5FyRW-DIPcHst7dHGWsDFnb_PappgZ7NozyfcCwh3MGcIim8RZ6JgTElNwjDfXhJ6Gwe9B1wmXLiXFbJJuLWPVhTMhLnTXHgyw7lv7Ly83e8kK5sSB3ngfFlqdy1MMRcDLtZIsHZkb5Z3u_azCHjJ1zYSSFgK4oHsbQbRPBja3uK8H00mp_kQQjk5H1tkSnpMlp2Oc8IRDRYpI5fO8OznFW-om_eWASolMVepeaB_h65LJ9MqIRnu3ec14VrhbunGWTmivt_bwMO4A9O8pfxBpHnHv5hs7h9_jBK2-X2XDpsvpf-uV7_v3C08RkzpOrIZ8IS88WPG7_BI6Pv4e7LsScA1t5BVYvKZ_VuHhny1S0jzgNSG22C0mQa0iGnZLRVw4mtxmAL6RTXM4HhaizHDTjWmDoxwh67GUfKQ3EFBj5zbaPRzkG6gHlWcyNqvFU0H3KnErh1pm8_iRrB53jkEmrB7q4Hs3lvb95nA-WzdfAxfyel52Zj1fK6vtdwBFSwsrleEGyJdLQE_gCqLrCrseHonjPs94znJbGZ26eLjDkLN51I9semErYoqjkTKD3FdejrxlJaqirYacW9kPcRJVkOLYwU-2owMZ1yrBw5QkqsbNXK4OWjHiWn5Dp-hbvQ1XVtiyWFlGz5mBhKDYac2UEtrReUY_db8i_CGj1xeHq_WBK3SZw8WKNhZycCMghhDLQm_OdfbcBDyXf9JVxGx9FTOqokw3ySE75CH6efZhh-L1zNejN-vqySkjcOmT-Tlvg8BmLdDtIkvBNE8HCVY-NYhqFbSN042fKwwvlQh-LSzw7kRvPDQiLOd13kK8BHkSgAjK3vhoS-qknJXML53XTntlw&cid=CAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAE&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ae43f18f4223df41ce2ab4f2fe3144a930362400c4ec8b512340f9dc8b3b917

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17390
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 33DB 1 KB
643 B 82ms
59ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 93FD 0
20 B 104ms
81ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3956775956664&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 93FD 0
20 B 101ms
78ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3956775956664&version=m202309260101&ct=76&x=1&cor=11627810586163493000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 93FD 16 KB
12 KB 345ms
317ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFzyyrvjDoBXFsrERUyzRvZTGfB1KunGhuXCWeSO7eyAuUKl1dnb0s4YFpwD1NELF-50MOyWt9bGjW7zTYMpKYfWxQpdEoBAWPuxf0dLG5rkSE0arFIWEiKYw7maKW3FqnmKzmqOqbLgovnj5ejCQ_NjK8vL2gvpJqjjL51xU4JctaQPE&cry=1&dbm_d=AKAmf-D3XM9HH48585Ou6DSnzQ1ja7xVNrnVTTHd97d54bRDBApxJijd5wozQeFUfMYtDKbzFgNJkEHUy0wwN_1zOs0-xakID653rHYIg6Dr04Hf5OEYZwVk16tJW1F-8ST8wCTobmOFn-yELXY_vIAojoXtArR97N4xO-0zDe_YpOJJ10TWDNZFe_NM02ihDTSxayM5exdombvEsotIqLFPrknqhUWxdQq5xcnC83ET0XXm2ELUaBkJznPn8We5sGuk160aQKzq3YP9b2TF0T3TQjNx4rTu5E85IFlyc8x-UWcCbH_4boVugkqs7jv4ykthEVf5eCcWDaAsmnMushr-KAvg48qxil2ZW4r4r7v0mK42JVyWh8UTR8LobuoU8qvZ2Uzk4HPlspCuZAGVSrdruob8CO6w112fKySdrY7gRYVlEAC1itq2u_ZiN30GemACLS3lOP2UPQN_ySfGPN0rUHPv7EFQOTyECCG7ONh56LHZlfzOYz7NKsiPPfGt5B27uKDXsBOCFFUZlxvC2y_HU72tYk4zG8NbgW3o6xrSpOcYODvi8MgOkjLwqnwPBH_jMoj_W-NtVr60mo-lSS-rhoIIM63k6RCykE2pxA80ozUxCzNwttm_vHpzH9hIWpVuJLX_Mbja3VA8cHKB6V4YMwOOi0wnE30YQasLBxW9d9I6holzDbC5w1oBqePMuRrS76J9axP00DpbU5TXQDUEvsVWDBAU81ZpukMhBCoNmQz0FYCoVO715GxDwa8KozZe8UjWfWMGLH84AuAGey3qvVLzZPhfH5ctgyjRc6389MTQvh5fqyGw2O_pG_u0GqLMmKK9axK2a3O-FVPf5xsYPcAKf3WCfLTgZVa6bm8glKqcSrDJ9RMGde4OgwZtIF8-6ueTUMOK4g6-ns0NX-SOYf91Wdhu-ZGydol976BUij7xPARqIryMu1GBIQdH2wSYIQxkTFOKTd_fq6lrDLQk9bl1fq5dkriImLadtvPmKUL84MdzzJhUuUE5tYuPPf41AuWK_b9l-Z31_ZYMsTc-K3J-qYEDjrVDYAx7uuHy4JcaXTcn8i1fJswEgWGvzXIlC47qZnhM3mTO4VvYwgW60MBoESCpSJyLGU71T64rVrRJSUkaHze-FlFtzyiavwgnit2yWN_F2kNZS7MKx7DX6Pds1fQYU3Uh3KEV7MyOdVYSJ1Qw3SQzIZCsxtLxT-1RPVjutjrEkmCgLkIGsWjySbGG2Y3lcN0j3HkzNF0UynpVSSQdaAVbkH4JM6J50JcvdekSsZ2fM1iUVuh6JWidNgO2q1kGmjRCCpXpQvfdXI3sFrnwO1wsy_AkB2fM3Klo_lDTfnZHS2xslu6wJrLsFDcjYbLH8owt9dkbB0i30pbL9KyBN9CUi3KBh6IWs609WWNap91fI7Lr9fTZUqLMTsGe02s5uRPUr3riM1wlwJETiME7uM5N_BuIpGSpCe784eU1Aj0alBWfMHvTTwYlU8hxSZxBo-FUKnIKBqYq4rWJ9uNVFyvxay0dtrCk1DLjO9jkSSIbDCbfetjdlAigwRQnKaQaLFasHFy6C-DFVxzV98ypNGf73YZM7Iux9U4D__WSeBZjhtBOP7Qszyjf4VfwoIyc_OMBbuUpNRFRYrY-9MZvWsAks-gfVH3nPiGhZnH_5Z1Gk4JIrNHfF3NvFdPC3GBMcGxEkoTR3yuJbkxG0Z_R7grijcvgZKwJ82sSe8vRm3skcF7O3a2V8UQ0FdrqTbKWcFuXWPunzeWZd0hm-geWSdMH_ZEECRJwyvhAX4T1x2QWh7eP5eRAIahFqooUVPSZItY5okMVZQ2yTZtCuNLtOcHPCIujOh9mSHcsT8tvT1rf0vf4Nv97IRXL97ohaLNGgU794_LRF019gUJJdMGEeZnZDS-lSlMUPbXKRjovT8cl9saw939LFgm_rDraXLO_ySvRfyfG0b3ddj4olw0mUOZtBkiYlUw6Ekw2vKN-ireBE6aTIIkkFSGsDNakhx4o54jVDKl_fDD5t65CxYpou1VsnQMyMihGwL_q0ePl876rSNpcDxjk9sywY3abNfCa07qeofyMI6M0XncSyXab7fy6zWe2JlRGZRG8IMgbGVJ5bK-Fh9dOGJ9VQlCvwibbFe5Z_SFQyj-1DIELI2W7xqkQS0xoZZf9aViN-5y0Qr_zBYXiM9tzxn9A19r5WcXy1uqTZQYZYX5LobRUG9ijnzmh-ow1ibkZuEKiMPYvC9HHz5PXK4bljl79ms6AYEVTPkAdcOqiJCubKHr-TaOJcLXChJNaQkZ3JEQsFwfP7n2qxkc_QtaSJfaj4EReo9I0YwWjLL6Oks7lOBpAVUds9Au8220SMURzzZP-5KW4n0fKuof6XI3O6Am63fc_wycZSGBkgmiGNmoMhZiYHQqXeFgFWABThxkWovdFDmELhIUtbu1ib4rCSg6WmBjq9x3USajOBYUSQyFdEMAyJDPr3f1B7sAxUjJERLgHRwISk3jIQMRKWobf46pm36atvrAvvUkOGraww_YVKauwSQIt2cDPrPBYcB-ug5URobDeWDHPHwJNPipaETAQuPaLAmVnYVVpw89i5uygERsQj9AgUOYbhBQNGpW1haD9JFavE2QfwSrnbOvRehIcGcdveb9EciWIZxBNu-isMRnfcbQ2coCoS0ePtWHm4cw0TRSj4WuHZL7izgEUfdCkS2IAmfl3_AfVLms-YNFMqPp6_zMLUGGpFbB-nl_9qCDafNaEXC6WN_c3NZ6tuxxDNaKC7HWuQ0yxVhSSyxjrMz4uZJZSq7UT7qVuCeBTfB-u70vlmmM_hKRmQnShWu9lSIelDFX6qHgG2oRclVtjL_IC0Ne8QDvybbu6o6nmxWobfRkGHWe2s4zfPneeAntVLnXUdh-0uPMyv3raeg-ateX7vTK67YB6Bygy1fMN3xUOfIdNPSZPetkdih0YL7KD0Z5TL-_XwbZlW0bjU_s9sk_sY4X5hqz1ZP1E7s_peG0KWo981j42ytD7pzYYJlLr7P2whbqzQucOIZ8jx2TriB2GBUTS4rwg5GAXWEYEOZOYBiw97YfXIECcaYr3l7sLKQLZNv3abR-WievtHapeGaBnjK0K6Cir_wcM9p5LSsPo-53RbGwWZqnCSN-o3u9a1zGkb4BikhcrS5QbpcKHIrS4N5xcRV8&cid=CAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=11627810586163493000&adk=1684704082&idt=126&cac=0&dtd=33

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd1c7d529aac0b18f734562b889ead0b03da738a0bd7620dd988c0aa7c90e76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12200
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame E136 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bc65dafa9332a24ce32eef53fa40aaf2db12ddc3f2c4aba6f1b488476390410

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2098 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9b1b7742f131758a9f996aecf67bbbdd6f16e9cdca208342a94f95a1b94136b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 068E 38 KB
15 KB 39ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/ Frame 644E 23 KB
9 KB 32ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71790
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 644E 8 KB
750 B 68ms
56ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 14:39:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 15:58:54 GMT

GET
H3 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame 644E 15 KB
3 KB 31ms
21ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H3 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/ Frame 644E 376 KB
131 KB 33ms
23ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c9ee4bf9f0e069ecf0037a5cde67640a7a323072f95efeecea32fb7177a518d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133662
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 11:36:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 14:01:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/ Frame 644E 20 KB
8 KB 30ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231106/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:02:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71790
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Nov 2023 20:02:24 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 644E 0
0 38ms
28ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSrxSu2sOxNrhAd7zb4wcOTunpqpg7iFNT3zz_Mie4Ml6vZti1xiqiWsJccwtK19N-Ew5TYmXy_6ZtWbdSVh79TFVs-0w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 389A 32 KB
11 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15800777205133435205/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15800777205133435205/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31532
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Nov 2023 07:13:22 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D767 0
20 B 60ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8525585986205&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D767 0
20 B 59ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8525585986205&version=m202309260101&ct=76&x=1&cor=18273098108107035000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D767 16 KB
12 KB 313ms
308ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-TgEBjtCZYuSwAxWKxUmv7RRiJYpdYKoDzY4Zc98yoZbhU-0-O9ftLXVhicpsaFZFCm6UUoTqLza_ozx75pjfXocvkqFXU6adA8I3KE_lraiboxX3J0wtuyZDYWWyOIZv0EYCRizwXlH2izZT5MzkdMJrte-_cHv3sEqAiH9D_LUaG5Q&cry=1&dbm_d=AKAmf-BjGuRr_dILRo7AF8bLZlfOF4OQXZLAL7tYpP1wF2yltb9zGJlfFcKf_QbrLvECudIn8ubXEj0Rb6MCPLexe40Re7rhKUtnfpewUJFMRjCS7sO17VJ-C7wh9Q3iLbzkBD7GunKNqvysHP-KO3JOt8xU7UGHEZ5rRiS33f3naQu3cD-5zH539dWMKHrUFdARqLhc1SGyl5soh0R9xV-4276axIz9QvaSLMyjzaDeZuJu0mlulPKWlqoJp9I1x3jKLH10VrdxoC5x1gG7501QBpI6bf04Ir7uphi0xqd79D6FvGXUlqod-Qt6ie3Hjtwx4zLkzj78jNAd5xJYrfzlFNc2pXXJmf70tEtpkzmBHz76lr3nbVW0CLLf7R1hvc1Lvk6gySdu8PETpgX2j7sq0zoa5AmU3RpvJGzPb4akV6fTH8zJ6FudBMOq5W-i6cVlVRamvozIsI3IREYTAWb5MVyLGFOIfDEa2nEieFR-fLTQq359TiqKuNF06xBVwVPMWETdNdumTllsoCwM-pGlnhjZ79qLyBOYLk8FAlththQiWtTxklF1wnRbPF5yPsvFGKWTu4xS36SeDOtwAMA-ISwJXRjMcxuoYolV3BKZoMwaalOMDOW72AWqZRkJlw9l1G-rG36OIKeI3jFAUPbc2NboIxS3E0D06RnVBxQT8997R3cUr_GnH8k9o6DrgP1fuTbJo2KHTA4QnU1nCbA6SAEDkwmjblQMQG_kvswWmd8g7_wxS00aaG-fFAdN5IdAxXviNO33ZnCO8nksQf7xNVCi8SK0lpy0xlCsCQL9rJxGy9mChb2Y4HxKvY0CodYTqqfspBuiMBifuRnkxjvLNJi7Bt5JkRSHWGosXDo3BHEC1fkOvkSwo0SZQ1nyglm9l1-ag7uAUN_LJ0ZAR4sJjDOdQMTqVVWxTz4mX0HG8D2yhLYIMEBcmifr_hgbexRT71EWqNvdQat4XCGnbtwdzltQ6kJwDMlKwIps3SKf0DUqcZTZAgs4VVMG_cfj3vZlfQQeXFLYnNIkvPiw4RKM99DwL6rVLpPPV9LJvbHKDV-jtAn-Qs9KKG766eN58qsKvBNJV6j9DiQUxupFXOzeHV_db2xPP4rXGH_Bz8WL5xTQu4vckiF4E4TYlImjDUXuV69-pVRVp_HZH2qjzQ6cy1D2ymoE8ixBLETJ3o4hzc443aipIN2qqzmFaNwnjp6e8-E2afvHnZfBLjllgq9oZLVWLaVucEb3Ui-nk9GefqV76u79q3AAdukxIcLPGXeuLauL2R48AuPcdJqh0OVofyl_cYYOjSaDPYnVbUEMLlzLHYzSaLHso57m9rHM5b30Fi8ZBFsykuv6yvvNTQXSU8KGcc8B70F81sMN1-Odf0vfui6wADy7PwVoC_94XfS_3yUfbm9M0X15AHleNG2CaT-uQ7YXHmWaiUDz14RLnkELLBJ6aPT0fiIP963wHukv9O-vQ1rhliALdt155fOhbZlA0cFBfTXnu8QSfHbhrgNWJup-QSc6PZgci20w0w18CWpgURdjFz3dwwCx3XMzt6IsHKBSWzh9CoHkuV85-nHhLd8heXx_ssSM9wtTOIlck36Pp96SMm3RoSlj-e99By73UKc0diGPAPtEAR6bEncH-IGwJyVjWk8RkzGrywI80tRSm4Zu2ReQJ3rlOg2KLCiCpy3MCxZxerD4RmOSLRQ23eGHzTMN2Hd8oldG7ONMWpZBWanIvOysvsqji0gRitHc2-QBb6MpoetW1LYyVr6ueFRVdEbwNzgVoZs4xFliG0kQ-Rab1WK3F9MFjMu8SmZwUk95Mk4BkXzEPpccarbcLgmBr0ZiCkXy0N51PaJPDPujhqIg6-BA92S_-AagmdTNYQe_FaDLD5voW-vqQHDSO3_zCZD8f2eY7sj0cViyxcgTTcrPBUgM3JzfBgsr4UObO83xdcboG-MU-WMvs3iXREKO-dlb-T8MSfxbozpw7V0lLWAtp_KYP8o6K-R0lZ7GFuBT19fnnYSVSxqUjzgTv-7F3HJz51csZz_DbHKF8HoMBl8Npl9KMPWV5qVBfhUPI4VSy9iKPcEfF8Vyp4GGWwtykKNt3W8c2lLCkcHkVNWdT2-0b8QKqJQQK9wxkFJm6EVIzuhHdVleHua1_jjDh0RpbPsKUDqW1L1XCOLzacYWPVz11be-T28NDg1F0aPQgurdMpv2gMAsMeHmnyCTRYOJ4x71OjYWny8VpfAA61Sr-Q971Iv0f1BkLkPV4nzWXg1o7E_fCv-LHWc4KzefK8uywlwnLGi_rUz0c3prkiaen9a9FNv7TlEJQ39lBGhBLIfVCjgjPJ6f_Pzg3YAdSSLGDLBFwGNryg7CUmK5FhGhRS0rLRhd6cCpZDzmD_7CxYxziVH_icgzoqQn2hiT6QtC8Sm7E3O5ra6BNweGG_5jkbCfTOi5gf99z42lM1FRPMssPe1ZkNGRZWqc2vL3uBfh3ezWzgB5sBWpMl8ss37fzmzWeiG8c9MJxH5OsbOEs-XDwRBx6JCHlWLDxQQ-KsZMIHUQiatumeag3nBc2-kdDo8Ox6HkaH43Pv23NQhQ9atwhaT-fSEts__4paZ0t-ECVxAlIAyymiXZU3eB-7iDo3i7pugufOeqGJ7z09Vg3oCaSjpWqwEOklFr8g7PolD0YFIy1z5ZRAt01MxkNTSIDBgWd2s8suP-_jTDl_qZefGRjr0EEvT74Y3Lk_CjGR5ElM-kAV0crQvdNREQF3evClhOeCxVnuMC9R1HzTuvvwrefQvd9DHeWaEApQ41tvLWOxx4K3f9KqKtT1TQxI9o7XdIlu92l7ZDueF4KbNJ3hR5FEJ2FLs0jiKqEthQqeX9DjtAm4FCXtJNpmtto5vViA7WY0gkZreEuwQzQj_RrSqfoUvbha9UKCl5Fn0Jg1i9uhwu4wx7VRMLtjovXaWi0291qctfjcE6MWLnurS9S2bdlF0qGR-Vo_bpvtQkFAw23GSN18Wyjt-Hz6cIpABFp8nqPIbC0MfrINCLdwu9mmGp6T89vPZwtJe-P_fkO8ibTkhkUaKfB3X3xdJCFAIt4ws_ungoc7dOS55XdFsjwANdXpZS-6cdJ4fQWgsaQfLBpQti3RSgogvIrTv2Q3e-NL-vDu9hidhzjV9FAonhbi3x9w8EHySZShR4pxZg7F8-98Y&cid=CAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=18273098108107035000&adk=3767104538&idt=252&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12f2c7af627495d5eeb19988d020be7185def8c428e7d93ba10ff383f1029a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12388
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E136 0
55 B 129ms
129ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lopy38al&c=1875502023121&slotId=937751011560.5&qqid=CJenzM_itIIDFcVNDwIdyhoK7Q&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 76105514 Show response
unified.adsafeprotected.com/v2/1135760/ Frame E136 23 KB
6 KB 327ms
107ms XHR
text/xml 34.247.247.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/1135760/76105514?mon=76105515&omidPartner=Google2&apiframeworks=7&bundleId=&ias_xsid=[TIMESTAMP]&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20509697656&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&xsId=ABAjH0isEh4RRINdg-S_TkDyECWd&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0isEh4RRINdg-S_TkDyECWd&originalVast=https://ad.doubleclick.net/ddm/pfadx/N7442.1972103DOUBLECLICKBIDMANAG/B30857687.379597277%3Bsz%3D0x0%3BAUCTIONID%3DABAjH0isEh4RRINdg-S_TkDyECWd%3BEXCHANGEID%3D1%3BSELLERID%3D312551221673%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://cybernews.com/security/hello-alfred-data-leak/%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNjk5NDU5MTM0MzQ0CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc3NSeG82Z0MyWHZ6Uk1pQnFuMHd5cDRqdmJqVWRfTE5vbFpYUUhlQWV5VDhUMlVqUWxPZkduVk9sczQyVG1PU1ZZMGlTWkVOU05hbVI2UFRQamxldk1zZXF6VkRlZExNZzJsWU9sS1pTYjhWOW50ZmIxVEdZdVQ4aGRTVWtZNmJ3MVMtWmFFZTdxdzAxOC1qaUZEelV1M2dnVHVhZHBWUGgydnRwQnlpc3c0NzJvelNUX1g0dndGeUI2UU1aUEU3UUFOclA0Mll6aXJSOW0za195cHpDSk03QkRiVEZDUnBRUmxuczM5emJhaG04SDlsdmxTaW9wb251TEtISGNidkhLRHhfU3FjVVh2em02bnc0VDBkZVd1UlI1RVZGclNfSEE1cmhtN3pOZFBCeThwdjdaOFhoTFRjbmZlWnRUVUVLMjJ1REczeEVHX2xrVk55YnhQNy1wazIxcjZYc2xYSVNVNzZXeWdBUWJhZ2d1bWtSREZSdmQxUmNhLVVWQVVIMVlhWFJ2VkR3TFpmbHJtRk9lZGw5MWVMVmJVdnhUV2x2eTNmVFY1Y0NLaFB2NGlNTEhqSUtDM0Foa29NVXcxOUhINFE1bWtTcm1LQ3BkcFhxNzBqM01HdFdEQl85bkljTUNTeks2bUkxblNRMXdWYnN0LWozRXQtd0xEUUtmY2h0ck4tblRzeHRoUFEzNU1DVzJKa2FWZFJQcVhnUmE1cjdDeWhrUmNLcXNzWTEyUk84U1JmaHBiQW8wOGtsanIyd3lTNUJ0R24tc1M1Wk5ab3IxRnlEV0hDa05TMjZaX1ItREs5cm5jR2lKcEVmbGt1M1Awa1hkWjRIMmZYd3FIQXRpb3hteURueDgzSWdOX2JfcWFVaWw4V3NoTXBCTXpRMnRzODdZeUFvbkt5bkNpWWU2OW5iRVctQWtoUWtVZ2x4a3BUcmdkNU5jZnZRaXZuUUVrbXp5X0ptdFpKOHlVNTA5aEpreGxscmpVRjVkcUw5V3plVGZYdmdrUDM3aFVZazAxM1hpNkdwUFBRUElOTFEwN2JpTmd0NjRzemRiUVpMUWZtUXFKZzZvOVQzWGEzN3FuRHl3Ylk5bDdKQnJiWmdfdjFQLUhvc01DTGhxV2h3Y0NPUHN2SmhEVTEzZmczRFpPZ1dVdm9IOUcwbHpMSlhRTldmUi04YmRtMUw3U09nUkFTa3lsMVF2LUlGM3RUNDM5RWQyY2VWNzlrUGFkWUdhaUNNcjVWZzRyTnpIUUxSUGtkZTB2NWxRSFpSaC1LZEs0Yng2dk5yOGVRck9EaVVQYkw2VEhxR2ZoZTV5cmY5WXpIcEdZQTdEUUVqZUh4Z2RQcDBpVjloZF94cVRfVlR3cWEwZUhydTgwQkkwUTBhSHNrb2ZydGp6dkRwM1psQ0E1ODlDa2cwVEllbnpMZGVsdXhPNFJoNU8xV0NVc1QySm03V3VEbGlvdVRub2VtZy10Y0hFTVVHOUJDWVVfODhjeGNlWkdGb3RwbFdvQkE3TzFlSlJMcWdITXNpRlVEYUZPWUUxdWYwcVBnZlFGcUFVUUoyN3dSbnFPX29VbUowUEcxaER4cWdDejBYRDEtRGNsbmlObzczTmNIelNrNW9rR1FnRGxheHFnQkZlRkVON2pKYU5TU2ZjdnRoMXI0WVdLUUFYUEhDemVKVGV0M3JmNVVZajI1Unpib3Q2aWRMT1Zjd3NXYk5tRHhTOUZqTk9FcTFZRnZLc0NURHN0T28tOFc5TEZIWmZJUTMtckZxdlJpaTRic3dIeG9GSTdIeFRXVy05OVhESHd0blpnNHFfMnhzV3k1SHZ3cnNlbXh2Ym5CMUtHZVhadl9aX3lHRzI2dGF6dl9fWjlCMjM0Uk5lUVU4X2VndmJjOXAtS29TdjJMMzlGRXczZ1lWQ2wxR2RjVVBOJnNhaT1BTWZsLVlUVmxUSGVQMXJsZXpfMEIweWsydEZiOHFRaGxhM0w5YjBnXzYzbVZ4cVU3Y05YYmQxV3FNc1AzU3JkT2R1NDF3d1RSWmVGMmJnOHQzUDRZeG1kYzh1bThWYnQyUXRzWTNmZjBMcVRueWN3QjVZdkNja3FpN3BCS1Q4dkJtN2VsWUJoeEs0dzVwd2FKYjdoOXpBd3dQVXVZTThzT0lDejRkUm9NOFUzNFlqblFpVm8yNzFxemxLZEJWcXZlbVE1OU5nR2xpWmpXa0g4SnZoWXBJN09qR09kSlVGUzVjWHUzbHU3akk2YkZ1dzlXYzJqb1RmcnFPYmNwVGlGSVIyM2c0ZEhUY0lzSU44UnoxU0hrZU9tNlVrM2JzN05lUzgxa2hrdkF5ZEJNTEkmc2lnPUNnMEFyS0pTekQ0WWRPMTZDZlR6RUFFJmNyeT0xJmZic19hZWlkPSU1Qmd3X2Zic2FlaWQlNUQmdXJsZml4PTEmYWR1cmw9aHR0cHM6Ly93d3cuY2lzY28uY29tL2MvZGVfZGUvcHJvZHVjdHMvc2VjdXJpdHkvZmlyZXdhbGxzL2dldC1zdGFydGVkLmh0bWwlM0ZDQ0lEJTNEY2MwMDMwNTMlMjZPSUQlM0R0cmxzYzAyNzA1NCUyNkRUSUQlM0RwZGlwcmcwMDAwMDElMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%26dc_cid%3D203224912%26dc_adid%3D570667618
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.247.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-247-46.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 12765da8e08054092031d3ed92ca035c0891a080962a46e92db777b51c0ab013

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:54 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Request-Id: cl5r0fi1a4mgiticad60
Content-Length: 5942

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 8BEF 15 KB
6 KB 122ms
24ms Document
text/html 23.213.164.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.164.238 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-164-238.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=138604
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Wed, 08 Nov 2023 15:58:54 GMT
expires: Fri, 10 Nov 2023 06:28:58 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 dpixel
cms.quantserve.com/ Frame 6CE9 35 B
466 B 130ms
34ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELkhOBM8iewUkU5pgelR140&google_cver=1&google_push=AXcoOmQfYzbdP9mwpVHyxCbXkZlfRRbrpD5bSPa6KJk0syplnJcuQWNmZnw52p1uZZqDEOh8iiUnzOVnWLN0gbnDrw67-PgNgbyriuY

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CE9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMvIlfy-Jok8-teEPM1b8UA&google_push=AXcoOmSsSL87G7yisq8qQZ7k0bI4XqtsSvuattRBdACp-5wEIdd8guQx68...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMvIlfy-Jok8-teEPM1b8UA&google_push=AXcoOmSsSL87G7yisq8qQZ7k0bI4XqtsSvuattRBdACp-5wEIdd8guQx68noNefWYWu5xRGQcYxshmdXFSs13eHlliQcSIQCV_QfZrk

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-cph2320024-CPH
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1699459135.543676,VS0,VE105
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMvIlfy-Jok8-teEPM1b8UA&google_push=AXcoOmSsSL87G7yisq8qQZ7k0bI4XqtsSvuattRBdACp-5wEIdd8guQx68noNefWYWu5xRGQcYxshmdXFSs13eHlliQcSIQCV_QfZrk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 6CE9 0
99 B 132ms
35ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmQqFgse1gy4BTCiL2LrFbyNpcPxZBQsZuia0fM63T1PZkEQHxlp1DFI0OeZ4QER_H7KdEWZnB1ot2pve9RvxYFvO-j7SDj1kw&google_gid=CAESEG6HQoqe5NRM5YMtTxkY_fk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=9812672228&adk=3541318952&adf=1004996698&pi=t.ma~as.9812672228&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132621&bpp=1&bdt=204&idt=516&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=7mAbIqZrvp&p=https%3A//cybernews.com&dtd=519
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 6CE9 43 B
146 B 202ms
22ms Image
image/gif 18.196.85.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJCpy8nL_37u5tOQWE2zD0Q&google_cver=1&google_push=AXcoOmQU3vn1-TC6ujQJP9dBrHY41uNVgoCUqaJmbMk2A4_lqrI6a-0Mc3aKZt8-0yiRHk2l_JzJ7udS2wM0YVNNxKnfrx5s0NgKGA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=9812672228&adk=3541318952&adf=1004996698&pi=t.ma~as.9812672228&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132621&bpp=1&bdt=204&idt=516&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=7mAbIqZrvp&p=https%3A//cybernews.com&dtd=519
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.85.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-85-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CE9
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJSYUFMBoXgS33G0ABbAndQ&google_cver=1&google_push=AXcoOmT0FDLZ5PXepY3EhVyBFWCZ3sk99KIMztsx1oM4FsMSAZWSC2Px0hrwC8QL3raldYUTYPxHFHaWvSAZL8oOnrTdKjY...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT0FDLZ5PXepY3EhVyBFWCZ3sk99KIMztsx1oM4FsMSAZWSC2Px0hrwC8QL3raldYUTYPxHFHaWvSAZL8oOnrTdKjYf4_MFdFg&google_hm=eS1zVnYwWDZ4RTJwRW1...

170 B
188 B

30ms
28ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT0FDLZ5PXepY3EhVyBFWCZ3sk99KIMztsx1oM4FsMSAZWSC2Px0hrwC8QL3raldYUTYPxHFHaWvSAZL8oOnrTdKjYf4_MFdFg&google_hm=eS1zVnYwWDZ4RTJwRW1Icnk2UjBFbHdtaE1ZSmJVVC5vcn5B

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmT0FDLZ5PXepY3EhVyBFWCZ3sk99KIMztsx1oM4FsMSAZWSC2Px0hrwC8QL3raldYUTYPxHFHaWvSAZL8oOnrTdKjYf4_MFdFg&google_hm=eS1zVnYwWDZ4RTJwRW1Icnk2UjBFbHdtaE1ZSmJVVC5vcn5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 6CE9 43 B
362 B 56ms
41ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTADAF0grwbHD1R9mRuayqkp8b6ZCKpzueY78o6iKnqxFiaJCjlbkYG1FrleuZMhafIufLzo6nunhguwXSj5K448hVMF25wE4I&google_gid=CAESEKumMQwJRKWM4HedGQmO0T4&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 197891
expires: Wed, 08 Nov 2023 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 6CE9
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEMIRLgzc0eO7...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRAe4tUhOKWKCsJZ4mO1d01fGwhZLTzd4BOM7qUsFDujoFL6i0DdfctYyTSR_jOLUmqRMH9PlsKwVy8XEjANAq4mfkgSnXEBCn9
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
165 B

65ms
40ms

Image
image/gif

23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 15:58:54 GMT
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6CE9 0
12 B 59ms
52ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JSyslwwpglGl3LTBI4diChZmfTgUGasz54Gg1OGmySdxtwtOrQCzHC5oVTOCtRAF0DhOTVyg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2098 0
0 83ms
76ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CI7tDPbBLZZvZEu-4vcAPysqsqAzB37iHdIGa6vuKEvAuEAEgttfpe2CVgoCAoAfIAQWpAjT2-VDP5LE-qAMBqgShAk_QixHTxHMKtbJgzgQKT0QceTvvQ7ezg86Rsg8ST1Nuipv_CKUFq9IMmaexe7rDvoQOSK0RhbEgm0EPswn6kxXQhy74oVEoapspbRuT-9YYWT0NH8Gx2d25kc2AnTS1RsRG1RW3eK3rPkXd7m6beM0YCI5_wOl_43kGsk_tULifRhHpVSSAR89E_G2kuwfLZe5MnfxHpnrFBKHDf-GF_UQlGkPv9GGs9hzsD3nGZsD3nZbg4seQCM0HR3fe_UQRLWNO5u_4YM1i_6csjiIGUoRmk1vC9jI95qq5lgSvFz5Tiirt8AGHsT7nybrWCZDJBqui8ZtYSQk9oDam0LmAiF8xcELUfWP_DKx9Vb9PthCe3n1jPWIGWlvNR2Ho1m7fcoLABKfHsZDEBOAEA4gF3djDqE2SBQsIIhABGAFI5qSSApIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGdoAHrdP9mgWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHChDI3Q0YrMiT_QHSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsBogwMKgoKCOS0sQLutbECsBPJqbQVyBPSue7jA9ATANgTCogUBtgUAdAVAYAXAbIXHAoaCAASFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGADoFwU&sigh=jbrAI5L3Zdk&uach_m=[UACH]&ase=2&nis=4&cid=CAQSOwDICaaNoisvc_0ILxWKYa-zN7wsuX7z7JiaFM9EPkS0l7S0N_x1PsEgyKsfJig_rVR0AEFAN9O89HArGAE&vt=10&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=9812672228&adk=3541318952&adf=1004996698&pi=t.ma~as.9812672228&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132621&bpp=1&bdt=204&idt=516&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=7mAbIqZrvp&p=https%3A//cybernews.com&dtd=519
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 09AD
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENllOYV1_-uZjXzGjtXQT7M&google_cver=1&google_push=AXcoOmTVSynuujoT4zRjFGAHDlW8RwU7vXHm8SbYpXoh8MSgt2SLdM-ffbBAIkum-odKR2R3J-ycYD2JDh9DzyhSjhwDPvEd5-s0-J0
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM4NDIyNzQ3MTUzNTcxOTQ2OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1

43 B
398 B

37ms
36ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 09AD
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENoL_O2ozlbQouKmfVABXjs&google_cver=1&google_push=AXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENoL_O2ozlbQouKmfVABXjs&google_cver=1&google_push=AXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkp...

43 B
418 B

208ms
190ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENoL_O2ozlbQouKmfVABXjs&google_cver=1&google_push=AXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 822f05283ccbbbfd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 27
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENoL_O2ozlbQouKmfVABXjs&google_cver=1&google_push=AXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTkjgAndogJlz30VpLbMLk8NSpfiYYOAQ8NYfcHI-3LXtxsG06TWP7rEXqP8OYitmGZJxsuyryH3BuT9Sd5M2YcXC_DYkpUk-E%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 822f0526caaabbfd-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 09AD 0
174 B 247ms
31ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEEFMrt78nTHusvz9JD2YHJE&google_cver=1&google_push=AXcoOmQC5cweAgDDqw6_wW0NNE8IXlJtP6vtkANsrr9V0s6iKxxOTTZsXyki7Ph3kHipWdnJ6jGm_tELMh79WzJabTwNWXE9gitYAS8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132620&bpp=1&bdt=203&idt=496&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2675&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HzfWThWLJ9&p=https%3A//cybernews.com&dtd=498
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 09AD 43 B
362 B 54ms
41ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQqVpNVoWOnR07X-9aeX-S6YgCCUAa_e_XzP9jl_rHduevc9BuHEDR5Uya-L-nunAjjAzrNYjcc7PZGVPEZ1uunH3a19NOAJQ&google_gid=CAESEE5pu60-nDT4GKijCPaJHOw&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 247745
expires: Wed, 08 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09AD
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBNDjQyZyQ3gxOi-U541z8M&google_cver=1&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinnKg...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEBNDjQyZyQ3gxOi-U541z8M&google_cver=1&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qc...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinn...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinnKgcGQWE_r6CeK2ZaSAMv0dxzg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQg2SvgbeK1A3B6RF_9cGR938h1AfpLYUACe5zASGVmzSacF7xBr6iJ3uVKtK3wVwQp2qcinnKgcGQWE_r6CeK2ZaSAMv0dxzg
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 09AD
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESENd4rcBv0DJa5VpA1ojMfq4&google_cver=1&google_push=AXcoOmTPRoCXQ8IcVcoZgRjjec1BWisG4kLvvwAdKrshq6uj-QMV7x7Y8gUJphxPkmvftW6mLUDptWQpMay7...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTPRoCXQ8IcVcoZgRjjec1BWisG4kLvvwAdKrshq6uj-QMV7x7Y8gUJphxPkmvftW6mLUDptWQpMay7LN0VI5g0RtR-g3EVzQ

170 B
188 B

39ms
28ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTPRoCXQ8IcVcoZgRjjec1BWisG4kLvvwAdKrshq6uj-QMV7x7Y8gUJphxPkmvftW6mLUDptWQpMay7LN0VI5g0RtR-g3EVzQ

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTPRoCXQ8IcVcoZgRjjec1BWisG4kLvvwAdKrshq6uj-QMV7x7Y8gUJphxPkmvftW6mLUDptWQpMay7LN0VI5g0RtR-g3EVzQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame 09AD
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEK7TuMo1gQzd...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmSkwbundYg25YyqEKTzuxvbNyusev9-HQEfn4SqWML9-fndKMf_7usF9K4dJH2gFPl0vuo4qbWebZSv0Hha-GTvRmPtVyhYG0qK
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
165 B

66ms
49ms

Image
image/gif

23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 15:58:54 GMT
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 09AD 0
12 B 57ms
54ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KnhnLasPxmTHzpGbfMOYy1sv3_XR0K6di1mg6wX_zPsDQjOCxVMgnKIaHMwf-g4-Hx1aK1Zg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E136 0
0 76ms
73ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C59xAPbBLZdeUEcWbvcAPyrWo6A767Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwGqBKcCT9Cw19R1C_qRaqIjoq_536i6qPN9pLPFHBpkYIqN9rxgavDE4vCmN2SJIio-iv9Lr-9kTDdDrB_bEqjZMkMNYruCIXNI1GUj0eDZvdtcpw-ij1Ajyq7qIoSXerBbMWG0iIiB47Rnzg7W698iqsWoY9nghn2CggWEvVc5mrV-j6G1pPEiGMxRRmBL1YwJ4tMiBaFNiBvfe1e_dXLPSt9Grf6WRkRLsgLqkZh6GI4YE9s7sz7Q6rCAdH8ZrwCSSrQqWV0dwcIuRN7-QIzBCY0rsiGLWQIseSTvkLKwmSBZC2DcIWq6qKrBO_u1XwTkJ2xLKMDcbHdfPhqtjZKExHdeoZmmA9bbOELUTQ3Qsn4aphAp0_oz-8msmTQvWTsyspDivGxEtP1OrMAE7fHf67ME4AQDiAX4zOSzTJIFBggDEAEYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGToAHioPffKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcLEOylwQEY1oKp_AHSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsBogwMKgoKCOS0sQLutbECsBPk5LUVyBPGzYLhA9ATANgTDYgUCtgUAdAVAYAXAbIXHAoaCAASFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGAA&sigh=RH4CSuz01GU&uach_m=[UACH]&ase=2&nis=4&cid=CAQSPADICaaNLmoUyGisCtJ-eqUbJ4FupGZjf7MQ6QZOR6x1gNFzJAp9py03neUQ_RLiL10whROdiB9s0ExqLRgB&vt=10&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132620&bpp=1&bdt=203&idt=496&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2675&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HzfWThWLJ9&p=https%3A//cybernews.com&dtd=498
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 33DB
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBr-KWtLZAIEhDpZyKsvpRY&google_cver=1&google_push=AXcoOmSl0Wfcr4PsMkCR7HBoIa73C3Pqe5YsDv5zEhXq7eOCltJ3u_kLa3e5vwhAI4o76fPb567YCV4WWh9LgLtvhbaksFzDdRoVz...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM4NDIyNzQ3MTUzNTcxOTQ2OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1

43 B
398 B

38ms
38ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:53 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEEkx6k4QlxckmitUV4Q1KQE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33DB
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_push=AXcoOmQ0JDGw2EJAD-ctyuR1_kBioozp36085V6WLenQTqyvllDtUGf0mS...

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_push=AXcoOmQ0JDGw2EJAD-ctyuR1_kBioozp36085V6WLenQTqyvllDtUGf0mS96sHcZx-bm_I1sqG7fwNJ3D138AGSwFtt4uz8EBHwqK8kHcvNGXZCTPJrR6MBEnQJCFOcs4OOjBghIDCuMMRMWipVg3gocIkS8xw

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-cph2320024-CPH
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1699459135.543686,VS0,VE95
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_push=AXcoOmQ0JDGw2EJAD-ctyuR1_kBioozp36085V6WLenQTqyvllDtUGf0mS96sHcZx-bm_I1sqG7fwNJ3D138AGSwFtt4uz8EBHwqK8kHcvNGXZCTPJrR6MBEnQJCFOcs4OOjBghIDCuMMRMWipVg3gocIkS8xw
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 33DB 70 B
150 B 211ms
43ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJ9TVn-LlVCgjJMzNc-2SIc&google_cver=1&google_push=AXcoOmTGstCRqNSTa0LrFc8RimzFko0weFZRZ9lM3b7ilHiGAwwu9feKNpCqcpnGPEqRtK5AYjNg2OjZZmDzfMakBB5QD2h2hVFjJikqzI49MOZ4TSkJyB1SVXWSg1UtnqU6BQHo_Jhoxra8drnwLSsWnjoz
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 33DB 0
120 B 239ms
31ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEBRh26wsUxa-0DqbwzlzClM&google_cver=1&google_push=AXcoOmRx3CsW9GkNXpHbQTB6UlY93Xbh7luU49lrBP7778Uw034PGZTGii5AqtyrlSJ5Ufg0XVdZEDRceEiiGdJIRiibh1ocw-bRiz6A5gwtoBCHl2MAfGXC9GrYE0jry9B_OexOcuTqnLyHwpcKHnyKl0TiRg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sync
x.bidswitch.net/ Frame 33DB 43 B
147 B 189ms
21ms Image
image/gif 18.196.85.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGkRe4zT_EpUDv628QZo8U8&google_cver=1&google_push=AXcoOmTCcdi4etAquVvFkKblkjMaQ4Rxz2eYkMggGlBHKgADO6cIISZ29GYgaSXRvfxSUjkuuPlrarAPGuuMikQc9bWdEZfRHWQRukP-6aus9bhwy2A8cDPo4ZI-PaHVsdR6r5ukt39Vyp3i7FAzQtSPSf0jgw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.85.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-85-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33DB
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMlg50WZ5khcWLGSSiHyxtg&google_cver=1&google_push=AXcoOmQL1ygOI_4_rt5yrBqInbkkM86WV_h5_sK7WQmLV_r4eUTENLWwpGNu_2EiQ6s13uyfDD7uSj3ZrF9_0oAlnzWegB9...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQL1ygOI_4_rt5yrBqInbkkM86WV_h5_sK7WQmLV_r4eUTENLWwpGNu_2EiQ6s13uyfDD7uSj3ZrF9_0oAlnzWegB9D6F-SnHTECFle_cgbdpFSp9rpiK367gkYkySEt...

170 B
188 B

32ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQL1ygOI_4_rt5yrBqInbkkM86WV_h5_sK7WQmLV_r4eUTENLWwpGNu_2EiQ6s13uyfDD7uSj3ZrF9_0oAlnzWegB9D6F-SnHTECFle_cgbdpFSp9rpiK367gkYkySEtVQUXjv9v0VedwinhXzWmSLY&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQL1ygOI_4_rt5yrBqInbkkM86WV_h5_sK7WQmLV_r4eUTENLWwpGNu_2EiQ6s13uyfDD7uSj3ZrF9_0oAlnzWegB9D6F-SnHTECFle_cgbdpFSp9rpiK367gkYkySEtVQUXjv9v0VedwinhXzWmSLY&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B
content-length: 0

GET
H2

200

report
sync.teads.tv/um/ Frame 33DB
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIJVwVShb7bg...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmS-1wepyRaRa0WYV68exE8opySYhrZ1EmPTetdJFPDDhMh3j18J3GyYSwP5cKEAGNXLrRFH0mjJMqdTd9ohGV6DdbuGKsog5mj0mBP8dSO7_WnJA...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
165 B

64ms
47ms

Image
image/gif

23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 15:58:54 GMT
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 33DB 0
12 B 50ms
46ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LC2wKGgzM7n7J4n0aMBeliobicGp_EFOK4YLtTJdhGqu32YsFpR_vBAJWL_w-N1lBAmSHVqQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 csi
csi.gstatic.com/ Frame 4446 0
55 B 134ms
131ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lopy38cg&c=2872762141030&slotId=1436381070515&qqid=CMLXxM_itIIDFfNNDwIdQZEGJA&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 76105514 Show response
unified.adsafeprotected.com/v2/1135760/ Frame 4446 23 KB
6 KB 255ms
74ms XHR
text/xml 34.247.247.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/1135760/76105514?mon=76105515&omidPartner=Google2&apiframeworks=7&bundleId=&ias_xsid=[TIMESTAMP]&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20509697656&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&xsId=ABAjH0ijNb6z0y-97oq_9JZhnj5F&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0ijNb6z0y-97oq_9JZhnj5F&originalVast=https://ad.doubleclick.net/ddm/pfadx/N7442.1972103DOUBLECLICKBIDMANAG/B30857687.379597277%3Bsz%3D0x0%3BAUCTIONID%3DABAjH0ijNb6z0y-97oq_9JZhnj5F%3BEXCHANGEID%3D1%3BSELLERID%3D312551221673%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://cybernews.com/security/hello-alfred-data-leak/%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNjk5NDU5MTM0Mzc4CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzdFhNOW0zMWZ6MVdhcVQ3QnVNWEdtRnUzMFp6TC1GRmE5U0pETFlpN3Nqb25QcnpVYU9xUUNyenVHZXNrelBjM19aaU81OE9SY3ZZY2RDMElmNjMxLXoxUTByS2xVVUg4ZGZYZXhhT1lIWHBnbzRCX0QydGFudi1fczJfb0lpTFo4LWdzemlfV0FTa1phMVloN1lCRG9pQkVCRndBbDNWeWNaWXVEaVZabG9lSDh3ejZzZmRuamxMNkFRYWEzWnNSMjVYa1ItaWJwWEJ2RTlTS2k5VVhXSU9uOXd2YXpqRVBHaGhBZlVwSUplLWphRzJhNkx3dW1BTV9wTVN1TVhjaF9DVXQyV1V2bUkyT1RDQzkxZWVZQ2E2RG9EQV9zekF5THZIbVQzTElITUc2RUR0YVhQemJKSVpHT1BGSXpDazlPbTNnMVdqQkNOdmROcG9VWnp4c0dOUThiRWlrZWVmbnp3VXZuQUl3RXhsaHgtNmJ1alVxeEd4RVJZVmhvd0RTQ3dIZkMwb3Y0RFdMcmVfOWloekJ0MUpGQ3hCQWlkZno2Umx2U2czVzBrbjNIZl96WmlBMDloZWRPTnNMV0ZITzRjQ1lpNlFMcFpPYjZGNkNWZ3R4T0xFbUNfUWxWRTlqV20xMFE5ME5DM2NhNEdUU2VKcThacEExelVRZE92SmJmY3BRa1dSSFByanNxNWhCMy1KajNBRkdTTzJ3VmlFWFd0Wks5cTJuWUtJT1FyeUxJdmduMG5lcDFINmI3bXRlRURBYWRrOUlWcUxVMXpDYVJMWTVxUHllU0NtZDcwdk01UHZMRHl4MENnZkVlMDJ4WnU5eF9FcHJFdk1LcVpiMXFOV3Z3YS05RDdsTDhjbkpWRkJHSGg5NUpROVJucG81T3kyLU5VUXlSYXFpTDdfMzRDOWVzQ085MVU4X1EwTmY4aFhvOVY4bkpPZU9GbEFMVUZJZlV1emo3ZTVtYzE1Sm1FbFdNUktTQk9DR0NqXzl5MDQxd1R4VmY5ekQwNWdzeGFvR1hKRjdmRUFwTUt5RzNMR0s0NzBGZXZvUW00Q2VfS3JmanhGQlV0VURjNXppblE4WkN2b2J4dkdtTklhTzlxQWNfQjR6Y1BXWFJjWWJTZmNFWE83d1M3clpxOGZBM2wzYW9IMTB5WTZydEZKcmd1SHJEMkdXMnhOVkx6LVVsSlRsT2JHb0FpdHhpQlF4WnUzcGNOS0JJdlkwNHVYREJLcTJ3SmFOY0hvM2N6WDdHa19iRkpVNEFLLU5xS2dWc194MEFJbW1zaC1PM3QxdE1wQjJJUlZOS0toN2lvNjdieXFNRkt5ZVl0NC1WckNaYlVFS0VGOGkwaW1XcTVWbHhzLU9fWnNoeUV5SzNRV2FtLTdzdlZZYXZmeXVwSFFDOEpzNVJNNVB3ZUZxbVFWZG9MS3RqbEJZLVl2NEJYTk9DcTdhM3VQUzZQZjVHMUVvU2pXS2MzQWxXME51V3NlS3lVSmhEWC1DNVViR0UxTnR0d0pSVm9zY0hsWThHb3I3SVZ2MmN3XzJyNURpYWtha2ZoUHVMcjgtLURCUjk2UE1BMW9qTlJ6WE9DdFV5bWZGSm5LZUNFaHZfWE11NW9GRXdkWHVoaDNYclkzY3owRHBUZmkxYkNzUThHLUNTZHFyYUU4ZHV3MVpmMTRacHVOQkpFbm9pX0twTjN5UnBUQ2sxZDZXQ3lzTGozend5aXpVVHJTYVBBYkpjQlFPaExLdHFrVkUxV19sZzFjTHlxbkdTYUFzbW1iaUtncV9VUW0xR2JWbU5LTDd3YmFJaFZtUXdZb2h1VHlna0hNR2xfbTd4U1ZYb1dqcF92Q0tLMzV6T2xwSnVodlVPZTA0UmJXSmt2QkZRdEdDNS1WNnRLMHlhTTlBRXVpVHlUJnNhaT1BTWZsLVlUR19TZGpUeE9vcmdrSEViTExLS0N6V3Blb1BOc19LZXpiRjl2SjdjdlNzZVNKWmN0NnlTS3VRWHVKWkZnYUd4NjlDLVRzcUhQeGxWVDIzV2wwa3RiUS1Eb0pqTUIzVDBnSFBMeDBjNUVOVV80NlFJZmdrLTNUb1lEN1RNWW11ODQwcFUzVEViYVI1MEc1QVpuTkFvVThXbzNsOEZGZldkRWxWT0JNd3p3M21GQm0weVBBeUM0MW9KWkpJd1pNdXN3NXQ4VmNYd2VEbi1RdlZKcW5hX0FsN3JVU2Nsd2VNOWhjM2prWEpaX25rTHVWb1E1SDk2QnhOQ1ROalJNc1JMeGN5WlZnaWhHWHp3dk9zREhsQjdiMzFTQW5IVmg5NE1NZHZualEmc2lnPUNnMEFyS0pTekVDa1djWE5FSlNaRUFFJmNyeT0xJmZic19hZWlkPVtnd19mYnNhZWlkXSZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5jaXNjby5jb20vYy9kZV9kZS9wcm9kdWN0cy9zZWN1cml0eS9maXJld2FsbHMvZ2V0LXN0YXJ0ZWQuaHRtbCUzRkNDSUQlM0RjYzAwMzA1MyUyNk9JRCUzRHRybHNjMDI3MDU0JTI2RFRJRCUzRHBkaXByZzAwMDAwMSUyNmRjbGlkJTNEJTI1ZWRjbGlkISIK%26dc_cid%3D203224912%26dc_adid%3D570667618
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.247.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-247-46.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b59bd05f5e477a0227fa3685225472d662d1593c7fee03f54045f6dfe5640222

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:54 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Request-Id: cl5r0fnd35kefbg6r69g
Content-Length: 5929

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5D6B 0
0 66ms
62ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssEJ3P3MtJy0n93Irrbr57uGnHK_EHU18rEf43U67fE8cPrgGLm1ZEvS4JrL4xqXGwvXNM1Ks3u8X7TQEI0sL_o8evhGL57EnJ4sZO2RjhfheKpQn6hI6lNQ84wrlTLPENXVnq0oYzZruhTYTP-Db78pyxst4LFShhjxlzsjlZdS5voBYFMsqSLEc0n6WHExlaXPfkF-1s5ll0XhT1kMPSzCovQAueLtQxma3-0TGqCyC-KLw-VJ6FoklNRZs5DE7cQ_ZIaWUW4QOeFUpj_QD0eJya6USt_y22uRtdK76ghOWzY4eVGQuHf2P7KYmbgE3l3j3qB-avj0knwmBHr5by5hTUTgtfksDzonqmrKUWLtw4eXJWTDgXlqjg0hpERgivgRZQstsHg-VmnMxOnOIWIzQLlxZmSEbaxsMXGhdE6ail17Ah11blHtV7goUQOQ0I_QbS1_v_7k9OaPohyFsVVlG6ExFscEdi2JvSEaVk8XpTw8Eueywz-h8ABGf0lyzUW4V9LS6LA2qgNuSV1Uxfag3ZBmfIC0mBUlRAJcKfbqEc-rFjRhAOHttLWPfA1VYcog32E1mYaIhQaQCd59etOoZr9dfM624k2ni7Gfx7usiMH8AH3VSUkPKgskZN7MMOz6_szeoNL3MjX_XDZuh2ShOLcTZzdi24FqEmILDPK-c3pnImPdyoL3qXae4xTlmfQ2cw6ehI50QzY-z2OfcUxn8YhiK-iNfRwG1Ui8Kf2bzZO2XdEfoxWxIUXcf7F11-TKBWR0v-1-QEXwh73DJAcJqDig2L4SPnR7uCpf6LdamcPXFGO8IdquyM3mZpR92pxuQJVaEY_xmhxmS4TfPiGZCXudogkwDAlspqaK1F0nKZVf5ukl_Kp0EBGDcrqDULI7553LsOVjDa7KlLTnWyutWr5a0W-eB0ngmoCt7th0vZAR1-RpzdALg0ZqNsCpw_UhgBYAfmcy1OtDJ_P8yGpvk5oKKd5wFaC7dFBIULd1ICh0SX5u5KXn5yJRX5t2vTozZ5kRUYQIpZDFd4444KgvZpwLoodIPv5kLv12CJWG7CC8CrXUKs12Mk_dVYukVsEwLajHviGmb_6CjX1a0d0FVBZgqr0mNWQuXcmXHu_2y_JtoNvJMMXs3rXT7OcFT1lO_qmn97xXK4srGrWzOQ0s8z3z0-iw4tEtowc3pAzytG-VnZEBIz_9VrfiakRSeI49pB_uWGN7gQEhz18uczBpvEK4mnItUJdZaWsEYAIEbVDhGgk8GuFe49a5IMykGALtq_20tWBfZMcik7E_XNCvzKpoEV_xEe_s2lZSMWgydyPCfRJwHBA7OFNPkOcnfPfyhsHk-TatVz4vPNhXk2rI9a5NHe_Rkh5JibeiV75V5J1wE9jpVsyj3gkeA&sai=AMfl-YQnXtTvU354PhNnZ2H8XaQP99LW62T66QIjCZv7w4Wr8HJ7XcrOs-6wqrHyPv1koAdKdfjnVQXlVa8mwpSLMJqQclIZsy43irEs3hAs9URprMxmoA6SFdHGkis6gXTwHUU7dST6nEMrBxz9HjF4LGdy3p4V3BDZ7qpanW6fp6o1f4v225CpetrMTVzD4f8LDh6d_mhOaVCigT6umNNYt7qVJ7hThUYHvwRgFiG0hEvq_W5mT1k6DU9B6fYcWqQIKdW69oc&sig=Cg0ArKJSzCF22c9S18CSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=560&vt=11&dtpt=339&dett=3&cstd=219&cisv=r20231106.89667&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H2 200 node.php Show response
node.setupad.com/node/ 0
242 B 134ms
23ms XHR
text/html 159.89.25.223
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://node.setupad.com/node/node.php
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.25.223 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: X-Requested-With

POST
H2 204 csi
csi.gstatic.com/ Frame 644E 0
55 B 137ms
127ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lopy38k4&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 644E 15 KB
16 KB 25ms
19ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 354095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 13:37:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 644E 15 KB
15 KB 37ms
31ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 474722
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 04:06:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 644E 0
20 B 63ms
60ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1699459134511&ai=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 644E 0
55 B 134ms
129ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lopy38kw&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.13t&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 644E 26 KB
17 KB 76ms
72ms XHR
text/xml 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DbQWOOBWP0srNoFnL793XCSmLeabIXl8WkZqBvTCT2jXb_-WQP6mVMq5HW6e3O8BtE3jXY2mcpYcB3CjXzXqvXXm8oaw&dbm_d=AKAmf-A7EcULZ07CzUebAuhYz-CTw_ncztDqLWQdZGKtnYhiovRPux16gblI1amLmc2OjHbeVTDUlfLgexF5yxtx8cLlx1FjLe8X9DbIysL6AEjpMA6_BFLhiHPPeeaVYXSaf4uKTledfm8g5JXZ1Of5qfbo48N-RulS2BhTf3nNUjcrXIWu3wk9U5sS9rxwgCV1GqWmG_zMzljoD3w9lynrsc4IHykSpgkz_bPqu2kwRbb1AWQ85BGr3Aumc68nEfh6AbNr4rcvb3TkG500xN2ZVHRzE2HwEmeAqboMqwzauv_XPQWiCCep3z9Gak6339V1ZJ6ee7E-abYx6t_Ucy-wPQ5tv9Zp0PeaGUl3DP0sZs6ZzhThrgIq2ZMTukKR8-OvtoCO9KR5K0vmULSU3liiVXZcsaQIQ1Roav4M8z2z7TjjzsQbFw-H5r2EhgbK_gw1DVfE1WgQY5U11D8LUDHxOwynKNJiD41v4YOhcprFqoqiNWt8A2UKwIcI4sKsLVDP0-sEV9DsX3wLoc2i6f_iRa3ieai7ShZ49GXzOvv-eEFDBspdmKkKfZyMbJ0t8G4mBrPOhvEb21REPrIkZHFsYs-9ATmNJ_waioMAGDcU4Imh4a23x2WUbESu14HLT3RQ9msK4Xk_1XA-8cUxUQsPydIDmW9cSlgR6zjFD07CHVCT545XtcyHdI_c2G1OIA3Pju5xO8xVQI6HjOGyVaQ-qqnJDa4afZmOB41-KPMWo4QFMwcqmxXl0NpJCfW5RaSYrClFvu95nHIJEHuTtLZ5FfQa5eqdaJgpHWgnBoyXtscW3wOQGdw058LNWDSr_RNXSc_D6Qyigc5jcs8mmBEISavwGfWuYW9ZZ2mrca772mDpAQTbIh-opFqXjpbqgGatIc6_l_-I39PkGHhEsd5IRPsKRH3SJ2X2jQAGDDrz_opbfjdShaK9jVCH8hBeLr2YoQ4A1QcohZWm1f5mOlfASIsckCS5Ify0h4jbAQ_P1Z87c076ttSYMhSnYyuJowDJESWmVtaUX4v8Soz34DjzHGNse4bifiYIna-JgtfVW7-PK4-3NEtPscuat0fEBsZ6G1RS5NcCU6V6Ax3X4C9vsNe1AH52qcEkmHt3z5zlDF0PYpqTszxBjpd1PGuBc42yVMtgznOO2liLCu3YQWe85Pv7FjVmt0oO7y8neiP35a2uYHHrK7jwwcnoX9__JHt5N7p0Tz8Kwr-BtSn8pzIHM3ig34GGz1EpLvKVlcM_PzDVOG2PcdtWK5uklq754KIQIH78fXC6VLMZ6Jj0wtUsLCN0V_zg6MfkRlK57ai9WKCKz_8f184ichI3KjuBf01pUGNlpUbtPTBOZ3ZNVwHsmp0wpXnp9O8kT_g5zlUC0X3vXnLdHextPOQlWKkSKFhf6v88stBFeNzhyaIwXfENM5soyK_xM5MbYE5U7G9q5-3WRG5K6l2CA6pCXBt5Tjihcc5lNfwFSgQGYE96-aPnt8XOK79SKWCajTqUme5LoIpAcqgAQzf2wHYYT8Pv-cX-LDjtwm6R06jTtYDi3axwWFuvIyJnHI4OmZZD8JWob2q0HZRIbXEPQG8MIRFZIyy323ksRizvql-9DEHvB7AuJ5jLEEe81vX4FQ81OuUATNhlpnxQCgAdrEljQTau93pD9gaYFyVIqnnG691E3ZKniV2BGYUYHvNsA9NMIg_O8RNTONjcbROrLAStx6-knSujA9Fcw09rAqQmd5_6b0PUZukkmoKm3OhA-sMGPFQdFDxZtT2k5rmiKe1lDp5Mdg2f6VvqB-wXp1gNifdnd5k7mqhDRRuzQ8Kxt4KktpSWjy0R3UMtVj10AR8hOXPnaMJCrls0gXakl17dOigkN_dyuhtFVf9L2htXPSYjFGzojHeMx2x6q9SCLz5-YUMaUY-aTEzsdL9dxyP0uRjO-DBTZEWDyWAplDI3a9hhCFUJ58At0ZdxZlyHJBk5cn7eYo15XN_aIZoBv3K1yZNUDmQj__bwxfLNX6103gkYn2rahOs3l4xQquMFwzba9cXAnj2R_GVpDvXQ4kjqN3TFZImiVOznygv6LTaWQIpCyKnYBKatOlhCybBr0dwto2ADmN1qU-FGbEOB2BYauBU-zEnVW0IdhDaqEbd8IDRRSaLDMqZbYZj5mSCLyHCFljTRrb0tLPTH3kGywVXqcW2fE3Ug_VQ307Vh6_qYreQ1zBggl1e8On7wlKjssxYJSlj1ilAIxJtSyRr1imJI7hLF3oECtP-ApNQY3cKQste1hgxgVsXFj_DvuN-i5QPuZNp8duimRC86iQ1mW5k3PTjNTFMzBZfEWIE0aQDoE8Rn8xSlZ8dw0p6sfNzPFlXWqRkdSjeSiaxC88H3lnOJnTbEfMmy-KnmPBtEoTUogU--jDfmsbgbUJUJXxEzEV644lr4ztxCpDHWRyuDB7vR1XvM904sFbCm4GmxRC0sSH0WQjBKzR0w6n3MHi1e4AcgxSwnJ0KZt03E93roe2Aca0f1b1izsMsVZ4uUxOt4SLhTblc1cc_qF8HCmr1flOeDg6XQTZsD1BN968XTa_OrmzLHqLEaKnT94edhQ4TeNRDjm9FisoJ1ZfCzes3s-ci-tl5yrSAWid5ZBfZJDsRq6HQKbRTpc7I-kW4f6scykkn89Y6MM1HeE_G5uzBdMT4ftNK1pzEiGakJYLY-GAFs5foKdTeAN80DPIuJXwil784b28tmQNwCBmfa03h72d-_P0WUz0QcGbWEbXRi2P3yHju-kUdZVNdmPATnL99v7dTw5bbtSzUlUKI1_0q4XF52g7V06oPG--Hi-8wL5MKm1qb2B4ZiFZDl_YOhOU4ZQUcfBbrKLA1ivXLvR-WsPTSoGvCCJXTJK1iupuuU25S1PJbgwLkSkIbcIDzlSY9ZQR0xFaOwC0hEzN4c8p4iDdzUPKou6f3L5CbYg-ZCpZoe17HKWZTj59RT6QFSLrdoJNZECUY-uapACYJbqEgviMOGMjMkd4pxPb44mMBEr7vcDxHmeVzte4gsxMIopVljKIoWu_CssdDUZElAYODn8vhteJUrXBDf_MoW91-NrMuoIC9YDfNc6adO2mdbD8SEg9Wkg--vZSxUMu_-2jJZE8BVwFlv-fOwsfgNFYwMqM_Xn-TijF3L23VNWyp8LIJMVZp6kpOa0hzyZVF1ODtdllG6EhIvYXnMwlFFSSB1pgWK_QXq5PrBglOMQKV61QTL2wWL3APq-85_Vm6PG_1zOrzE_AuSpkDS8mZbQNR6E9U7PuJd6stQnANCBNkFj7q71PhW7zSfAItfXiF8qNsIJHAA98MSNnbVrJPfj1pubuzQ72LMIL2B4C5kKvE5H1xslpg8xQ_sRgXoBdQjUOmQHxE01crchvPyihX4Qs2a_uQrwES7OxzROsOPkeaf4SYQF99WCVVFWfkI3y70qrbuES-rgdpXBwSnm817471s9wiTonkDjih-InWGZCDTxVpkVkbPX-JcA_aJmoqdcKedTdH9Laku8I5esOGhZbSo1m-9nmfW8X3W--O0S_iInyAB5Fj7y455Zrz1pfKFEoa0v9vV4FeibR-WLim0CDV7ktZJ7dGMXuO5ed52Y8VYCPPwHBd48vTk12vYzacPfovYDBUaMCYT4sgUBcM4A-LWE_xpQ0ejAvOHj8PCagxMm65XTZx0eAp2RNqxaa3mxOHl9y22FVQDqXSHuCgEUdDy7kVeVZSBiZCv0xj1GjIOmrDWhXvf9RjYfKxdclUV58iVV-zTfCRGSkMuGY4eAY-AivmejUzwGL5G52heF90LWnKJZxjRvI7Ky6Hs5rV7oxSFgZHrllN3q-E8bHqxUjCM&cid=CAQSPADICaaN8gwOZYwwvTMUS02ekLkQ6xVjNxLFS-FEDQooWm-bnBCLubbvsj75B9UTYjeZRMjdY-1k553d0RgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bda7edda4eb0a3f99438ecb3b3dab7b780643fa347e8df36950509e533b66cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17484
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2E92 1 KB
643 B 56ms
22ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 644E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f36a24ed474257090bc46ec315e1d2ada36d91d5f06469d899baa2723da539f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 8BEF 0
40 B 33ms
32ms Script
text/plain 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=66551302&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
content-length: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 644E 0
55 B 134ms
127ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lopy38l1&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 76105514 Show response
unified.adsafeprotected.com/v2/1135760/ Frame 644E 23 KB
6 KB 162ms
91ms XHR
text/xml 34.247.247.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/1135760/76105514?mon=76105515&omidPartner=Google2&apiframeworks=7&bundleId=&ias_xsid=[TIMESTAMP]&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-5928161074779380&ias_chanId=1&ias_placementId=20509697656&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_dealId=&xsId=ABAjH0jHKSgm4m9ZBTAwesRLlbiJ&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jHKSgm4m9ZBTAwesRLlbiJ&originalVast=https://ad.doubleclick.net/ddm/pfadx/N7442.1972103DOUBLECLICKBIDMANAG/B30857687.379597277%3Bsz%3D0x0%3BAUCTIONID%3DABAjH0jHKSgm4m9ZBTAwesRLlbiJ%3BEXCHANGEID%3D1%3BSELLERID%3D312551221673%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://cybernews.com/security/hello-alfred-data-leak/%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNjk5NDU5MTM0NTU1CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc04xemk4eHpaZnU0VjJ4YVVCR2oxcjFTNVdIdThZWnlhVmlPUWZoQUM5NXN5U0MtY0dQem5CWVB1MDNhOWs4VWRweHhCT0xZMkNrMDM3OHIzeHdKQWFUOVNRLVFXcTBQTXdwaWdZczg5X1hTY1Z5M2NWSTIyUHctZVpKQjRIV3hQemp6c1A2YUtIWVBhc0pSVHVTaXNDbjRxTFdlMGtCN3d3U0Z2d3JnWlh1aWhqWTNXZHVjZ3RaSTUtUDdTc3ZtOF9TUGpQN0xjMGNhNDBDU0tzQWVSc0pjZEJ0ZGRhZlRjQjVpOUFrcExPd0ZoN3JTZFN4ZU04anNKdjlmWmVlZGJFZlZZR0wyOGxFUUhvSUF1VVY1TXQ4OG9fVDZOWXdCSVBITG90WENBeE9Jdm1HSjB0cElBQlM1NGpiZkhTWk1qam5mbWVOTHhZLVZENHB5ODI3Z3FmQ01SSWdrTm1YN2ZZSHZjWjhZT21kVDJORU1tbkhkSHg1MTJCRWFvc0J2TTFWN1Fhdm1ybDdYZkJSUlFSMEZTUGhzYlEyakZ5TmdlOFpYejg0a3lRM3ZFNVZudFB2bUVqamxud2V5bnYyWDdDVVRoeHFrU2tJcEFFQjlkTWlQa2ZWQkVtblJ2RWhEc1NmR3BZejBocDdIZFAyWlAzNDF2TEU1bGpDT0ZsLXRfcXlQN01mTUJkNHFBbjd6RndXYWdIOVJXc3M4V3ZRcHJvR215VnVWaE5zY0ItRXJybUIwTVRMMW1xYWRJSjFzUl9IQW5jc0ZfMHZZR1ZpZl9ReE1TQ3VWVGhyTFVQSFR2RXN0Y1dwMFlGT2tEWGVJMjEydnMtX0tRRXJZTVNZTF9zZE9yalAtSzkzeUtGdFAwRjFQZVBROG1aYld3QXFHbEVEOGdOZUduRDUyRzlWRm5pTEFjeDM1MVdCd3FHOEZicGVMa2p5bkk0YjRoYzh6TmFyZEo0WnhnMVVfdHpBTXdDTEx1OXBJVnBBMVluOG9wVWhEclI1bDB6LWp5Wm1TYk9IVmtrOGZrTzY3NkxfXzVoYmV2WE1ib2NyUE5DNjFrNy01RVNSbzd3YVpwZGU5Z3pXRm1TWlVwUFB2OEl4cHVPZDU4NWFoNXc5VlRudVk2MlZUY0VxWFhVNXI0bEFnZkluRkpObTJGbGgtQWI0M1FOZHhESTB5X1JEZ01nLVd6b29wdlFQZlRnTG9xajVfNVR6WFo1Y3hlajRBajkwTklXa2hxTmZrdUhYRXlmcGlfZU02ckE5WmdXWmFjVWNpRktSa19WQWF0QnlBMXlsbkI3Qy01SmVnUkp3Sl9vRjNCR1FzdkhHRDRZTUVhWXl1clpSS2hxTXFaTVk4TDdMaFBYV3VJOEdXanpZQXJMenpjZ19HUnVjTVY0Mk84Z0NoRWZCUHVJR1JzOVFqSDJUbDNfdFhncU9rcWRtaC1jcDNXczNSTVhSZEVLRXhieVoyemlSY3RZRDJKM0ZnU090M3hoTmpPZ2NtU0diVUJXLU0xRXUxYUZzUDZqdVppNFRwcl9fd00zTU5SQVVZOURSZDBsS2h2QVk5Q0lPYVBwbHZFVS0wb1NBT2lINWN2S2wxWnUzejF2MU1SUms3ZjZtMGFGZU9ocGdYUjlISVNpTjA2anZJTmFrT0xzcS1BWms3TjdydjJYV0ZnTmlYY3hxNm1DWlBkdlA4Y1R1VkRucDBpWkdVOGFJdTBsVENOenVyWHhCZTc4dGJ6MzZSbmo4aDFBcEJOeGVrbVdGLXAtQVdUSFNhbHZUbWVoNTljTXdManNwbWVtRTZVaU1uLVZTR2VKWUV2MTBFSG1mT0RtLVcya3RDZUFPR0hhNE9Sb0RvaEw0XzItY3hLSHhyM2p6V0l1ZlhMMUZxQ00yTTAwOFVZbnBjRWlZSnNXM01OSXcyV2Z4YjdDJnNhaT1BTWZsLVlUYTA0U0NBNlowckhoanM2MnlrcklDT0RxOHFrRHNVWUQ2ZTQtTTgyWW1uNXU2dU1NeWZMRGRxdTNQTmNueFNmb2pTVmFFYlZLNkVBclFqQW54cm85bnNXQlBjc05rVGxlUHVrSnlXNWdJNzdHUzRZRUNLMHBnTVhIVmtOYV9HS0pqYmh2a2hkbm12X1YzNlhqMVd0ZmVqYXR5S3VEN3dIcFp2OVAyQ2Y0T0xhalc0REVhdFJfeG84SkRUVjFGUFkwUnhqaDhMZ2x5UnFqOHpfcHVnRVpGN1J5WVY0S3JheFZ2enFNdTY2U3ZYTUk2a3Bvc3hDRVZxeHVyT0VQQXozRzJDdWhBbTd3REhLV214c05mZ3lpR1FDcUdyU0NxU2xGV3Y4b1g1T2Mmc2lnPUNnMEFyS0pTekhsLUpWM0VQZldTRUFFJmNyeT0xJmZic19hZWlkPVtnd19mYnNhZWlkXSZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5jaXNjby5jb20vYy9kZV9kZS9wcm9kdWN0cy9zZWN1cml0eS9maXJld2FsbHMvZ2V0LXN0YXJ0ZWQuaHRtbCUzRkNDSUQlM0RjYzAwMzA1MyUyNk9JRCUzRHRybHNjMDI3MDU0JTI2RFRJRCUzRHBkaXByZzAwMDAwMSUyNmRjbGlkJTNEJTI1ZWRjbGlkISIK%26dc_cid%3D203224912%26dc_adid%3D570667618
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.247.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-247-46.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d4ba5dc1636e36b8cb19f7eb6c435231e3f7804bb04b9c23f90631ec944b02f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:54 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Request-Id: cl5r0fjpltle5d35j8ig
Content-Length: 5937

POST
H2 204 csi
csi.gstatic.com/ Frame 2098 0
55 B 129ms
129ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lopy38a9&c=8501616529858&slotId=4250808264929&qqid=CNvrzc_itIIDFW9cDwIdSiULxQ&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 2098 41 KB
15 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Nov 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-4g5ednsy.c.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 2098
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r1---sn-4g5ednsy.c.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

118ms
20ms

Fetch
video/mp4

2a00:1450:4001::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5ednsy.c.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/09F812C1D0C3AC760E938EB1D9204D22F0E32B69.36F4B8A6BBE9BF93726577E07C611F17449C0835/key/cms1/cms_redirect/yes/mh/98/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5ednsy/ms/onc/mt/1699458443/mv/u/mvi/1/pl/36/file/file.mp4

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

HTTP/1.1

Server

2a00:1450:4001::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:54 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4188249
Last-Modified: Wed, 08 Nov 2023 09:11:46 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 08 Nov 2023 15:58:54 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 653
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r1---sn-4g5ednsy.c.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/09F812C1D0C3AC760E938EB1D9204D22F0E32B69.36F4B8A6BBE9BF93726577E07C611F17449C0835/key/cms1/cms_redirect/yes/mh/98/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5ednsy/ms/onc/mt/1699458443/mv/u/mvi/1/pl/36/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 93FD 41 KB
14 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFzyyrvjDoBXFsrERUyzRvZTGfB1KunGhuXCWeSO7eyAuUKl1dnb0s4YFpwD1NELF-50MOyWt9bGjW7zTYMpKYfWxQpdEoBAWPuxf0dLG5rkSE0arFIWEiKYw7maKW3FqnmKzmqOqbLgovnj5ejCQ_NjK8vL2gvpJqjjL51xU4JctaQPE&cry=1&dbm_d=AKAmf-D3XM9HH48585Ou6DSnzQ1ja7xVNrnVTTHd97d54bRDBApxJijd5wozQeFUfMYtDKbzFgNJkEHUy0wwN_1zOs0-xakID653rHYIg6Dr04Hf5OEYZwVk16tJW1F-8ST8wCTobmOFn-yELXY_vIAojoXtArR97N4xO-0zDe_YpOJJ10TWDNZFe_NM02ihDTSxayM5exdombvEsotIqLFPrknqhUWxdQq5xcnC83ET0XXm2ELUaBkJznPn8We5sGuk160aQKzq3YP9b2TF0T3TQjNx4rTu5E85IFlyc8x-UWcCbH_4boVugkqs7jv4ykthEVf5eCcWDaAsmnMushr-KAvg48qxil2ZW4r4r7v0mK42JVyWh8UTR8LobuoU8qvZ2Uzk4HPlspCuZAGVSrdruob8CO6w112fKySdrY7gRYVlEAC1itq2u_ZiN30GemACLS3lOP2UPQN_ySfGPN0rUHPv7EFQOTyECCG7ONh56LHZlfzOYz7NKsiPPfGt5B27uKDXsBOCFFUZlxvC2y_HU72tYk4zG8NbgW3o6xrSpOcYODvi8MgOkjLwqnwPBH_jMoj_W-NtVr60mo-lSS-rhoIIM63k6RCykE2pxA80ozUxCzNwttm_vHpzH9hIWpVuJLX_Mbja3VA8cHKB6V4YMwOOi0wnE30YQasLBxW9d9I6holzDbC5w1oBqePMuRrS76J9axP00DpbU5TXQDUEvsVWDBAU81ZpukMhBCoNmQz0FYCoVO715GxDwa8KozZe8UjWfWMGLH84AuAGey3qvVLzZPhfH5ctgyjRc6389MTQvh5fqyGw2O_pG_u0GqLMmKK9axK2a3O-FVPf5xsYPcAKf3WCfLTgZVa6bm8glKqcSrDJ9RMGde4OgwZtIF8-6ueTUMOK4g6-ns0NX-SOYf91Wdhu-ZGydol976BUij7xPARqIryMu1GBIQdH2wSYIQxkTFOKTd_fq6lrDLQk9bl1fq5dkriImLadtvPmKUL84MdzzJhUuUE5tYuPPf41AuWK_b9l-Z31_ZYMsTc-K3J-qYEDjrVDYAx7uuHy4JcaXTcn8i1fJswEgWGvzXIlC47qZnhM3mTO4VvYwgW60MBoESCpSJyLGU71T64rVrRJSUkaHze-FlFtzyiavwgnit2yWN_F2kNZS7MKx7DX6Pds1fQYU3Uh3KEV7MyOdVYSJ1Qw3SQzIZCsxtLxT-1RPVjutjrEkmCgLkIGsWjySbGG2Y3lcN0j3HkzNF0UynpVSSQdaAVbkH4JM6J50JcvdekSsZ2fM1iUVuh6JWidNgO2q1kGmjRCCpXpQvfdXI3sFrnwO1wsy_AkB2fM3Klo_lDTfnZHS2xslu6wJrLsFDcjYbLH8owt9dkbB0i30pbL9KyBN9CUi3KBh6IWs609WWNap91fI7Lr9fTZUqLMTsGe02s5uRPUr3riM1wlwJETiME7uM5N_BuIpGSpCe784eU1Aj0alBWfMHvTTwYlU8hxSZxBo-FUKnIKBqYq4rWJ9uNVFyvxay0dtrCk1DLjO9jkSSIbDCbfetjdlAigwRQnKaQaLFasHFy6C-DFVxzV98ypNGf73YZM7Iux9U4D__WSeBZjhtBOP7Qszyjf4VfwoIyc_OMBbuUpNRFRYrY-9MZvWsAks-gfVH3nPiGhZnH_5Z1Gk4JIrNHfF3NvFdPC3GBMcGxEkoTR3yuJbkxG0Z_R7grijcvgZKwJ82sSe8vRm3skcF7O3a2V8UQ0FdrqTbKWcFuXWPunzeWZd0hm-geWSdMH_ZEECRJwyvhAX4T1x2QWh7eP5eRAIahFqooUVPSZItY5okMVZQ2yTZtCuNLtOcHPCIujOh9mSHcsT8tvT1rf0vf4Nv97IRXL97ohaLNGgU794_LRF019gUJJdMGEeZnZDS-lSlMUPbXKRjovT8cl9saw939LFgm_rDraXLO_ySvRfyfG0b3ddj4olw0mUOZtBkiYlUw6Ekw2vKN-ireBE6aTIIkkFSGsDNakhx4o54jVDKl_fDD5t65CxYpou1VsnQMyMihGwL_q0ePl876rSNpcDxjk9sywY3abNfCa07qeofyMI6M0XncSyXab7fy6zWe2JlRGZRG8IMgbGVJ5bK-Fh9dOGJ9VQlCvwibbFe5Z_SFQyj-1DIELI2W7xqkQS0xoZZf9aViN-5y0Qr_zBYXiM9tzxn9A19r5WcXy1uqTZQYZYX5LobRUG9ijnzmh-ow1ibkZuEKiMPYvC9HHz5PXK4bljl79ms6AYEVTPkAdcOqiJCubKHr-TaOJcLXChJNaQkZ3JEQsFwfP7n2qxkc_QtaSJfaj4EReo9I0YwWjLL6Oks7lOBpAVUds9Au8220SMURzzZP-5KW4n0fKuof6XI3O6Am63fc_wycZSGBkgmiGNmoMhZiYHQqXeFgFWABThxkWovdFDmELhIUtbu1ib4rCSg6WmBjq9x3USajOBYUSQyFdEMAyJDPr3f1B7sAxUjJERLgHRwISk3jIQMRKWobf46pm36atvrAvvUkOGraww_YVKauwSQIt2cDPrPBYcB-ug5URobDeWDHPHwJNPipaETAQuPaLAmVnYVVpw89i5uygERsQj9AgUOYbhBQNGpW1haD9JFavE2QfwSrnbOvRehIcGcdveb9EciWIZxBNu-isMRnfcbQ2coCoS0ePtWHm4cw0TRSj4WuHZL7izgEUfdCkS2IAmfl3_AfVLms-YNFMqPp6_zMLUGGpFbB-nl_9qCDafNaEXC6WN_c3NZ6tuxxDNaKC7HWuQ0yxVhSSyxjrMz4uZJZSq7UT7qVuCeBTfB-u70vlmmM_hKRmQnShWu9lSIelDFX6qHgG2oRclVtjL_IC0Ne8QDvybbu6o6nmxWobfRkGHWe2s4zfPneeAntVLnXUdh-0uPMyv3raeg-ateX7vTK67YB6Bygy1fMN3xUOfIdNPSZPetkdih0YL7KD0Z5TL-_XwbZlW0bjU_s9sk_sY4X5hqz1ZP1E7s_peG0KWo981j42ytD7pzYYJlLr7P2whbqzQucOIZ8jx2TriB2GBUTS4rwg5GAXWEYEOZOYBiw97YfXIECcaYr3l7sLKQLZNv3abR-WievtHapeGaBnjK0K6Cir_wcM9p5LSsPo-53RbGwWZqnCSN-o3u9a1zGkb4BikhcrS5QbpcKHIrS4N5xcRV8&cid=CAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=11627810586163493000&adk=1684704082&idt=126&cac=0&dtd=33

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 207152
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 06:26:22 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E92
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELxDtk_1rO1lDfsfMRKeYoc&google_cver=1&google_push=AXcoOmSkeSCukE5ZYgJDVahhUuKl7CVCJ-ldlvSlgqMkYMWzfZCJ1yMEky...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmSkeSCukE5ZYgJDVahhUuKl7CVCJ-ldlvSlgqMkYMWzfZCJ1yMEkySZZKqZrvOHPUjGquwFc-VHXfkfftq9PkL_qwqwPz28Qcc&google_hm=JjX3CYh4o...

170 B
188 B

43ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmSkeSCukE5ZYgJDVahhUuKl7CVCJ-ldlvSlgqMkYMWzfZCJ1yMEkySZZKqZrvOHPUjGquwFc-VHXfkfftq9PkL_qwqwPz28Qcc&google_hm=JjX3CYh4ofWjeQQ6k5sO0A

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmSkeSCukE5ZYgJDVahhUuKl7CVCJ-ldlvSlgqMkYMWzfZCJ1yMEkySZZKqZrvOHPUjGquwFc-VHXfkfftq9PkL_qwqwPz28Qcc&google_hm=JjX3CYh4ofWjeQQ6k5sO0A
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 2E92
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESELnSEsFBn6Y-YLzuEkMvPp0&google_cver=1&google_push=AXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELnSEsFBn6Y-YLzuEkMvPp0&google_cver=1&google_push=AXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6...

43 B
417 B

200ms
199ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELnSEsFBn6Y-YLzuEkMvPp0&google_cver=1&google_push=AXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 822f0528fe59bbfd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 862
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESELnSEsFBn6Y-YLzuEkMvPp0&google_cver=1&google_push=AXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ8MOn27hgubdPwFTplF0Wm84iun9FszO_UBkuRQtvw1H8zJkz1Rjp4pPGQfaXvtmHsOt5PwdYeVTplr4OW3Rd8nL4A5h6Q2dM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 822f0527ac0ebbfd-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E92
Redirect Chain

https://ipac.ctnsnet.com/int/cm?exc=1&acc=crimtan_au&google_gid=CAESELhBwlbKPmnku89G5sk8evg&google_cver=1&google_push=AXcoOmQJNMZTUM4SqwNme4cIugSPs9ZbY3IfQrRWO84WWl-G49z3e71VU2SrR1G7Az1_5WmWUaArM6o...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQJNMZTUM4SqwNme4cIugSPs9ZbY3IfQrRWO84WWl-G49z3e71VU2SrR1G7Az1_5WmWUaArM6okUX6G17G2H6IwuvkpF2DafYs&google_hm=hdYa6iWGRlS9RF...

170 B
188 B

29ms
29ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQJNMZTUM4SqwNme4cIugSPs9ZbY3IfQrRWO84WWl-G49z3e71VU2SrR1G7Az1_5WmWUaArM6okUX6G17G2H6IwuvkpF2DafYs&google_hm=hdYa6iWGRlS9RFqZoKplUh0

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQJNMZTUM4SqwNme4cIugSPs9ZbY3IfQrRWO84WWl-G49z3e71VU2SrR1G7Az1_5WmWUaArM6okUX6G17G2H6IwuvkpF2DafYs&google_hm=hdYa6iWGRlS9RFqZoKplUh0
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 2E92 0
120 B 30ms
26ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEO1S0yoIFY2oioQSaCrkojM&google_cver=1&google_push=AXcoOmSIAUN3ACbDGM3z0PYwTSPdGjBzSU_UxORnUiaf8m8xXnMl9N4gv-NlZwwD-IMsgvzCq-5lB7-zewlFQlDdnsL8-p9n75jVnrY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sync
x.bidswitch.net/ Frame 2E92 43 B
146 B 26ms
21ms Image
image/gif 18.196.85.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMVf5P_MgDpqd-8vYUzSf_A&google_cver=1&google_push=AXcoOmQqz81Va2ZWyxOGekY7OqLE610qDKSYYdVh8iWalWvA-W2vbzZjAJJTbzr_AGKq951bGLGEY-9Jqgg8jnOFNQl0DWeaTrE9Dw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.85.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-85-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E92
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEG8ADGdgtxxDbbeWGxBB0ZA&google_cver=1&google_push=AXcoOmTMGH1gIhhi2stA44jMhoQzhiFiGuYsB_ofjH77qo17vZ1B0yV1WdkS-1mKcwaPHnvIaQIo4Qzp4LxBjf7EQXVMyek...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTMGH1gIhhi2stA44jMhoQzhiFiGuYsB_ofjH77qo17vZ1B0yV1WdkS-1mKcwaPHnvIaQIo4Qzp4LxBjf7EQXVMyekAMHieRw&google_hm=eS01N3lwcXBkRTJwRmRz...

170 B
188 B

30ms
29ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTMGH1gIhhi2stA44jMhoQzhiFiGuYsB_ofjH77qo17vZ1B0yV1WdkS-1mKcwaPHnvIaQIo4Qzp4LxBjf7EQXVMyekAMHieRw&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTMGH1gIhhi2stA44jMhoQzhiFiGuYsB_ofjH77qo17vZ1B0yV1WdkS-1mKcwaPHnvIaQIo4Qzp4LxBjf7EQXVMyekAMHieRw&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 2E92 43 B
362 B 29ms
24ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQGEgqVH9dmHIeYrz6iFyG55xnE5Pcc2RudbGGuUAoB7PLp82F9VDxjcLjvlPZZKkHSU6DpsYbiBBi1Ja9J7_zSTaDDQ60vCuI&google_gid=CAESEEs_xBIztSfLEXs3Ik76IHI&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 189606
expires: Wed, 08 Nov 2023 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2E92 0
12 B 29ms
27ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13If_KTWcYQL-gqor2nR9Kb7PQ3mYm1kMIMcKv9EJiF2FQA7i1N-gJBl3kM3uy7KEmM79sI5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 644E 0
0 70ms
67ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CQNynPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwGqBKcCT9Dyu3uo1F8LekuyJp6Podfjk6RcZQB20spn3niasQlIWT1S_c-U7mRs7LBuySuMmb_Ej8LWiJv-xFv_nShiYqn5t1B4S1BsMoUBHvfLmKir1bMs2EXaSUqjnYzcQHf_tMQmYJilabASJuBfLMtNIHV6XUDUBiE40Ko_dzPQRSJKGoOsn1q2bFOlXF4vOwGRIo_lvH1edN7sxhCoAqeCGTrOa6udjDhppJC7BKkokj_KgJQg1BOOf-LGhibK13Sf17sMvSJGYVc3N48Jl6bcJM03TpSYXPeg2GT8trUWq4H2AsE_t58q3n5QNUyqwQfUoIQPp1LSf3l-I4kLIV_NoWS9BTUu3LST7wokCBff6L0PzpxSrVLDdsITDbkZvXHGshlvraUIEcAE7fHf67ME4AQDiAX4zOSzTJIFBggDEAEYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGToAHioPffKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcLEI3GhwIY1oKp_AHSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsBogwMKgoKCOS0sQLutbECsBPk5LUVyBPGzYLhA9ATANgTDYgUCtgUAdAVAYAXAbIXHAoaCAASFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGAA&sigh=rPtNOzlTBuQ&uach_m=[UACH]&ase=2&nis=4&cid=CAQSPADICaaN8gwOZYwwvTMUS02ekLkQ6xVjNxLFS-FEDQooWm-bnBCLubbvsj75B9UTYjeZRMjdY-1k553d0RgB&vt=10&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 93FD
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1474271/76103299/xbbe/creative/adj?p=APEucNWXGRCsI5qLZ9x1t9Q0wdOybhwwla5aY2SkcSu9uJeH22qP_aU&d=CokBAKAmf-CqRtXVrKh1eudcF6ZJoVwA7qlvrRQBJERhJu-fckQCUfbyD8fH6SV...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

31ms
25ms

Script
application/javascript

2600:9000:20ab:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Server: 2600:9000:20ab:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 01:45:55 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 af1da25c2dddf71cac076999aa9861e6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 10505580
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: 1gsModKL8PCK8vl1zkk5HHAPALQl7B2VPes1pEXiBd4_Z5dV7bCZEA==

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame B8B2 91 KB
23 KB 113ms
30ms Script
application/javascript 2600:9000:20ab:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 af1da25c2dddf71cac076999aa9861e6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 6249106
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: -QydYJ5Hl6xCIhz-XcKct380Uyb_tAzASLSY9TlFwm51d0-t24GDSw==

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 644E 64 KB
24 KB 34ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15d8ec3a740c090019f8ae5c259e0c10e59d0994624479865d9c4a039bfc3fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 578
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24367
x-xss-protection: 0
server: cafe
etag: 16117715234502620623
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 08 Nov 2023 16:49:16 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
217 B 553ms
173ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBYsd,pingTime:-3,time:50,type:v,im:%7BpBlk:43%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:50,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B43~0%5D,as:%5B43~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c1%7C1d,idMap:1b*,rmeas:1,rend:0,renddet:IMG.us,siq:21%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
216 B 557ms
177ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBYsg,pingTime:-6,time:53,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:53,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B46~0%5D,as:%5B46~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c1%7C1d,idMap:1b*,rmeas:1,rend:0,renddet:IMG.us,siq:21%7D&tpiLookup=ao:cybernews.com*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 204 csi
csi.gstatic.com/ Frame 4446 0
55 B 136ms
128ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lopy38iv&c=2872762141030&slotId=1436381070515&qqid=CMLXxM_itIIDFfNNDwIdQZEGJA&fb=outstream-lima&vmfc=11&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 4446 41 KB
15 KB 26ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Nov 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 4446
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

115ms
21ms

Fetch
video/mp4

2a00:1450:4001:f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/840758AAED591FBEA6378BCA6305C64B20160B17.70C64AC15B8BF151A0C2836FD329A4791D313ADA/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

HTTP/1.1

Server

2a00:1450:4001:f::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:54 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1513496
Last-Modified: Fri, 12 Aug 2022 10:34:35 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 08 Nov 2023 15:58:54 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 652
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/840758AAED591FBEA6378BCA6305C64B20160B17.70C64AC15B8BF151A0C2836FD329A4791D313ADA/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 4446 453 B
478 B 19ms
18ms Image
image/png 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-5928161074779380

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:56:01 GMT
x-content-type-options: nosniff
age: 173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Nov 2023 16:46:01 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
216 B 512ms
176ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBYt0,pingTime:-2,time:99,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:782,beZ:783,mfA:786,cmA:787,inA:787,inZ:791,prA:791,prZ:797,si:803,poA:804,bl:825,poZ:826,cmZ:826,mfZ:826,loA:834,loZ:837,ltA:881,ltZ:881%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:99,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B92~0%5D,as:%5B92~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c1%7C1d,idMap:1b*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:21,sinceFw:76,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 csi
csi.gstatic.com/ Frame E136 0
17 B 148ms
148ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lopy38hu&c=1875502023121&slotId=937751011560.5&qqid=CJenzM_itIIDFcVNDwIdyhoK7Q&fb=outstream-lima&vmfc=11&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame E136 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Nov 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

https://gcdn.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

97ms
19ms

Fetch
video/mp4

2a00:1450:4001:f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E4724585F4DF9CB052D6B83A263AB345EB3B4C4.0CB5AD21EF2074F10B07BBA7B2B405401E496627/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

HTTP/1.1

Server

2a00:1450:4001:f::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:54 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1513496
Last-Modified: Fri, 12 Aug 2022 10:34:35 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 08 Nov 2023 15:58:54 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 652
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E4724585F4DF9CB052D6B83A263AB345EB3B4C4.0CB5AD21EF2074F10B07BBA7B2B405401E496627/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D767 41 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-TgEBjtCZYuSwAxWKxUmv7RRiJYpdYKoDzY4Zc98yoZbhU-0-O9ftLXVhicpsaFZFCm6UUoTqLza_ozx75pjfXocvkqFXU6adA8I3KE_lraiboxX3J0wtuyZDYWWyOIZv0EYCRizwXlH2izZT5MzkdMJrte-_cHv3sEqAiH9D_LUaG5Q&cry=1&dbm_d=AKAmf-BjGuRr_dILRo7AF8bLZlfOF4OQXZLAL7tYpP1wF2yltb9zGJlfFcKf_QbrLvECudIn8ubXEj0Rb6MCPLexe40Re7rhKUtnfpewUJFMRjCS7sO17VJ-C7wh9Q3iLbzkBD7GunKNqvysHP-KO3JOt8xU7UGHEZ5rRiS33f3naQu3cD-5zH539dWMKHrUFdARqLhc1SGyl5soh0R9xV-4276axIz9QvaSLMyjzaDeZuJu0mlulPKWlqoJp9I1x3jKLH10VrdxoC5x1gG7501QBpI6bf04Ir7uphi0xqd79D6FvGXUlqod-Qt6ie3Hjtwx4zLkzj78jNAd5xJYrfzlFNc2pXXJmf70tEtpkzmBHz76lr3nbVW0CLLf7R1hvc1Lvk6gySdu8PETpgX2j7sq0zoa5AmU3RpvJGzPb4akV6fTH8zJ6FudBMOq5W-i6cVlVRamvozIsI3IREYTAWb5MVyLGFOIfDEa2nEieFR-fLTQq359TiqKuNF06xBVwVPMWETdNdumTllsoCwM-pGlnhjZ79qLyBOYLk8FAlththQiWtTxklF1wnRbPF5yPsvFGKWTu4xS36SeDOtwAMA-ISwJXRjMcxuoYolV3BKZoMwaalOMDOW72AWqZRkJlw9l1G-rG36OIKeI3jFAUPbc2NboIxS3E0D06RnVBxQT8997R3cUr_GnH8k9o6DrgP1fuTbJo2KHTA4QnU1nCbA6SAEDkwmjblQMQG_kvswWmd8g7_wxS00aaG-fFAdN5IdAxXviNO33ZnCO8nksQf7xNVCi8SK0lpy0xlCsCQL9rJxGy9mChb2Y4HxKvY0CodYTqqfspBuiMBifuRnkxjvLNJi7Bt5JkRSHWGosXDo3BHEC1fkOvkSwo0SZQ1nyglm9l1-ag7uAUN_LJ0ZAR4sJjDOdQMTqVVWxTz4mX0HG8D2yhLYIMEBcmifr_hgbexRT71EWqNvdQat4XCGnbtwdzltQ6kJwDMlKwIps3SKf0DUqcZTZAgs4VVMG_cfj3vZlfQQeXFLYnNIkvPiw4RKM99DwL6rVLpPPV9LJvbHKDV-jtAn-Qs9KKG766eN58qsKvBNJV6j9DiQUxupFXOzeHV_db2xPP4rXGH_Bz8WL5xTQu4vckiF4E4TYlImjDUXuV69-pVRVp_HZH2qjzQ6cy1D2ymoE8ixBLETJ3o4hzc443aipIN2qqzmFaNwnjp6e8-E2afvHnZfBLjllgq9oZLVWLaVucEb3Ui-nk9GefqV76u79q3AAdukxIcLPGXeuLauL2R48AuPcdJqh0OVofyl_cYYOjSaDPYnVbUEMLlzLHYzSaLHso57m9rHM5b30Fi8ZBFsykuv6yvvNTQXSU8KGcc8B70F81sMN1-Odf0vfui6wADy7PwVoC_94XfS_3yUfbm9M0X15AHleNG2CaT-uQ7YXHmWaiUDz14RLnkELLBJ6aPT0fiIP963wHukv9O-vQ1rhliALdt155fOhbZlA0cFBfTXnu8QSfHbhrgNWJup-QSc6PZgci20w0w18CWpgURdjFz3dwwCx3XMzt6IsHKBSWzh9CoHkuV85-nHhLd8heXx_ssSM9wtTOIlck36Pp96SMm3RoSlj-e99By73UKc0diGPAPtEAR6bEncH-IGwJyVjWk8RkzGrywI80tRSm4Zu2ReQJ3rlOg2KLCiCpy3MCxZxerD4RmOSLRQ23eGHzTMN2Hd8oldG7ONMWpZBWanIvOysvsqji0gRitHc2-QBb6MpoetW1LYyVr6ueFRVdEbwNzgVoZs4xFliG0kQ-Rab1WK3F9MFjMu8SmZwUk95Mk4BkXzEPpccarbcLgmBr0ZiCkXy0N51PaJPDPujhqIg6-BA92S_-AagmdTNYQe_FaDLD5voW-vqQHDSO3_zCZD8f2eY7sj0cViyxcgTTcrPBUgM3JzfBgsr4UObO83xdcboG-MU-WMvs3iXREKO-dlb-T8MSfxbozpw7V0lLWAtp_KYP8o6K-R0lZ7GFuBT19fnnYSVSxqUjzgTv-7F3HJz51csZz_DbHKF8HoMBl8Npl9KMPWV5qVBfhUPI4VSy9iKPcEfF8Vyp4GGWwtykKNt3W8c2lLCkcHkVNWdT2-0b8QKqJQQK9wxkFJm6EVIzuhHdVleHua1_jjDh0RpbPsKUDqW1L1XCOLzacYWPVz11be-T28NDg1F0aPQgurdMpv2gMAsMeHmnyCTRYOJ4x71OjYWny8VpfAA61Sr-Q971Iv0f1BkLkPV4nzWXg1o7E_fCv-LHWc4KzefK8uywlwnLGi_rUz0c3prkiaen9a9FNv7TlEJQ39lBGhBLIfVCjgjPJ6f_Pzg3YAdSSLGDLBFwGNryg7CUmK5FhGhRS0rLRhd6cCpZDzmD_7CxYxziVH_icgzoqQn2hiT6QtC8Sm7E3O5ra6BNweGG_5jkbCfTOi5gf99z42lM1FRPMssPe1ZkNGRZWqc2vL3uBfh3ezWzgB5sBWpMl8ss37fzmzWeiG8c9MJxH5OsbOEs-XDwRBx6JCHlWLDxQQ-KsZMIHUQiatumeag3nBc2-kdDo8Ox6HkaH43Pv23NQhQ9atwhaT-fSEts__4paZ0t-ECVxAlIAyymiXZU3eB-7iDo3i7pugufOeqGJ7z09Vg3oCaSjpWqwEOklFr8g7PolD0YFIy1z5ZRAt01MxkNTSIDBgWd2s8suP-_jTDl_qZefGRjr0EEvT74Y3Lk_CjGR5ElM-kAV0crQvdNREQF3evClhOeCxVnuMC9R1HzTuvvwrefQvd9DHeWaEApQ41tvLWOxx4K3f9KqKtT1TQxI9o7XdIlu92l7ZDueF4KbNJ3hR5FEJ2FLs0jiKqEthQqeX9DjtAm4FCXtJNpmtto5vViA7WY0gkZreEuwQzQj_RrSqfoUvbha9UKCl5Fn0Jg1i9uhwu4wx7VRMLtjovXaWi0291qctfjcE6MWLnurS9S2bdlF0qGR-Vo_bpvtQkFAw23GSN18Wyjt-Hz6cIpABFp8nqPIbC0MfrINCLdwu9mmGp6T89vPZwtJe-P_fkO8ibTkhkUaKfB3X3xdJCFAIt4ws_ungoc7dOS55XdFsjwANdXpZS-6cdJ4fQWgsaQfLBpQti3RSgogvIrTv2Q3e-NL-vDu9hidhzjV9FAonhbi3x9w8EHySZShR4pxZg7F8-98Y&cid=CAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=18273098108107035000&adk=3767104538&idt=252&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 207152
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 06:26:22 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/ 0
239 B 22ms
21ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/sync.php?p=prebid
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: e8e3ec71b160ae7345e4e302cc752a77
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 4BEC 38 KB
13 KB 21ms
19ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 207152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 06:26:22 GMT
expires: Tue, 05 Nov 2024 06:26:22 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 2FC6 23 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 66239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 21:34:55 GMT
expires: Wed, 06 Nov 2024 21:34:55 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame D767
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1474271/76103297/xbbe/creative/adj?p=APEucNWeGIYUrziJdMiOe2DejPKfxOYFRkfknzdL8iWDZcUCCrzjlRk&d=CokBAKAmf-BtBWF5665hsQLyixw6r0pTR1H3DMeRPQG8PpZHMAvNVE9EMdtMj0E...
https://static.adsafeprotected.com/skeleton.js

17 B
464 B

25ms
25ms

Script
application/javascript

2600:9000:20ab:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Server: 2600:9000:20ab:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 01:45:55 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 af1da25c2dddf71cac076999aa9861e6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 10505580
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: sCHARHkIR78iLG8O-4uyfzgMogwYJQzcdSziGRxrdk2cYizFlMYU7w==

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame E18C 91 KB
23 KB 35ms
32ms Script
application/javascript 2600:9000:20ab:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 af1da25c2dddf71cac076999aa9861e6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 6249106
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: cCVt_mBCGKnYEYzntY4fPvP86GBxw9Pf6425IKtifdCyEQdwu1rLVQ==

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 130ms
130ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lopy38o1&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&vmfc=11&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 644E 41 KB
15 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Nov 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

https://gcdn.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

56ms
19ms

Fetch
video/mp4

2a00:1450:4001:f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2A40AF04D5B2F5695A5F78829E50FC8F56B700C9.3272C80B8ED5CC66C8A0986343345FAE9E8A3E9B/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

HTTP/1.1

Server

2a00:1450:4001:f::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:55 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1513496
Last-Modified: Fri, 12 Aug 2022 10:34:35 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 08 Nov 2023 15:58:55 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 652
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2A40AF04D5B2F5695A5F78829E50FC8F56B700C9.3272C80B8ED5CC66C8A0986343345FAE9E8A3E9B/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 132ms
131ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lopy38uv&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&msm=1&aits=18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.1do~videopreviewvisible.1dx&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D767 43 B
216 B 380ms
177ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=8de24a84-3cf5-0876-587f-16ff5a2f05ff&tv=%7Bc:toBYv7,pingTime:-3,time:92,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:33%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:92,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B82~0%5D,as:%5B82~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tV2dkWx+11%7C12%7C13%7C141%7C151%7C152%7C161%7C162%7C17%7C18%7C191%7C192%7C193%7C194%7C1a11%7C1a12%7C1b1%7C1b2%7C1b3%7C1c*.1474271-76103297%7C1c1%7C1d,idMap:1c*,rmeas:1,rend:0,renddet:IMG.us,siq:34%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D767 43 B
216 B 373ms
178ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=8de24a84-3cf5-0876-587f-16ff5a2f05ff&tv=%7Bc:toBYv8,pingTime:-6,time:93,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:93,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B83~0%5D,as:%5B83~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tV2dkWx+11%7C12%7C13%7C141%7C151%7C152%7C161%7C162%7C17%7C18%7C191%7C192%7C193%7C194%7C1a11%7C1a12%7C1b1%7C1b2%7C1b3%7C1c*.1474271-76103297%7C1c1%7C1d,idMap:1c*,rmeas:1,rend:0,renddet:IMG.us,siq:34%7D&tpiLookup=ao:cybernews.com*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 644E 0
20 B 58ms
56ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=urind

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame A6EA 23 KB
8 KB 19ms
19ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 66239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 21:34:55 GMT
expires: Wed, 06 Nov 2024 21:34:55 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D767 43 B
216 B 521ms
345ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=8de24a84-3cf5-0876-587f-16ff5a2f05ff&tv=%7Bc:toBYvA,pingTime:-2,time:121,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:915,beZ:917,mfA:920,cmA:923,inA:923,inZ:927,prA:928,prZ:943,si:949,poA:950,poZ:975,cmZ:975,mfZ:975,loA:1008,loZ:1010,ltA:1036,ltZ:1036%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:33%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:121,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:33,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B112~0%5D,as:%5B112~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C152%7C161%7C162%7C17%7C18%7C191%7C192%7C193%7C194%7C1a11%7C1a12%7C1b.1474271-76103299%7C1b1%7C1b2%7C1b3%7C1c*.1474271-76103297%7C1c1%7C1d,idMap:1c*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:34,sinceFw:86,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 131ms
130ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lopy38vz&e=21068133&ctx=2&gqid=PbBLZbugBu_G1fAPsqSo2Aw&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&met.4=fb.103~lb.14o~cmrload.17s~ol.17t~bdt.-ij~bpp.-cw~idt.-6~dtd.-1~dt.-cx&met.3=492.14d_1~113.1es_5~112.1er_6&met.1=1.lopy37h8~6.0~7.1~8.1~9.1~10.1~11.1~12.1~13.v3~14.vx~15.y4~16.162~17.162~18.162~19.17s~20.17s~21.17t~22.10t~23.10t&met.7=CAUQCBgBMP0IOKkMaAFw3wh4xvEBgAGa7wGIAd7sBbABAbgBAw~CAkQChgBINMJKNMJMPYJOCNo3wlw8wl48kqAAcZIiAHYugGwAQG4AQM~CBIQBxgBINMJKNMJMJ0KOEpo3wlwlwp4_geAAdIFiAGsQqoBGAoWUm9ib3RvOjcwMCw1MDAsNDAwLDMwMLABAbgBAw~CDoQBxgBINMJKNMJMPcJOCRo3wlw9Al4lBmAAegWiAHIeLABAbgBAw~CDoQChgBINMJKNMJMKAKOE1o3wlw9gl4ypYIgAGelAiIAau-F7ABAbgBAw~CBwQChgBINMJKNMJMPgJOCRo4Alw8wl4i0WAAd9CiAHwoQGwAQG4AQM~CBsQBhgBINQJKNQJMPwJOCg~CBsQARgBIJQLKJQLMJ0MOIkB~CBwQBhgBIJkLKJkLMNkLOEFonQtw2Qt4rAKwAQG4AQM~CBsQARgBIJkLKJkLMKEMOIcB~CCgQDRgBIJoLKJoLMO8LOFVonQtw5wt4-IoBgAHMiAGIAfjNAbABAbgBAw~CBwQBRgBILULKLULMPgLOENo3wtw9Qt4lgeAAeoEiAGWCbABAbgBAw~CBsQARgBIIUMKIUMMI0NOIcB~CBsQDSCGDDikAQ~CCEQBBgBIKkMKKkMMPAMOEdorAxw7wx4rAKwAQG4AQM~CCgQChgBIN0MKN0MMIMNOCZo6gxw_wx428ABgAGvvgGIAYj_A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 068E 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BZO3VPbBLZYjFM-uRjuwPobKS2AQAAAAAOAHgBAI&bg=!S0ilSAfNAAb4oU7C2KE7ADQBe5WfOPvYQpa1nxpaEx7S6BtZAcEhVEAnd8J52XXek6hrxGJay_BMRMrVH-pEBoE8KSPJAgAAAV5SAAAABmgBB5kDAGqd5jeLBCSMAobDboZOT6-22VhdFGaXjQiXYCX5sZxiQvuARXtjW1ZSgYYPu1djEdqLQx-6D3htIeC1TOmh58fYtnUwS15uH6pr2xNAhH038rHa6gswjZF72DX5zwyYUrMr-mS7UpmQHrEepvs8dY9P_qpMFh47KwpEriTnWDZmcCC-qEE4DShhfnin8oEbbvVQ9fUSQwaARGDEh2HOkTKForPICnR73sipZQ5e38J833CTUv81EMNSd4rWYwhS0twLTJO7mo1MIcoqbT2DyBWKZgUm5qBmMTjm26hybdFObcFqzrYI5Eitc5SeVos2ftKvtKYQ3RHpQUvHhfhPJVCxdHoXVzsMhiZ6oDLargDG809cK1gydTDKigWsO7MoDdsZZ_SI6KNqSBX-aJBv8gr7YWyOPYU5BuQCaNT7FcmTnKuWVUOGJCS61RWJMnlFa5gEAMDU03YgCrx8ce1Ml0UyqxBlG4RwlfSVVYqbLp-ffEGlrUdyc1r7bOBPzVYn7fab_xoSKRPUTho_8KVGO2isjgBP0HIvfeNcHBxb_BMp0GXkNb18LsNwG7S57KgDQ8ZCdGDxKsVHHMv5-OBINCUxcFvGPgkvy3VsdycUbEmcymG23u_mrEsBIAEzvK5QlqTb8wIEJQY6Aos3KNNxpAXblu0T4FNSkocu0kl0D2mzWd3EeK5Jl9wGkkXuZxEKpsQ6LxufZFCyrBxU8wg0BdgwLQiWt7NmDEYITU9Oe2vXCl8fL4qXXwAW7RVpPmM0N6t3dMmBMD3enrBeu96VRsdGtz49BpC-kWIy1ROL9lbEP59Bfm0sR2UyY_RHe5l4keWnbbh8aKUiA-OqgldgpID5GduhxJI7cLGrzVZ7ZxMgVkQCpZ9UwK2BEwzNPe3fB226ou1UUUNzF8Xojg_lE6hg8HaMklvase8uCEEPdHP3wt9RZBNPzcL_FLsF48yO_34ixN9bes9Yotn_1SfShjYbv4LepJafzLyxa_OyqlITBp2sLX6m0KX6wRRQJCetDw

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 5067 23 KB
8 KB 21ms
19ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 66239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 21:34:55 GMT
expires: Wed, 06 Nov 2024 21:34:55 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C9F4 38 KB
13 KB 22ms
20ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 207152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 06:26:22 GMT
expires: Tue, 05 Nov 2024 06:26:22 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5975 1 KB
643 B 21ms
19ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 4BEC 38 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2FC6 38 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 66EB 23 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 66239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 21:34:55 GMT
expires: Wed, 06 Nov 2024 21:34:55 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E337 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 06:27:05 GMT
etag: 48472445140208031
expires: Thu, 09 Nov 2023 06:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 i.match
a.tribalfusion.com/ Frame 5975 43 B
433 B 193ms
185ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEGkI6REnWIjoPeGkjj9W-WY&google_cver=1&google_push=AXcoOmTj16gPA6o3rEPHPw7gsViKRPVq4ADrqQgSXAtfgH-g2hN2a0XTeXO3PDTi4QCJAcpQ6IndqQk3BKO2yC_nrzv7xG0b8doAyU8R&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTj16gPA6o3rEPHPw7gsViKRPVq4ADrqQgSXAtfgH-g2hN2a0XTeXO3PDTi4QCJAcpQ6IndqQk3BKO2yC_nrzv7xG0b8doAyU8R%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 822f052a1841bbfd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5975
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEH5P7qqhl95Lv_VS1wMdMFw&google_cver=1&google_push=AXcoOmTL9_CGEdLfG0zrjPRpB8T8Ih1DbfedpEN1YJaJJj4m_CAVwBxzP3QdCOgF8iDphsiW90RCmWIXH2LlWAUJMgGy46tMWyqqdFWU
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmTL9_CGEdLfG0zrjPRpB8T8Ih1DbfedpEN1YJaJJj4m_CAVwBxzP3QdCOgF8iDphsiW90RCmWIXH2LlWAU...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmTL9_CGEdLfG0zrjPRpB8T8Ih1DbfedpEN1YJaJJj4m_CAVwBxzP3QdCOgF8iDphsiW90RCmWIXH2LlWAUJMgGy46tMWyqqdFWU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmTL9_CGEdLfG0zrjPRpB8T8Ih1DbfedpEN1YJaJJj4m_CAVwBxzP3QdCOgF8iDphsiW90RCmWIXH2LlWAUJMgGy46tMWyqqdFWU
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 07 Nov 2023 15:58:55 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 5975 70 B
149 B 54ms
47ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJ9TVn-LlVCgjJMzNc-2SIc&google_cver=1&google_push=AXcoOmRNR8oXHX6xV4Ef8yK0trG7yx1RIwxaezcDDTMJ8fZ3xtbwKXiYfMPg7hIy6kmgJLXR5WWJK0xmtJoUa3Vhj-pwwQhjUVaRqA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5975
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG9Lq1syn_kdGTNyFGByYsc&google_cver=1&google_push=AXcoOmQJGqcHlWUCTTXG0eJhwOxmq1OhG7o7CvEE6X6p3T-uCNwTc2FfpXP5a0r2MEwMISMiCdjeg9if...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQJGqcHlWUCTTXG0eJhwOxmq1OhG7o7CvEE6X6p3T-uCNwTc2FfpXP5a0r2MEwMISMiCdjeg9...

170 B
188 B

44ms
44ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQJGqcHlWUCTTXG0eJhwOxmq1OhG7o7CvEE6X6p3T-uCNwTc2FfpXP5a0r2MEwMISMiCdjeg9ifS2Jp5evZP_pTfGt_5QHkcXI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmQJGqcHlWUCTTXG0eJhwOxmq1OhG7o7CvEE6X6p3T-uCNwTc2FfpXP5a0r2MEwMISMiCdjeg9ifS2Jp5evZP_pTfGt_5QHkcXI
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 trk
ag.innovid.com/ Frame 5975 43 B
298 B 365ms
60ms Image
image/gif 2a05:d01c:1d8:8102:1b0a:7836:e547:a6f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEJnbKVMNNVGqdy-o78q9f7I&google_cver=1&google_push=AXcoOmQ0sSH4_t2sTNrCMUBg079lcyRL5HCgRd86BEvUxRQmdgJpbxi9ZlJubqCC3YUBGI5RMypZ0_bdrOYH7SWJp3E3VpeTtrYuihzq
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:1b0a:7836:e547:a6f9 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5975
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJbzWd0SjHjjyExnIoicXew&google_cver=1&google_push=AXcoOmSVU54IhIF17dsx682VaCuUBnB0V1jcMSC-7_nG7eZrzqYwRqay3V3XgQuTdHgJ4gIO_AW1JbHnx3MM...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSVU54IhIF17dsx682VaCuUBnB0V1jcMSC-7_nG7eZrzqYwRqay3V3XgQuTdHgJ4gIO_AW1JbHnx3MMzXz01J2AdJiH4U2IYbTL

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSVU54IhIF17dsx682VaCuUBnB0V1jcMSC-7_nG7eZrzqYwRqay3V3XgQuTdHgJ4gIO_AW1JbHnx3MMzXz01J2AdJiH4U2IYbTL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSVU54IhIF17dsx682VaCuUBnB0V1jcMSC-7_nG7eZrzqYwRqay3V3XgQuTdHgJ4gIO_AW1JbHnx3MMzXz01J2AdJiH4U2IYbTL
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame 5975
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIJVwVShb7bg...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmTOejLsz41aflRCWkEKraR05AZBwZ4FxsjXjPpnjRvV1N-ut02d5ciJEdT46f4FkfjRSAqK6RLkTci-994FE_Lp1a_UpW32N9zfsQ
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
165 B

51ms
51ms

Image
image/gif

23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Wed, 08 Nov 2023 15:58:55 GMT
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5975 0
12 B 28ms
26ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ImXfylPf4Mst4XhIEidBPN10Bch4Y0MBGYuMNSjkalGqyBx8-8xoY_jxlJEYO1gkyrxo-Z0A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 206 file.mp4
r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame E136 1 MB
1 MB 43ms
20ms Media
video/mp4 2a00:1450:4001:f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E4724585F4DF9CB052D6B83A263AB345EB3B4C4.0CB5AD21EF2074F10B07BBA7B2B405401E496627/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:f::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

11d8979e574565926525a6b71ef868c163eb760c566324365a11b3e72c8c2b23

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Range: bytes=0-

Response headers

expires: Wed, 08 Nov 2023 15:58:55 GMT
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1513495/1513496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1513496
last-modified: Fri, 12 Aug 2022 10:34:35 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 206 file.mp4
r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 4446 1 MB
1 MB 42ms
19ms Media
video/mp4 2a00:1450:4001:f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:f::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

11d8979e574565926525a6b71ef868c163eb760c566324365a11b3e72c8c2b23

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Range: bytes=0-

Response headers

expires: Wed, 08 Nov 2023 15:58:55 GMT
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1513495/1513496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1513496
last-modified: Fri, 12 Aug 2022 10:34:35 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 206 file.mp4
r1---sn-4g5ednsy.c.2mdn.net/videoplayback/id/07d835a0a2fbaefc/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1730995134/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 2098 1 MB
0 46ms
22ms Media
video/mp4 2a00:1450:4001::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Range: bytes=0-

Response headers

expires: Wed, 08 Nov 2023 15:58:55 GMT
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-4188248/4188249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4188249
last-modified: Wed, 08 Nov 2023 09:11:46 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame A6EA 38 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 5067 38 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame C9F4 38 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H3 206 file.mp4
r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 644E 1 MB
1 MB 42ms
42ms Media
video/mp4 2a00:1450:4001:f::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5edn6y.c.2mdn.net/videoplayback/id/851adfda52cce245/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3804748512/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2A40AF04D5B2F5695A5F78829E50FC8F56B700C9.3272C80B8ED5CC66C8A0986343345FAE9E8A3E9B/key/cms1/cms_redirect/yes/mh/06/mip/2001:1b60:2:240:3247::6/mm/42/mn/sn-4g5edn6y/ms/onc/mt/1699457892/mv/u/mvi/1/pl/36/file/file.mp4

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:f::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

11d8979e574565926525a6b71ef868c163eb760c566324365a11b3e72c8c2b23

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Range: bytes=0-

Response headers

expires: Wed, 08 Nov 2023 15:58:55 GMT
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1513495/1513496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1513496
last-modified: Fri, 12 Aug 2022 10:34:35 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 139ms
134ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~lopy38v5&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fv2%252F1135760%252F76105514%253Fmon%253D76105515%2526omidPartner%253DGoogle2%2526apiframeworks%253D7%2526bundleId%253D%2526ias_xsid%253D%255BTIMESTAMP%255D%2526ias_dspID%253D3%2526ias_campId%253D1008772806%2526ias_pubId%253Dpub-5928161074779380%2526ias_chanId%253D1%2526ias_placementId%253D20509697656%2526bidurl%253Dhttps%253A%252F%252Fcybernews.com%252Fsecurity%252Fhello-alfred-data-leak%252F%2526ias_dealId%253D%2526xsId%253DABAjH0jHKSgm4m9ZBTAwesRLlbiJ%2526ias_xappb%253D%2526adsafe_par%2526ias_impId%253Dv4~~ABAjH0jHKSgm4m9ZBTAwesRLlbiJ%2526originalVast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN7442.1972103DOUBLECLICKBIDMANAG%252FB30857687.379597277%25253Bsz%25253D0x0%25253BAUCTIONID%25253DABAjH0jHKSgm4m9ZBTAwesRLlbiJ%25253BEXCHANGEID%25253D1%25253BSELLERID%25253D312551221673%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttps%253A%252F%252Fcybernews.com%252Fsecurity%252Fhello-alfred-data-leak%252F%25253Bnel%25253D0%25253Fves%25253DdGltZXN0YW1wOiAxNjk5NDU5MTM0NTU1CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc04xemk4eHpaZnU0VjJ4YVVCR2oxcjFTNVdIdThZWnlhVmlPUWZoQUM5NXN5U0MtY0dQem5CWVB1MDNhOWs4VWRweHhCT0xZMkNrMDM3OHIzeHdKQWFUOVNRLVFXcTBQTXdwaWdZczg5X1hTY1Z5M2NWSTIyUHctZVpKQjRIV3hQemp6c1A2YUtIWVBhc0pSVHVTaXNDbjRxTFdlMGtCN3d3U0Z2d3JnWlh1aWhqWTNXZHVjZ3RaSTUtUDdTc3ZtOF9TUGpQN0xjMGNhNDBDU0tzQWVSc0pjZEJ0ZGRhZlRjQjVpOUFrcExPd0ZoN3JTZFN4ZU04anNKdjlmWmVlZGJFZlZZR0wyOGxFUUhvSUF1VVY1TXQ4OG9fVDZOWXdCSVBITG90WENBeE9Jdm1HSjB0cElBQlM1NGpiZkhTWk1qam5mbWVOTHhZLVZENHB5ODI3Z3FmQ01SSWdrTm1YN2ZZSHZjWjhZT21kVDJORU1tbkhkSHg1MTJCRWFvc0J2TTFWN1Fhdm1ybDdYZkJSUlFSMEZTUGhzYlEyakZ5TmdlOFpYejg0a3lRM3ZFNVZudFB2bUVqamxud2V5bnYyWDdDVVRoeHFrU2tJcEFFQjlkTWlQa2ZWQkVtblJ2RWhEc1NmR3BZejBocDdIZFAyWlAzNDF2TEU1bGpDT0ZsLXRfcXlQN01mTUJkNHFBbjd6RndXYWdIOVJXc3M4V3ZRcHJvR215VnVWaE5zY0ItRXJybUIwTVRMMW1xYWRJSjFzUl9IQW5jc0ZfMHZZR1ZpZl9ReE1TQ3VWVGhyTFVQSFR2RXN0Y1dwMFlGT2tEWGVJMjEydnMtX0tRRXJZTVNZTF9zZE9yalAtSzkzeUtGdFAwRjFQZVBROG1aYld3QXFHbEVEOGdOZUduRDUyRzlWRm5pTEFjeDM1MVdCd3FHOEZicGVMa2p5bkk0YjRoYzh6TmFyZEo0WnhnMVVfdHpBTXdDTEx1OXBJVnBBMVluOG9wVWhEclI1bDB6LWp5Wm1TYk9IVmtrOGZrTzY3NkxfXzVoYmV2WE1ib2NyUE5DNjFrNy01RVNSbzd3YVpwZGU5Z3pXRm1TWlVwUFB2OEl4cHVPZDU4NWFoNXc5VlRudVk2MlZUY0VxWFhVNXI0bEFnZkluRkpObTJGbGgtQWI0M1FOZHhESTB5X1JEZ01nLVd6b29wdlFQZlRnTG9xajVfNVR6WFo1Y3hlajRBajkwTklXa2hxTmZrdUhYRXlmcGlfZU02ckE5WmdXWmFjVWNpRktSa19WQWF0QnlBMXlsbkI3Qy01SmVnUkp3Sl9vRjNCR1FzdkhHRDRZTUVhWXl1clpSS2hxTXFaTVk4TDdMaFBYV3VJOEdXanpZQXJMenpjZ19HUnVjTVY0Mk84Z0NoRWZCUHVJR1JzOVFqSDJUbDNfdFhncU9rcWRtaC1jcDNXczNSTVhSZEVLRXhieVoyemlSY3RZRDJKM0ZnU090M3hoTmpPZ2NtU0diVUJXLU0xRXUxYUZzUDZqdVppNFRwcl9fd00zTU5SQVVZOURSZDBsS2h2QVk5Q0lPYVBwbHZFVS0wb1NBT2lINWN2S2wxWnUzejF2MU1SUms3ZjZtMGFGZU9ocGdYUjlISVNpTjA2anZJTmFrT0xzcS1BWms3TjdydjJYV0ZnTmlYY3hxNm1DWlBkdlA4Y1R1VkRucDBpWkdVOGFJdTBsVENOenVyWHhCZTc4dGJ6MzZSbmo4aDFBcEJOeGVrbVdGLXAtQVdUSFNhbHZUbWVoNTljTXdManNwbWVtRTZVaU1uLVZTR2VKWUV2MTBFSG1mT0RtLVcya3RDZUFPR0hhNE9Sb0RvaEw0XzItY3hLSHhyM2p6V0l1ZlhMMUZxQ00yTTAwOFVZbnBjRWlZSnNXM01OSXcyV2Z4YjdDJnNhaT1BTWZsLVlUYTA0U0NBNlowckhoanM2MnlrcklDT0RxOHFrRHNVWUQ2ZTQtTTgyWW1uNXU2dU1NeWZMRGRxdTNQTmNueFNmb2pTVmFFYlZLNkVBclFqQW54cm85bnNXQlBjc05rVGxlUHVrSnlXNWdJNzdHUzRZRUNLMHBnTVhIVmtOYV9HS0pqYmh2a2hkbm12X1YzNlhqMVd0ZmVqYXR5S3VEN3dIcFp2OVAyQ2Y0T0xhalc0REVhdFJfeG84SkRUVjFGUFkwUnhqaDhMZ2x5UnFqOHpfcHVnRVpGN1J5WVY0S3JheFZ2enFNdTY2U3ZYTUk2a3Bvc3hDRVZxeHVyT0VQQXozRzJDdWhBbTd3REhLV214c05mZ3lpR1FDcUdyU0NxU2xGV3Y4b1g1T2Mmc2lnPUNnMEFyS0pTekhsLUpWM0VQZldTRUFFJmNyeT0xJmZic19hZWlkPVtnd19mYnNhZWlkXSZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5jaXNjby5jb20vYy9kZV9kZS9wcm9kdWN0cy9zZWN1cml0eS9maXJld2FsbHMvZ2V0LXN0YXJ0ZWQuaHRtbCUzRkNDSUQlM0RjYzAwMzA1MyUyNk9JRCUzRHRybHNjMDI3MDU0JTI2RFRJRCUzRHBkaXByZzAwMDAwMSUyNmRjbGlkJTNEJTI1ZWRjbGlkISIK%252526dc_cid%25253D203224912%252526dc_adid%25253D570667618&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame E337 43 B
640 B 200ms
184ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEGkI6REnWIjoPeGkjj9W-WY&google_cver=1&google_push=AXcoOmTgSvc6BM5KMc8ujg0nyPdEEZC2oQMgxTp1MmOwJCPOBKRJds-lWZYEMjmV9ePMfGLoVi8n0gtAxGkE7Q8_0URFUloikh9y1Q&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTgSvc6BM5KMc8ujg0nyPdEEZC2oQMgxTp1MmOwJCPOBKRJds-lWZYEMjmV9ePMfGLoVi8n0gtAxGkE7Q8_0URFUloikh9y1Q%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 822f052aba7f2bba-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E337
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WlV1d1BnQUNSZHNWNXdCSA==&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_cver=1&google_push=AXcoOmStpX7mF0PYEqLgJDCBY_cSeb-SsQ...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WlV1d1BnQUNSZHNWNXdCSA==&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_cver=1&google_push=AXcoOmStpX7mF0PYEqLgJDCBY_cSeb-SsQhhjMUI7aBvXuw_cMLGWphXcGQ-13RDWTyhkEHUlOz7ogF0TQIf_2D0q5X1kqftnngS

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-cph2320024-CPH
pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1699459135.166767,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WlV1d1BnQUNSZHNWNXdCSA==&google_gid=CAESEMtKnLn76ml0iPZbAchutHM&google_cver=1&google_push=AXcoOmStpX7mF0PYEqLgJDCBY_cSeb-SsQhhjMUI7aBvXuw_cMLGWphXcGQ-13RDWTyhkEHUlOz7ogF0TQIf_2D0q5X1kqftnngS
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E337
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEH5P7qqhl95Lv_VS1wMdMFw&google_cver=1&google_push=AXcoOmSiLiL4OKxhx_Md82H65-xIq2tSmUYA1sD6tPgqtPDbZEnIbRIlfgRQ9j12dcTEYRNjCiAeinsFq8xjclIx452IOC5VeVAXbg
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmSiLiL4OKxhx_Md82H65-xIq2tSmUYA1sD6tPgqtPDbZEnIbRIlfgRQ9j12dcTEYRNjCiAeinsFq8xjclI...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmSiLiL4OKxhx_Md82H65-xIq2tSmUYA1sD6tPgqtPDbZEnIbRIlfgRQ9j12dcTEYRNjCiAeinsFq8xjclIx452IOC5VeVAXbg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=0F78855361CD4C839172C630A8F6DA83&google_push=AXcoOmSiLiL4OKxhx_Md82H65-xIq2tSmUYA1sD6tPgqtPDbZEnIbRIlfgRQ9j12dcTEYRNjCiAeinsFq8xjclIx452IOC5VeVAXbg
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 07 Nov 2023 15:58:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E337
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMlg50WZ5khcWLGSSiHyxtg&google_cver=1&google_push=AXcoOmQkRtp-EfTAJwkGR4nh4kRv8NAxUGemC6QqZbiPFjIO2aqu_1IvuVQUtXGyWJiHnyWD7DBtw4ntzPfqYheGyvswrGv...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQkRtp-EfTAJwkGR4nh4kRv8NAxUGemC6QqZbiPFjIO2aqu_1IvuVQUtXGyWJiHnyWD7DBtw4ntzPfqYheGyvswrGvTfNJz&google_hm=eS01N3lwcXBkRTJwRmRzeU...

170 B
188 B

41ms
39ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQkRtp-EfTAJwkGR4nh4kRv8NAxUGemC6QqZbiPFjIO2aqu_1IvuVQUtXGyWJiHnyWD7DBtw4ntzPfqYheGyvswrGvTfNJz&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQkRtp-EfTAJwkGR4nh4kRv8NAxUGemC6QqZbiPFjIO2aqu_1IvuVQUtXGyWJiHnyWD7DBtw4ntzPfqYheGyvswrGvTfNJz&google_hm=eS01N3lwcXBkRTJwRmRzeU9LT042ZXcxUV92U25VcGxUTn5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame E337 43 B
362 B 44ms
25ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTxl-jgEuMn_uF55-esXBvnsmmmF02wkR8BHgbQZSE0qeXHhZV1e52rBhTrprfZSwdIlja_YYzSZ5Bo35Jovw8ItKm84zc_xw&google_gid=CAESEBwVRLqg6dg4XJsI3qKcXr0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 228840
expires: Wed, 08 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E337
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG9Lq1syn_kdGTNyFGByYsc&google_cver=1&google_push=AXcoOmTbvLmb3Vs2dpanA5NZW4Zlz7kq74AMkrrOd2C0_endcnUh-XOxcb_4jh67a893QMjx7TxAV5nA...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmTbvLmb3Vs2dpanA5NZW4Zlz7kq74AMkrrOd2C0_endcnUh-XOxcb_4jh67a893QMjx7TxAV5...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmTbvLmb3Vs2dpanA5NZW4Zlz7kq74AMkrrOd2C0_endcnUh-XOxcb_4jh67a893QMjx7TxAV5nAAYMOY2eXgNbl6JAIYnS1Ew

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjg3MDI0NzQ0ODQxOTc4MjEwNw&google_push=AXcoOmTbvLmb3Vs2dpanA5NZW4Zlz7kq74AMkrrOd2C0_endcnUh-XOxcb_4jh67a893QMjx7TxAV5nAAYMOY2eXgNbl6JAIYnS1Ew
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E337
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJbzWd0SjHjjyExnIoicXew&google_cver=1&google_push=AXcoOmQXnC4DUiTm_MTPGysgPNfpeBRB-IE43Hr-z8r96oMim5SfYc50c_DPLMw3ZxbFgypqxWw8-xwRmB4s...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQXnC4DUiTm_MTPGysgPNfpeBRB-IE43Hr-z8r96oMim5SfYc50c_DPLMw3ZxbFgypqxWw8-xwRmB4s2w0l4bpghz8NM0CyPw

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQXnC4DUiTm_MTPGysgPNfpeBRB-IE43Hr-z8r96oMim5SfYc50c_DPLMw3ZxbFgypqxWw8-xwRmB4s2w0l4bpghz8NM0CyPw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQXnC4DUiTm_MTPGysgPNfpeBRB-IE43Hr-z8r96oMim5SfYc50c_DPLMw3ZxbFgypqxWw8-xwRmB4s2w0l4bpghz8NM0CyPw
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E337 0
12 B 38ms
29ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JpvKxNTF-L-BiSmQeEqRabR9IVUEsliYOT_wCcuZeskM6NNT6AE769AbE1dDRzp71KGxY0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 66EB 38 KB
15 KB 31ms
24ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
DATA 200
OK truncated
/ Frame 93FD 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b14b30e80911e2c24b12b4272c4dd3f18636e904e7b9e5023172a4751b3a68c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
216 B 180ms
179ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBYCL,pingTime:-10,time:704,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjEwNSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1699459135370%7C%7C96d1d1d740f38fb21b22f42b3681bc29%7C%7Cadc68e3ec772ef714cd200e23f927f85%7C%7C01fda5688fca433695764efaa7b00a55%7C%7C2ecab9bb6097acda5969ec30fa125cbc%7C%7Ca3c4ad4c47564ad7f469d747f09d12dd%7C%7C94247fe61b68ad55ee5f8158ed7d93bd%7C%7Cef670627a5618b24c6e6955103f62da8%7C%7C1663701684,im:%7BpWait:19,pLoad:650%7D%7D
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

dt
dt.adsafeprotected.com/ Frame 644E
Redirect Chain

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiU1RBUlQiLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ...
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A1%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted...

43 B
216 B

183ms
181ms

Image
image/gif

2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A1%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: H2
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Redirect headers

Location: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A1%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Date: Wed, 08 Nov 2023 15:58:55 GMT
Connection: keep-alive
Content-Length: 0
Vary: Origin
Content-Type: image/png

GET
H2 200 dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%...
ade.googlesyndication.com/ddm/activity/ Frame 644E 42 B
402 B 141ms
57ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D12%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1699459135408;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 644E 42 B
64 B 62ms
58ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&sigh=_6DMkQXdJIM&label=part2viewed&ad_mt=13&acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D12%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1699459135408

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 644E 43 B
66 B 24ms
20ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 02:28:59 GMT
x-content-type-options: nosniff
age: 48596
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Nov 2023 02:28:59 GMT

GET
H/1.1 200
OK pixel.png
unified.adsafeprotected.com/ Frame 644E 35 B
174 B 52ms
49ms Image
image/gif 34.247.247.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiU0VDT05EQVJZX0lNUFJFU1NJT04iLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0LyJ9fSwiY3VzdG9tIjp7ImN1c3RvbTEiOiIiLCJjdXN0b20yIjoiMi4wIiwiY3VzdG9tMyI6IjIuMCIsImN1c3RvbTciOiIxMTM1NzYwIiwiY3VzdG9tOCI6Ijc2MTA1NTE0IiwiZGF2M19kZXZpY2UiOiJERVZJQ0VUWVBFX1VOS05PV04iLCJkYXYzX291dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwiLCJkYXYzX3VhIjoiIiwibW9uaXRvcmluZyI6ImZhbHNlIiwicmVnaW9uIjoiaWUiLCJ4c2lkIjoiNzQ4MmYyYjgtN2FlMC00ODAwLWJhYWYtNDEzYjMzNmE2NGQ4In0sInRpbWVzdGFtcCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIiwiaGVhZGVycyI6eyJoZWFkZXIxMCI6IjIwNTA5Njk3NjU2IiwiaGVhZGVyMTEiOiJEQ00iLCJoZWFkZXIxMiI6ImFkLmRvdWJsZWNsaWNrLm5ldCIsImhlYWRlcjMiOiJHb29nbGUyIiwiaGVhZGVyNCI6IjciLCJoZWFkZXI4IjoiaWFzbyIsImhlYWRlcjkiOiIifSwiY3JlYXRpdmVJZCI6IjIwMzIyNDkxMiIsImNiIjoiMTY5OTQ1OTEzNDc2MTY4NjczMyIsImFkRHVyYXRpb24iOi0xLCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwifQ==&advEntityId=1135760&pubEntityId=76105514&iris_id=[IRIS_ID]&ss_iris_id={{IRIS_ID}}&fw_iris_id=
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.247.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-247-46.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 15:58:55 GMT
Connection: keep-alive
Content-Length: 35
Vary: Origin
Content-Type: image/gif

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame 644E
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1135760/76105515/skeleton.gif?xmtp=v&xmapp=0&xsId=7482f2b8-7ae0-4800-baaf-413b336a64d8&bidurl=https://cybernews.com/security/hello-alfred-data-leak/&ias_cam...
https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=7482f2b8-7ae0-4800-baaf-413b336a64d8&ias_=&ias_xappb=&mon=76105515

43 B
482 B

42ms
24ms

Image
image/gif

2600:9000:20ab:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=7482f2b8-7ae0-4800-baaf-413b336a64d8&ias_=&ias_xappb=&mon=76105515
Protocol: H2
Server: 2600:9000:20ab:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 04:12:26 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 af1da25c2dddf71cac076999aa9861e6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 9546390
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: 2BzLUsszWVPBE9rXuV8QDKWhUPHbHeO_48hSdCBbWC_4V_TIcJqXqg==

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
server: nginx
x-server-name: app22.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=7482f2b8-7ae0-4800-baaf-413b336a64d8&ias_=&ias_xappb=&mon=76105515
cache-control: no-cache
content-length: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 644E 0
28 B 79ms
76ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstX7Q5P9Yc9Hm_fgK6yPbLytHYyUfiyHcogi_sogrlZPzVKHJcR0ZmetH8gaYded_t2NVta_LWr_5XBW3wdx3nAl3XTioyrI9r13d1ctzetZ-R-nwCnHV0qwpGECt9qTgDC1QtKmnPH6J7bRz3d8ZJWrdg50K9w2HGzZ50cmxWIfjKI4XvOpd2dpkJUA9psILKTnORAUurG6UdJrDMDL4FzuFP0lzkDG8HfOVI512n2H3cqxTCTN042kDOH-emxTeyxgHwqUJwVHbu0hv17Kg0S8tziUk3yeiSwZyo8o3B5UkRGil_5mVqGJmUjWp5DWItx4QpbcP9IhS4RHucz7bUyWsnZHL_4oV8dwq1SZ4GHm8ZCq2VL4ohqxSfqHOwMeFy-HfTyA_aIxkicXSX8gFc_VN0E3h0cX7BnrCZ0yIH4ojeSHJPhyMK-9EBxe--EcD6eKCteOfmEu4Ate76UcblGysRkyzYvxWapIQNj68GH9Oo5JC8a2TXrFe2gjO1SKbh3YAKM9Kf6BITqs0NHvUNuQqCaKV5XJ6OFvKY7thqnuTKFmIdyzwhQBDuU-nxdZ8sAUwy25tBJECwMzSEPvZ-SvR_Uc6erUWkqMDklg58LVecwRIm5ACtOiyjLUQ6EG-5VaXlzTbge40Ji7RkE90cbDrV0R2u4kC3F7e5CdQ0t3Yi4KplRyW7t9kWytXWfJ_1UcXfXXOAxG8pR7lROq465ok23n4NiorANBtQOGgFfOJCzt9CuP486Rm675erVMbh-1yV4U0cISAaTmYpzbkCTCi_G6aFT99GUj-_eYG7_8lXuu2qFhUFXspJVrgX29CzKD32WGGQX9Qhnh8MufMOHU87Y9YucKVnfp4lyFW1by6JGCD-FGJKuYWQzFh6pLfALW_NcNgWY0UjuS6uxIR_kjGLTWWTH3IR4YBAzHPXzg3jiem9QOuksNYxmMSfTGKCsq0l9IDhvxJ3vPRd9BPU7ccj_fEQb9budA8zF67WKao-w8I3bOzqBROEKphNiOCUneS3cb8FkcrLAjeKn_BmxNvOag5xA6L_KTBMUdXXH5ppbtwhQxnlVGl238ml8XHTLg8siOwMmUxXvIleRkXwzn_kJG8zUiXeczqsimUnMCVsqL1HyYbQCCeCfqxCXnQEk5qEMMGGc_AsR3BJ5QM6fqzEX3kBzbPKK7bNnORRD3z-s0K_zRNWCAla7a35vWfvTFwFWSqbWaocaSLy2yAx_qIvvMtZGhJp37z2WNeWuvABpIptkhYHq7nAFU1e3K7J0ikOSV1hoArcer-3INo_n5syjBZucXHMREcwwx2Znuzh7mQJktjdzZDbXF6Kwl7sGbdAqrj5DiZPkFCAadO4rJjmwNTG6-BjMp2JALs64SQs&sai=AMfl-YQ7f1o6ykbemdOcbmSPVxGU-NZKL9tIodUq_hpbC6NNhvtYIw83Uz0gEICBYRnATndlua7qpFTMP55PVVNDt-h91c0GJLXKqmK-Q4ldyrS1dUBBGJrt5Rk4KaMej7pr1ZkPRuYzVgurVV_fPtkdR8EEZzPTch2--GTy55uQAJkDj6S1RaN7PaRsS7RAe22VC7i7SCaV0ClUzPoW1X8xkFU9d51wqdwzml66TcsPMFEPTRVnaFOee5kXOhmv2X35XC0xaOMrwJ5DlXa1roag9MXkpCQSmA6v&sig=Cg0ArKJSzFeq0xxZoHUbEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 644E 0
16 B 71ms
67ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjWgqn8ASABMAE&v=APEucNWitLZNfjUhTyt4MjPIjsSbbtRrarTqhpw53TKrH0NyOmBbQlSceJIpqafYvZ8byjXFWjo5omTgjx28yLiAK9-S9-lKig

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 644E 0
20 B 66ms
62ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 644E 42 B
64 B 69ms
66ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuJRcVZWBbROkrD-yKBMFXowR__iJcitEV10Nt85WpFWzGtryA_P80mxLhGZjzsZE2nx9RhzATek5-TJO3y_Yzqge-9q7hG7IazZ0LuSDb0-BnndbcbQYkPvmsfMP9CTy1Mtsrwttd0CLat&sai=AMfl-YRfS8g2mOL56TDk-qN55X9CLCkgZc-3Xk4PquuUVwdd3wflua7CwFcdCQVQwt8Z5w8JtjS-jMwSQZB173X4K5M0WP_LMoF3aPUxPVwNHxicu9a_c5PCf7Ypbl4Q&sig=Cg0ArKJSzGmE83g-7WUCEAE&cid=CAQSPADICaaN8gwOZYwwvTMUS02ekLkQ6xVjNxLFS-FEDQooWm-bnBCLubbvsj75B9UTYjeZRMjdY-1k553d0RgB&id=lidarv&acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D12%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1699459135408&avm=1

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 644E 42 B
64 B 67ms
64ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&sigh=_6DMkQXdJIM&label=vast_creativeview&ad_mt=13&acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D12%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1699459135408

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/hello-alfred-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 138ms
135ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=7~lopy3910&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=first_play&asset_bytes=216009&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.1sk~ff.1sw~videopreviewstarted.1sx
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/7bd8b78e-a560-4299-8e32-a71a9be1ded8/ 3 KB
2 KB 72ms
55ms Script
text/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/7bd8b78e-a560-4299-8e32-a71a9be1ded8/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2a307ac799050a601060dfbe764dac77d8794a4dd58f466ad52f8d7a06edd10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
age: 1007
cf-polished: origSize=3367
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 9eed13be-858b-46b1-a93b-15f1c0fe009f
x-runtime: 0.045354
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"04cf5981daf0edd81d279770a250678b"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 822f052d390665e0-FRA
access-control-allow-headers: SDK-Version
expires: Wed, 08 Nov 2023 16:58:55 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 82ms
68ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231106&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cc9c0fbbc1a93bb331aea0782a58794eeaa9fa879f811708ec135299dd19192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12125
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 71F3 15 KB
6 KB 38ms
36ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=cybernews.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:54 GMT
server: Kestrel
server-processing-duration-in-ticks: 344544
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 boeing-lockbit-breach.png
media.cybernews.com/images/thumbnail_small/2023/10/ 5 KB
6 KB 68ms
64ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/10/boeing-lockbit-breach.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7385962d258df1ba7b72769e301cf673f0b191f5f729ab4279a3f48928c479

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 5092
cf-resized: internal=ok/h q=0 n=34+0 c=23+94 v=2023.9.8 l=5092
last-modified: Sun, 29 Oct 2023 12:20:26 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf46_QxgO4PZPr_ungS4RUbToO8iFZYhIqdjUqgfspDQ:8bd0b70bc6f692cb1a7044fef4d0a050"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 822f052d383637d8-FRA

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D6B 0
20 B 67ms
67ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8294671994967&version=m202311060101&ct=119&x=1&cor=15755765673417644000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://00dd6a0b000addb8eb81083bd4f2a691.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 2098 0
17 B 205ms
187ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lopy38on&c=8501616529858&slotId=4250808264929&qqid=CNvrzc_itIIDFW9cDwIdSiULxQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2099&mt=video%2Fmp4&vs=576x1024&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.15y~vil.1ut&ua_e=1&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame E136 0
17 B 206ms
188ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lopy38s1&c=1875502023121&slotId=937751011560.5&qqid=CJenzM_itIIDFcVNDwIdyhoK7Q&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&msm=1&aits=18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.19w~vil.1pv&ua_e=1&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 4446 0
17 B 206ms
188ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lopy38qt&c=2872762141030&slotId=1436381070515&qqid=CMLXxM_itIIDFfNNDwIdQZEGJA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&msm=1&aits=18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.1cc~atrd.1cp~vil.1xt~vfl.1zj&ua_e=1&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 search-69f914aba75b1bb036ab.js Show response
cybernews.com/js/ 7 KB
3 KB 101ms
97ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/search-69f914aba75b1bb036ab.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/js/base-69f914aba75b1bb036ab.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c6d23ff6cae1825899d31958f2ebbc9e11595f6ace6d0866b91f972a74865d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 13302
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=7505
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 08 Nov 2023 07:00:07 GMT
cf-bgj: minify
server: cloudflare
etag: W/"654b31f7-1d51"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
permissions-policy: geolocation=(), camera=(), microphone=()
cf-ray: 822f052dbbb83825-FRA
expires: Wed, 08 Nov 2023 19:58:55 GMT

GET
H3 200 links-bar-69f914aba75b1bb036ab.js Show response
cybernews.com/js/ 6 KB
3 KB 70ms
66ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/links-bar-69f914aba75b1bb036ab.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/js/base-69f914aba75b1bb036ab.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

518e798e7aa50abb79beac7171b668db3c285386cdbe65080680b67df66045da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 13225
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=5823
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 08 Nov 2023 07:00:07 GMT
cf-bgj: minify
server: cloudflare
etag: W/"654b31f7-16bf"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
permissions-policy: geolocation=(), camera=(), microphone=()
cf-ray: 822f052dbbbb3825-FRA
expires: Wed, 08 Nov 2023 19:58:55 GMT

GET
H3 200 scroll-up-69f914aba75b1bb036ab.js Show response
cybernews.com/js/ 1 KB
1 KB 71ms
67ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/scroll-up-69f914aba75b1bb036ab.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/js/base-69f914aba75b1bb036ab.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ba039d9e9b08fc4c48d4d656f8dd20de7f96f0dc6d6d8c558b9aee51527408e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 13225
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=1509
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 08 Nov 2023 07:00:07 GMT
cf-bgj: minify
server: cloudflare
etag: W/"654b31f7-5e5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
permissions-policy: geolocation=(), camera=(), microphone=()
cf-ray: 822f052dbbbf3825-FRA
expires: Wed, 08 Nov 2023 19:58:55 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 155ms
126ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 08 Nov 2023 15:58:55 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 71F3
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=cybernews.com&sn=ChromeSyncframe&so=0&topUrl=cybernews.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=fYonl3xsY3FGMGJ0RzhVMHA5eHV1M21rODlJa0k1WEtscWhNdE03TkZsTWp3SnZiRkh5LzFobUloM1VFNm1iNzNrUWJlS1BLM3BQRzZxeXBWZWlyZjNMaUVDa1Q3QVN5ZGduek8zY0M4RzFRaEJkM2g1MGwxMEYxamZieW...

422 B
650 B

111ms
35ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=fYonl3xsY3FGMGJ0RzhVMHA5eHV1M21rODlJa0k1WEtscWhNdE03TkZsTWp3SnZiRkh5LzFobUloM1VFNm1iNzNrUWJlS1BLM3BQRzZxeXBWZWlyZjNMaUVDa1Q3QVN5ZGduek8zY0M4RzFRaEJkM2g1MGwxMEYxamZieWZyZ09sTUFNWjJSa1l0OTdaZXd2SGlFUmU2R25PMkNrenYyWVZBeWpnUStGUUQrOWYzalZZWGh0ZFh1dncrMXg3Zkkrd05qVVFqeFVyUXZuVTEzbkFIS3BuUUhybUFNYWVhMFdqT25CVVArNTA2NnZQZjZaL0xzaTlLQm5rczhlOTBONXNyak5tTktTYlNZMXFETGx2OUFsM2JuTVdpUT09fA&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0311c9d778062c047af313b5ec34aefee7abbbdab5646f90bbd9ac65bd67647e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1268044
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:54 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=fYonl3xsY3FGMGJ0RzhVMHA5eHV1M21rODlJa0k1WEtscWhNdE03TkZsTWp3SnZiRkh5LzFobUloM1VFNm1iNzNrUWJlS1BLM3BQRzZxeXBWZWlyZjNMaUVDa1Q3QVN5ZGduek8zY0M4RzFRaEJkM2g1MGwxMEYxamZieWZyZ09sTUFNWjJSa1l0OTdaZXd2SGlFUmU2R25PMkNrenYyWVZBeWpnUStGUUQrOWYzalZZWGh0ZFh1dncrMXg3Zkkrd05qVVFqeFVyUXZuVTEzbkFIS3BuUUhybUFNYWVhMFdqT25CVVArNTA2NnZQZjZaL0xzaTlLQm5rczhlOTBONXNyak5tTktTYlNZMXFETGx2OUFsM2JuTVdpUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 339867
content-length: 0
expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4BEC 0
20 B 82ms
82ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BqKTwPrBLZY2mFKa07_UP-pqSqAgAAAAAOAHgBAI&bg=!pKelp-jNAAb4oU7C2KE7ADQBe5WfOFLSd6_J9Nik56khpahT9mX3fWrQBdIIcuHAxT1LhzqADbjktLBsolSxI4Ex8V8sAgAAAhBSAAAAC2gBB5kC1XLGS1oRqW-nJ1NpShKRkkYNROsTIMZo1z7FbBV6ztv_eSDKuSmExQ6DIgJPj0WzD86RKS38QzgfpcR9uMdRJmsCVEzWCrg14CCFBCsZxtf5C_3Ae-zfJPNIEmYnzK-MpQBrqlpgM9ditrxw2G_X7hqtrLc0jR5nTb99G4Xekjm-IbCnYRucwYxu9LBETkNFhOVOx3U68wL3AMCeHaI63BuI3fyjzKa-PQ_y3BG4_95ziNRC5stXNZ4K0-JrhqF1QhDyChRqhJ9UjiSmyIKuF61TWUwozi0hm36TsW4jboKuNVxEbXFkO7WmiJXbRT6CEqQMNYS8cCDTHqq3gGk8Lo3I2uIJnfcUNfuwr8JNlha5ryt8TvbBc1k92URk2SGy_ZsgqZpz5sfCosFv2UUfE5b9BHd71ZqyKwkzttgm58W_8lyFrD_ETQj26xuL_kaHuwcCdSszHzQJG6qnt-6mP-DDl8Co-tYeUQDOzBekKvqRzP3tUGNBG58Vhvh_TfRr1JU0uLP9JS-PfuH94NGDO8hxdnmPDEJDpsodUSqXHlCq10VUyROXjOjdl8OGKqFdQZ8d4mPjuzWr_bs74BvZgiJkQ8mBZKXiBO7C0ioK_rrL-cEJeb-zhL_luKog5wW5JPfk6uuyA7FkDMwZ7bpJ1IrRsMY1hPe4kNaeCq5HNXRdWpQtsWriYGomvuC0-mirf7zOVOVIPUAmll6XrHaAV116kEjpj5QxQerMscrtj7A4REX7hyRKUQ35xntAkfj0v0hV-wNyxL0sKQLtZaoKTNM_OKCvp7KZFRzN78tSDwfE_URcs3c6u6vZs9N8DYw2LWaiGus4bdLtD607uWJhubOimDRWw2hFi9Jl0QtA_8EksRgdfGAyr7-8yNGQ0FYwxO7fmpnAXhws_7XMplnmvMFIXM-XRjeHx3V3uoD-tanFElDOzU9bVLj-2igJfxC73SUb86ig

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 148ms
141ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=8~lopy39a5&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&met.4=vfl.1xx
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 028A 13 KB
5 KB 127ms
79ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:36:56 GMT
expires: Thu, 07 Nov 2024 15:36:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 06A9 829 B
561 B 132ms
83ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

614e5bf7406e6e869bd45c1e2e78fa528758d20d7c160cb8cdf55178c407cd50

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4AH6vt4t4k_YkfpQktJVjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-4AH6vt4t4k_YkfpQktJVjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 15:58:56 GMT
expires: Wed, 08 Nov 2023 15:58:56 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5067 0
20 B 121ms
120ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BnO2BPrBLZdL_E4-h1gb2qbi4BAAAAAA4AeAEAg&bg=!YmGlYS7NAAb4oU7C2KE7ADQBe5WfOPDDz61ben7LKWxDxkD5E2nWIYfyg2CByexlpKJ8x6Zv79p2JCcllZHyAHhA-SJ8AgAAAqtSAAAACWgBB5kC53sbqf2i0_1_xB2_s8GwBXbT0--48f60Tca9JdxfhFQ90OrSoQdTMHwvNKohxaQWG8QueghvcOBiks5dmWT-WnOySc5f5BwS9vfFUshmFH7Rtn3oJXtIohFgRXnQH2C620sydgM2X-2RcxZKSeG6NlyAD2ozqlhS_DbZOh2Y9lSkJjEniA3QqG6B0w3dlWB6HyqlO1N6IXN3V85p2K0S6PGgTxcRWnv77PvnYIKy9-Rsx7TkEO5nH6KGWIwjNuafyVcr-7AuP5EzhMYHXDRzXEy7fOYIBRSA3nSsdl4OD08pEImiCLf6dewcWC_cmMXbtXutOALTR25WVHgosSePUg0-3o9PcmjnurDOH0RuruThD_fkY654-94TzioU9q-QJkM_jaCn-kwCDLG_b9kttq5LWwUt1bATZhYPFdeh5BSvAqdQLhVqDdoRS48-BdILZ_3R6qRqFa2zrRmUJ7SinwZ2L_HPBXt6UAS6ZVyZ3S8OC4qaUnyoPIbebozA7pUaOPX4qmqBK0d0lPFAuOfNJb79IGQDGKaCN7yCzkxwx_hL42aQs1HntzfAoNnSa5tUpAIzE2qS7-vXel6Vp6x3mrd-yZ5YNoL_xbi0sqCPmNdgYOsn7ofsa4Eb-U5cc-iPLqe9nNS-RUwZEq3Op_lDTA4qiPdRXBmzhVEqWMmrFwFt8H1j8jq3V1PDE8AkC9-n7SkzMHvdZWbNBspwbX4dNwpZTIbJcnRWdftHLVWfRD9pbyQpKiPG0RV5IHIVPX0xZzCyBw71Ndqk7uxMbnNRJoOLBMCOPxqQIjthbNKqRUKm2Ocn7ujc0FrMaJ8JBvoKpCxz_VI5deNfXMHGI22yUcsZtHR87GmXA32HaWurJpnadZPfPKWGAAax977dDGjzouq0V4E04ZSbFkVKrYIRRAhV8P7qBR13dzgSQkKw-sf9uYjEMetImItkC10jdTM3uU_7WrBKfa_c-ePIJotgJZh5f0DoU79y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9F4 0
20 B 121ms
121ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BT-SiPrBLZZenGfmv1PIPjaa8QAAAAAA4AeAEAg&bg=!fX6lfjHNAAb4oU7C2KE7ADQBe5WfOEUFtg1Dp2gz694kDvmSeQXV53GYKlQLkKmztXWXOx99uJzz12Uol0ik9b3eq3RpAgAAAmVSAAAAS2gBBwoAoD6Rfh0zOzXfzdL-NPpUxPdQ45wDJvxBqf7t8CeTTrjiRcmmPzdkfaETrnEse0oSpsR7xmD7fDBalacW0OSkXFPcq52pSuLj_ePlY26IVrts0klv1eUPBxjpN_FgSSQqYOi6K2Ox1XgacTATygxZZ8PEYxuhzTJjkQ6gfnAeWTx_HVVgy02uCyNbNJpAsr8S1Kh59VISKPsgYldMW9IZvXmZAt_7hGlEh1SDI1hCSp8sIqDPvYC2FhNVK83kmoE0ZrZhgqpP7aMYB8tJqZ4tJmAG5caWHNLdM8WtpCo-4lOfan8AIxausvguW3HG75XFJbY5YkyEA6xpMAJfQLXBBKbKuKYEPW15qoqojDAcchSc_6GsVvmdqtvymAlNw3r3KOQfniuWgHa-ch29-oRZtE4K_lWnSLlC6SqY0QuD41Ag2tm41SFXGDcydZBmuCzm9XE13k6SdVAHpsueJfsy9cL6vlTOiAaZN9r-42PWo-fGmgjkNZU4FNT3D1csh1pxHdZDBULygjz_LbOFQYim5yi0B3oPwq-iQetGt0NFd9g23YIpED78fCWkLSBJNeaOt4UfyGTkFRVV3C9X2qo8kCMsw2vFvA8eOvlIVWEuMm9in_poA7TyGsB7eNjpB-T1EwuVmoHD7QejYeJDKQn02rFFVfUiqkC29aZtS3TIDbWksItdgE8H1iffCLURN4RJ5CFDceaS6fmKXD0gFzsUE8EAivB3VwPe_iM44HT1Xjb9TmJ4_aXOmXY7eYULZxXD4pxbktPBbRTdDtugD3XnWI3VjkU8sboQLXHJ4LhXLpS_JT-aqSqx7SUfVMcD4-ioC7N50CSSNYlXZQSiWv9QFw-bSFX_nIiic1taGGSH3JL5RhCHn1K-4KzchM9zgnpE2pjrn1FmiMo6zUSG6Z8lpYrqGWg_aMQOrS6HBHlLv7M8ZOGGh1S3aWSECon__SgCbiUF37YH389icQtArAZsTQOsbjsNcW7i_QWOqQJNt_cHDXHVLNWe6pmBg9QCRIXfBaCM6fQBP0Vy2hxlsOXB1ASBVtlFW47uFghBLqZAtus80_LOelzOFoyHBNHIDDar22eJwxkvfHXD2q69FIwvb8srEGqFek-6j8AMazXInygpDE4nUcR3MIQdBVHHDkJzCqbA7Pwn2XxK--XUpq0a1p21L0N8BbMQ1yfGCJDomoBIDVM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2FC6 0
20 B 127ms
108ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BK0yAPrBLZYaSFJD_mLAPrfmi6AEAAAAAOAHgBAI&bg=!Li2lLWLNAAb4oU7C2KE7ADQBe5WfON-KSA51iEKJYIT9MDyIsOJCsRa54n34jvTWbfCVyzcldEHPiCQBblZp2ijYLa5JAgAAAxxSAAAABmgBB5kC5EcTVtz3CZfdzHxNiHHqVt_OgpgG9JZpmLNDM5eHpCOT_pskZfdtGel8SBEKUs_DXnDKUo-qz2HYM0Alp3L0ZNHeeVn8VG8vPFOK0dMlBQxO6LleW_4lywkyJE53tqpMmHGTWSS-n-fOOawu9rfMdvC4yypj5rahOXwOoR7kVV6qDRTz7me83VyWos0hjJAyz1EoFCNbYUVgVjmuJ_FNDvsbkC5l0ZGN9NBNVmd4i02Nqs_PMk-3AGLhLfDUFXqc4DTCpMGYaPgynWF8UaMKc6uaw6KczG5NbrxTEkmGAlU-POwlAvwoJFPcnJzNP9n5DO5vhz7wGvGHz7WlDzhy_2YG1FnFBCYEQkz_dcAorfo2cr9AENNf70vbaaJbPRiQLVLXpB9ONmvtJzjxkbcv6bSFEEE8QejOQmvLrgO-Cx_-zV3ZloPITLi6oNuslg7M3u7443ODkrXCCwr0BFe6irpbLuE4ro0_Is10zXL7HuLgiTVxiCW0VRvHnxOwdGqaT-nqcL_LGkXMheNq4vZOQHOXSQw_2czPAwTkp75vL6RjxFffWW2NU9X5lkmu_68Gf7EJtqiIxM5qjMAN-Euf4_F4lWZRjVw18NPTZkDHxnvspYZm4ib57pcEnLRgpsJiDoGqbFXghhX7iYA5gOUQTTHhg6rnS0rtn6IcI92bqyfjUgFka_KunyF4OJ8aJr5-iC8gro0SjWrjgibSagfXcTj8vhI4MXfc2Fi2tGdNp99vntP4_2VTMndIx75XFREZZeF-jlzlSbCRz-vrZmfHYNBdojb-bwjppGnrSmt2kBjizt5km8Cm-ahamXqOQ1yhFDtkaUYoYu2KSeApvWasyQOGJRnMsdeo0_UwF0XXBOrzpw1OBopNBO2Od95gjC9urEeaYFVKfUAaxjade_mKWqL6H_zDeMJF0XeL5SunlbitVmwq7A-CRA8wCc6_m2E1XPdhNHQdnPyP4s08qKDIZD3AYQH_

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A6EA 0
20 B 119ms
73ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BzPtPPrBLZeeYFf2EmLAP08elkAQAAAAAOAHgBAI&bg=!mJulm9TNAAb4oU7C2KE7ADQBe5WfOFenWoNEgZ43UAufu3xpp1zb3JNoSeVE4L2dDJnoQwtrnaSVKwZ1tHtVE_OlKEEqAgAAAzhSAAAABmgBBwoACvy3wkkJ3y8qHvSZAxHpMR6-u1UCxivSXHvYZZK8sHWarQNFfQZitWO5kcDEC6JotqXoxydfN6pCLgCpjNFEnRqEk1uDSYa-dWB9sSkVXVcppdeMy7D5JDVhm5kPXDRx7gsLxBYu7iFnoI06zSrZ0p6LLqN_piXJj6XLBcCazjpG6kaPiwd2-NRslk2hUL_0MBr03mBpquk6EHRBWQ-zpdIo_GP6vmjWExktquQZ3dimc7elvTgbmXxidAMofrU0ldcgYX4-2AhQuf9tVStDPNznQjI2_VODjNoOWUI4WiGnzxQrprOSQYLYmOPM9g44gURYkUIH1wLp3xSmww_LsUJxu9sR4zZkjIDlcQHd-xobtXRDm1KV2ZOqNdDCk_zsW-DqhNPE4pC_8Mm2SR5ccvloyngKgNbFXGI0TYMKTYM0b2oy7esajY1vhnlOqhj0a-hD7XCfAhUgagV6zctnMRP8y-uGEaMDZbvr9nX9RaWOXHDSluZEJJVCfMSwUusyEhe2dxIX5cSNSB7tB2k8MLgOoGEt61sf9RoO3S8-KRT5ON-oV7IWr3dRthq1HUiRQYEqFfA_7h-nt29qUmIkDVybMd9d1hCVhIqTECTy5i7m1YnTIqmW31MJhKqWsJcajntmC5zyHQ5jpDzbTSnX_42lpHjCqoI_HQ2IYp_XpRVaAmvXO2Tq2PkuQBArmtnVbVzSM0RiRrAeddMThByCeKzzqeYEuTQp5t5dtdVYy8jnWT8CmINDzJLIlIirhTkcK1qfDLmP9nuv2CV6rty6CLNGc9jFii73SL6ebE5h2d86KEVw7aDQ4jBNlJMUDPR_5Tfzx9Y5D6wrwpEePTvp-ZmioTFTYvrS97EMvAH77onFMZHdACsue3Fncss5kVmaIK507gDqS2RDsq0agpgyo1HvNGf3JOLfWNV7U1AK6vbfFn2196Umao9rzDVrNb2xlNDbijMH5o5-GGmCN0QDC_wToHcE6sJtrAsDK6xV7IhOpwdUuqoDyy3YrAsxNtUq2-u9fiTQH594xyFuygMxNzk4R9zsxY6lRvdZ5yg0Bw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 87ms
62ms Stylesheet
text/css 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:56 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1246
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 822f0530ed0a917d-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Fri, 08 Dec 2023 15:58:56 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
216 B 208ms
170ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBYOM,time:1449,type:e,im:%7Bpci:%7Btdr:1066%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:1449,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1442~0%5D,as:%5B763~0.0,679~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:255,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c.1474271-76103297%7C1c1%7C1d,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:21,sis:256%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
server: nginx
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 66EB 0
20 B 84ms
59ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BglmbPrBLZYSAIfbKmLAP162E2AoAAAAAOAHgBAI&bg=!t7SltPvNAAb4oU7C2KE7ADQBe5WfODOCHkyOWfy6al_-rg2gKDW_pUNCVdThWlyQd8hY66kr0uWW4aq6DFgCLxy_F2MaAgAAAvVSAAAACmgBB5kC794HmPSiBDEOr8itNNconXkVPNVyyfV8LB_TVyvwnQVjL3Ivwc4OZpAzHuWmSGpXrhkGGLzn1LNZOW4HsO6ydYK6dUjf5Hc68UY4XY2SG2X3CU7_6uvcC2qntiiaDIuFS_9NmyrbmWDuqcL197J0qkmOIJPE5m63yu62knEIBk_Pwz4yXvy02PreZ7B8DdaHBVHJwK2J3TISKYl5ypb79Fx_90nEoa7sVNm0u4gyUjYvb6VxzVZRqYc-Gz5GQu9FFk6qh7Y_fC9j_71SXPS_WmKSCAlPPBcAM_p9ohulHEaLq3bUoe_FkXWaloavl0A9kn_8yIRpy3kn8442alRIZSgnK2VLEqFQg0Q0_MGi7NjDBjP7rUtX71RWAMI_qMk8O73KennayrcZcwP5fAM_d2QBCFbQvgNN4S_5Klhlx7jMeXUQ2PqDt3mPl-V-7NlvDpXbwFaKfbwLfPDYR-u7vB0wKBi7Y-ECD6Ov4KrKqf09O7AzDcpVf9WfrJaE30UdqaRGqopBuCBs7oGVHwr8iZU1s8ik8AJlSXCa1u22zYEGgnDNqGfdp8QIDld_ZyTAcPrvZYbM48Zv6XqiA0l4mv-XzIt7u3EqCYQ_SLojQQBj2Sya6OsGrIm3NxBShkNdeXYkjRum_SDaPTxhTO6ClCpUA1twnrKgjm7007vlcqhKsg7ljz_I5zrXhCRdYo06ldtCsf7WGuNLU2ohVw9sBtqTSsVDXYmYxMOK3pxhPatCFAObz-MNQQMYtY2PluD-NzASbhUpqXbtxAnTj5BRUZ6Gu-9ZjiNzWQPebgJZEIWi6l04RGH5zYHPOCUCsDL8ZvPkm_nEUdF51sruwkjRHmdVWQzHfywXG2BQX88ZETw2TvZf71iNI9bu6PCqw56WAL0j81RCyKQJkJ2EeiOHfjr8Fz7M_Xl6PDYQ0qsgPqkdme5UQWifqNkSBJPW9unOrUyyLVPdc6hyt3Q02U7EQPTEPBZlNWLJMye7Q1hfldo

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 06A9 0
0 99ms
92ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231106&jk=3033088582938210&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 028A 38 KB
15 KB 33ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 179
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Nov 2024 15:55:57 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D767 43 B
216 B 188ms
172ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=8de24a84-3cf5-0876-587f-16ff5a2f05ff&tv=%7Bc:toBYPR,pingTime:-10,time:1379,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjEwNSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1699459135370%7C%7C96d1d1d740f38fb21b22f42b3681bc29%7C%7Cadc68e3ec772ef714cd200e23f927f85%7C%7C01fda5688fca433695764efaa7b00a55%7C%7C2ecab9bb6097acda5969ec30fa125cbc%7C%7Ca3c4ad4c47564ad7f469d747f09d12dd%7C%7C94247fe61b68ad55ee5f8158ed7d93bd%7C%7Cef670627a5618b24c6e6955103f62da8%7C%7C1663701684,sca:%7Bspg:6902db01-b5a2-a30b-5a85-a20f2a9d20cd%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
server: nginx
x-server-name: dt21.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 028A 0
11 B 50ms
24ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Kk3gdw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:58:56 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 93FD 0
20 B 98ms
72ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3956775956664&version=m202309260101&ct=76&x=1&cor=11627810586163493000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 93FD 42 B
64 B 132ms
79ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssZOGnRSFlQ4N9ZfiLe-4nSImiExsINg1XFSUT3b9eFWCFxi3VbxfdJiSQZaI1HmlepTKiVUS31Jw_0uCB121QqeRu54XqMr1NcJOCQDcdIUPglC6DyHq0NApiIxNX8hMXtgls0hfStsqW-&sai=AMfl-YRYz18vjFBCRhMP3oIGNdenj0pO_b8P-sqq6f3iyt-uakzOE8DblEml10M5ZxDxY8nZ-YGH_QLNunuJT24rFiryLlXXzag-DojBLos7VqbLFN0-_0loO2Hq2VI&sig=Cg0ArKJSzClsP78v_On2EAE&cid=CAQSOwDICaaN_B6JW0nrvmy3AcvC7weS5QsFv-Sw0m2MRUesiwqDkPFw1rrNUDeDPy-1e36yj21xLsRWOXbCGAE&id=lidar2&mcvt=1059&p=0,0,600,160&mtos=1059,1059,1059,1059,1059&tos=1059,0,0,0,0&v=20231106&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699459133885&rpt=1073&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D767 0
20 B 78ms
64ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8525585986205&version=m202309260101&ct=76&x=1&cor=18273098108107035000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 66ms
63ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231106&jk=3033088582938210&bg=!QUKlQg3NAAb4oU7C2KE7ADQBe5WfOObvpME8b4qil-JRsW9T0LhhZpdyqyFT4MAt8RRoHAULzpoPgGq3PKO3Y1CKh_FeAgAAAP5SAAAADGgBBwoAtpb-jMxWTMwy8Hz9vIJgHKhqrdBltRtpbrnpmLCqigNmmBoQzxq-9oUpMOx8r_DK9opurLjkGH-aTooRUIEj836KTuQsD0f0Q4zroxkDgQ28pGS2r9nPu5r8AYS6rpAqdH18etL97mxV9p0_frw2KSG-yCKV-pTDA9HSoCef8jq1yMJCkilEv-5fyUgWrscxflscHD6PPojMB2TyQfxQC-25RnVl6ihGz_wOi2Q1rMfg3gvrqsHzmQKwKxivPqZpPhxTw_VP-w9C-70HL6VmkAFucyzYf6ZEvRC9P3BlrJ0TJLD9xRldMAi3W4C7J4RcjV6nLze34hdfVbFRT3AGVHy8bCXd02SMY0PINnGlB4kr_30xE4ppFPGi3WFfHVljKxfpUr_9luEgweOjUbyd2u6IpmOZ7YyOzMOQvP9xEonmQeb5dXtDTYOXzlpfuueN4cYwiC_vD6iHJvKUT-HWIZtfznDxXTlo4I3lMY7Q1yqIFKjdIpU23sNg8AsVK00P5DShxtS0lDMFMilWcXYhuN8ZLyC0Sp3iBqEufmqJuyP3_KRN9D79lT95o_LabiCbkjhAtpnw4aoizdzx_nSey0be1g0gOKol4rFjoGUOsE-CJfIGbEq3u3tlQGip57Xki2_BJx1fd4JqzNd5HPk9ud9Abqb5PjN-GMdILpHt0WHiW3GllmO8m4fmKS_SWQUfgkHwwG1idwBDLxQjfSldLDyGlQ6mYIbpoETIPt2Cr_J-dAFyAR8q-6rYkBCY0rRD83Mud1T1ZO-5TZHSNb6ucBMWzRyagnogBkdq-36XaZ0KMgCwKbINJch9ia2j7v3n9sPxTnno2SZf1_oAXD8xs9L7Xqqu1yCxF9YYa2Hoa9AI_X9tBoY0StysMp962DtztZ1aeThFwfW1a3A_tt08NhObuRividbb6Y9JGtNAyhCegcKd-4inkLUmnKcB7pLwNShBuT7w6shrgGdLftn8xDfmoOYp8Fmqv5Eq4jdYjvyD0cylSE8rWRj6AF48Pt4AnC3Mc5R1X9tVsq7pbdPkNlrBCoLtr2y_nk81oNwRgykj8uCu9cdChtsJXWq6cOiZEwZlv1-nD_zYuvti51-FER87yKBXIIlk6UUaqnMfL3s25PKZJjBa14_rdR8N8XOkDI7iUaR7x0w8IQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

POST
H3 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame A645 13 B
58 B 263ms
260ms XHR
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 15:58:57 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

POST
H3 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame A645 13 B
58 B 97ms
92ms XHR
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-d46354b8699e0f40.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 15:58:56 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

OPTIONS
H3 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 36ms
35ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 08 Nov 2023 15:58:56 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H3 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 34ms
34ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 08 Nov 2023 15:58:56 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

GET
H2

200

dt
dt.adsafeprotected.com/ Frame 644E
Redirect Chain

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiUVVBUlRJTEUxIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY...
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A2%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted...

43 B
216 B

176ms
173ms

Image
image/gif

2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A2%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Protocol: H2
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:57 GMT
server: nginx
x-server-name: dt25.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Redirect headers

Location: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A2%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Date: Wed, 08 Nov 2023 15:58:57 GMT
Connection: keep-alive
Content-Length: 0
Vary: Origin
Content-Type: image/png

GET
H2 200 dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,1370,...
ade.googlesyndication.com/ddm/activity/ Frame 644E 42 B
108 B 68ms
58ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,1370,0%26mtos%3D0,0,0,1370,1370%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1635%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D3%26pst%3D266%26dur%3D6016%26vmtime%3D1648%26dvs%3D0%26dfvs%3D0%26dvpt%3D1635%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26ic%3D256%26cs%3D33554706%26c%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1370,1370%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D3%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1370;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408;ecn1=1;etm1=0;eid1=960584;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 644E 42 B
64 B 70ms
68ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&sigh=_6DMkQXdJIM&label=videoplaytime25&ad_mt=1649&acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,1370,0%26mtos%3D0,0,0,1370,1370%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1635%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D3%26pst%3D266%26dur%3D6016%26vmtime%3D1648%26dvs%3D0%26dfvs%3D0%26dvpt%3D1635%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26ic%3D256%26cs%3D33554706%26c%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1370,1370%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D3%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1370&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
216 B 179ms
176ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBZan,pingTime:1,time:2788,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:20%7D,%7Bw:160,h:600,t:770%7D,%7Bpiv:100,vs:i,r:,t:1787%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1787,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1780~0,0~100%5D,as:%5B763~0.0,1017~160.600%5D%7D%7D,%7Bsl:i,t:1787,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:336,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c.1474271-76103297%7C1c1%7C1d,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:21,sis:256%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:57 GMT
server: nginx
x-server-name: dt30.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 93FD 43 B
216 B 186ms
183ms Image
image/gif 2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1474271&asId=6902db01-b5a2-a30b-5a85-a20f2a9d20cd&tv=%7Bc:toBZan,pingTime:1,time:2788,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:20%7D,%7Bw:160,h:600,t:770%7D,%7Bpiv:100,vs:i,r:,t:1787%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1787,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1780~0,0~100%5D,as:%5B763~0.0,1017~160.600%5D%7D%7D,%7Bsl:i,t:1787,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:336,fm:tV2dkUj+11%7C12%7C13%7C141%7C151%7C161%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a11%7C1b*.1474271-76103299%7C1b1%7C1c.1474271-76103297%7C1c1%7C1d,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:21,sis:256%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:57 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

dt
dt.adsafeprotected.com/ Frame 644E
Redirect Chain

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiUVVBUlRJTEUyIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY...
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A3%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted...

43 B
216 B

174ms
174ms

Image
image/gif

2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A3%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Protocol: H2
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:58 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Redirect headers

Location: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A3%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Date: Wed, 08 Nov 2023 15:58:58 GMT
Connection: keep-alive
Content-Length: 0
Vary: Origin
Content-Type: image/png

GET
H3 200 dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,2960,...
ade.googlesyndication.com/ddm/activity/ Frame 644E 42 B
63 B 58ms
57ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,2960,0%26mtos%3D0,0,0,2960,2960%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3225%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D6%26pst%3D266%26dur%3D6016%26vmtime%3D3242%26dvs%3D0%26dfvs%3D0%26dvpt%3D1590%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26i2%3D33554706%26ic%3D512%26cs%3D33555218%26c%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1590,1590%26qnc%3D0.41%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D15%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2960;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408;ecn1=1;etm1=0;eid1=18;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 644E 42 B
64 B 59ms
59ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&sigh=_6DMkQXdJIM&label=videoplaytime50&ad_mt=3242&acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,2960,0%26mtos%3D0,0,0,2960,2960%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3225%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D6%26pst%3D266%26dur%3D6016%26vmtime%3D3242%26dvs%3D0%26dfvs%3D0%26dvpt%3D1590%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26i2%3D33554706%26ic%3D512%26cs%3D33555218%26c%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1590,1590%26qnc%3D0.41%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D15%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2960&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
55 B 27ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KT8DKCHF41&gtm=45je3b60v882489589&_p=1699459132436&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=465876904.1699459132&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1699459132&sct=1&seg=0&dl=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&dt=Hello%20Alfred%20app%20exposes%20user%20data%20%7C%20Cybernews&_s=2&tfd=6538
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dt
dt.adsafeprotected.com/ Frame 644E
Redirect Chain

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiUVVBUlRJTEUzIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY...
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A4%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted...

43 B
215 B

173ms
172ms

Image
image/gif

2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A4%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoThirdQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Protocol: H2
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:00 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Redirect headers

Location: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A4%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoThirdQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Date: Wed, 08 Nov 2023 15:58:59 GMT
Connection: keep-alive
Content-Length: 0
Vary: Origin
Content-Type: image/png

GET
H3 200 dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D3%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,4285,...
ade.googlesyndication.com/ddm/activity/ Frame 644E 42 B
63 B 59ms
59ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D3%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,4285,0%26mtos%3D0,0,0,4285,4285%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4550%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D9%26pst%3D266%26dur%3D6016%26vmtime%3D4570%26dvs%3D0%26dfvs%3D0%26dvpt%3D1325%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26i2%3D33554706%26i3%3D33554706%26ic%3D0%26cs%3D33555218%26c%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1325,1325%26qnc%3D0.41%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D31%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4285;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408;ecn1=1;etm1=0;eid1=960585;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 644E 42 B
64 B 57ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CwA6YPbBLZb6gD-OvvcAP08i5wAL67Ozzc7bforzxEbe67YWXORABILbX6XtglYKAgKAHoAHe_KCDA8gBBakCNPb5UM_ksT6oAwHIA5sEqgSqAk_Q8rt7qNRfC3pLsiaej6HX45OkXGUAdtLKZ954mrEJSFk9Uv3PlO5kbOywbskrjJm_xI_C1oib_sRb_50oYmKp-bdQeEtQbDKFAR73y5ioq9WzLNhF2klKo52M3EB3_7TEJmCYpWmwEibgXyzLTSB1el1A1AYhONCqP3cz0EUiShqDrJ9atmxTpVxeLzsBkSKP5bx9XnTe7MYQqAKnghk6zmurnYw4aaSQuwSpKJI_yoCUINQTjn_ixoYmytd0n9e7DL0iRmFXNzePCZem3CTNN06UmFz3oNhk_La1FquB9gLBP7efKoZ_opvfUNyVKSJhXwW33vnZdpApGfT513TqmiI_qtWdi1b6mhLCW0uTIdY_wxVacPRpPSGh5gqMlhAJ3_w8QxM7GAHABO3x3-uzBOAEA4gF-Mzks0yQBgGgBk6AB4qD33yoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkRFsBPk5LUV0BMA2BMNiBQK2BQB0BUB-BYBgBcB&sigh=_6DMkQXdJIM&label=videoplaytime75&ad_mt=4570&acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D3%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26tos%3D0,0,0,4285,0%26mtos%3D0,0,0,4285,4285%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4550%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D9%26pst%3D266%26dur%3D6016%26vmtime%3D4570%26dvs%3D0%26dfvs%3D0%26dvpt%3D1325%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26i2%3D33554706%26i3%3D33554706%26ic%3D0%26cs%3D33555218%26c%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1325,1325%26qnc%3D0.41%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D31%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4285&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1699448218&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fhello-alfred-data-leak%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699459132619&bpp=1&bdt=202&idt=459&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1607993712573&frm=20&pv=1&ga_vid=465876904.1699459132&ga_sid=1699459133&ga_hid=2133064082&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079402%2C31079515%2C44798934%2C44807455%2C44807463%2C31078297%2C44808149&oid=2&pvsid=3033088582938210&tmod=1830599201&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=fKTVGXRxDH&p=https%3A//cybernews.com&dtd=464
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:58:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 133ms
132ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=9~lopy39lu&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&met.4=2sbc.4wk~5s.5q2&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fv2%252F1135760%252F76105514%253Fmon%253D76105515%2526omidPartner%253DGoogle2%2526apiframeworks%253D7%2526bundleId%253D%2526ias_xsid%253D%255BTIMESTAMP%255D%2526ias_dspID%253D3%2526ias_campId%253D1008772806%2526ias_pubId%253Dpub-5928161074779380%2526ias_chanId%253D1%2526ias_placementId%253D20509697656%2526bidurl%253Dhttps%253A%252F%252Fcybernews.com%252Fsecurity%252Fhello-alfred-data-leak%252F%2526ias_dealId%253D%2526xsId%253DABAjH0jHKSgm4m9ZBTAwesRLlbiJ%2526ias_xappb%253D%2526adsafe_par%2526ias_impId%253Dv4~~ABAjH0jHKSgm4m9ZBTAwesRLlbiJ%2526originalVast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN7442.1972103DOUBLECLICKBIDMANAG%252FB30857687.379597277%25253Bsz%25253D0x0%25253BAUCTIONID%25253DABAjH0jHKSgm4m9ZBTAwesRLlbiJ%25253BEXCHANGEID%25253D1%25253BSELLERID%25253D312551221673%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttps%253A%252F%252Fcybernews.com%252Fsecurity%252Fhello-alfred-data-leak%252F%25253Bnel%25253D0%25253Fves%25253DdGltZXN0YW1wOiAxNjk5NDU5MTM0NTU1CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc04xemk4eHpaZnU0VjJ4YVVCR2oxcjFTNVdIdThZWnlhVmlPUWZoQUM5NXN5U0MtY0dQem5CWVB1MDNhOWs4VWRweHhCT0xZMkNrMDM3OHIzeHdKQWFUOVNRLVFXcTBQTXdwaWdZczg5X1hTY1Z5M2NWSTIyUHctZVpKQjRIV3hQemp6c1A2YUtIWVBhc0pSVHVTaXNDbjRxTFdlMGtCN3d3U0Z2d3JnWlh1aWhqWTNXZHVjZ3RaSTUtUDdTc3ZtOF9TUGpQN0xjMGNhNDBDU0tzQWVSc0pjZEJ0ZGRhZlRjQjVpOUFrcExPd0ZoN3JTZFN4ZU04anNKdjlmWmVlZGJFZlZZR0wyOGxFUUhvSUF1VVY1TXQ4OG9fVDZOWXdCSVBITG90WENBeE9Jdm1HSjB0cElBQlM1NGpiZkhTWk1qam5mbWVOTHhZLVZENHB5ODI3Z3FmQ01SSWdrTm1YN2ZZSHZjWjhZT21kVDJORU1tbkhkSHg1MTJCRWFvc0J2TTFWN1Fhdm1ybDdYZkJSUlFSMEZTUGhzYlEyakZ5TmdlOFpYejg0a3lRM3ZFNVZudFB2bUVqamxud2V5bnYyWDdDVVRoeHFrU2tJcEFFQjlkTWlQa2ZWQkVtblJ2RWhEc1NmR3BZejBocDdIZFAyWlAzNDF2TEU1bGpDT0ZsLXRfcXlQN01mTUJkNHFBbjd6RndXYWdIOVJXc3M4V3ZRcHJvR215VnVWaE5zY0ItRXJybUIwTVRMMW1xYWRJSjFzUl9IQW5jc0ZfMHZZR1ZpZl9ReE1TQ3VWVGhyTFVQSFR2RXN0Y1dwMFlGT2tEWGVJMjEydnMtX0tRRXJZTVNZTF9zZE9yalAtSzkzeUtGdFAwRjFQZVBROG1aYld3QXFHbEVEOGdOZUduRDUyRzlWRm5pTEFjeDM1MVdCd3FHOEZicGVMa2p5bkk0YjRoYzh6TmFyZEo0WnhnMVVfdHpBTXdDTEx1OXBJVnBBMVluOG9wVWhEclI1bDB6LWp5Wm1TYk9IVmtrOGZrTzY3NkxfXzVoYmV2WE1ib2NyUE5DNjFrNy01RVNSbzd3YVpwZGU5Z3pXRm1TWlVwUFB2OEl4cHVPZDU4NWFoNXc5VlRudVk2MlZUY0VxWFhVNXI0bEFnZkluRkpObTJGbGgtQWI0M1FOZHhESTB5X1JEZ01nLVd6b29wdlFQZlRnTG9xajVfNVR6WFo1Y3hlajRBajkwTklXa2hxTmZrdUhYRXlmcGlfZU02ckE5WmdXWmFjVWNpRktSa19WQWF0QnlBMXlsbkI3Qy01SmVnUkp3Sl9vRjNCR1FzdkhHRDRZTUVhWXl1clpSS2hxTXFaTVk4TDdMaFBYV3VJOEdXanpZQXJMenpjZ19HUnVjTVY0Mk84Z0NoRWZCUHVJR1JzOVFqSDJUbDNfdFhncU9rcWRtaC1jcDNXczNSTVhSZEVLRXhieVoyemlSY3RZRDJKM0ZnU090M3hoTmpPZ2NtU0diVUJXLU0xRXUxYUZzUDZqdVppNFRwcl9fd00zTU5SQVVZOURSZDBsS2h2QVk5Q0lPYVBwbHZFVS0wb1NBT2lINWN2S2wxWnUzejF2MU1SUms3ZjZtMGFGZU9ocGdYUjlISVNpTjA2anZJTmFrT0xzcS1BWms3TjdydjJYV0ZnTmlYY3hxNm1DWlBkdlA4Y1R1VkRucDBpWkdVOGFJdTBsVENOenVyWHhCZTc4dGJ6MzZSbmo4aDFBcEJOeGVrbVdGLXAtQVdUSFNhbHZUbWVoNTljTXdManNwbWVtRTZVaU1uLVZTR2VKWUV2MTBFSG1mT0RtLVcya3RDZUFPR0hhNE9Sb0RvaEw0XzItY3hLSHhyM2p6V0l1ZlhMMUZxQ00yTTAwOFVZbnBjRWlZSnNXM01OSXcyV2Z4YjdDJnNhaT1BTWZsLVlUYTA0U0NBNlowckhoanM2MnlrcklDT0RxOHFrRHNVWUQ2ZTQtTTgyWW1uNXU2dU1NeWZMRGRxdTNQTmNueFNmb2pTVmFFYlZLNkVBclFqQW54cm85bnNXQlBjc05rVGxlUHVrSnlXNWdJNzdHUzRZRUNLMHBnTVhIVmtOYV9HS0pqYmh2a2hkbm12X1YzNlhqMVd0ZmVqYXR5S3VEN3dIcFp2OVAyQ2Y0T0xhalc0REVhdFJfeG84SkRUVjFGUFkwUnhqaDhMZ2x5UnFqOHpfcHVnRVpGN1J5WVY0S3JheFZ2enFNdTY2U3ZYTUk2a3Bvc3hDRVZxeHVyT0VQQXozRzJDdWhBbTd3REhLV214c05mZ3lpR1FDcUdyU0NxU2xGV3Y4b1g1T2Mmc2lnPUNnMEFyS0pTekhsLUpWM0VQZldTRUFFJmNyeT0xJmZic19hZWlkPVtnd19mYnNhZWlkXSZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5jaXNjby5jb20vYy9kZV9kZS9wcm9kdWN0cy9zZWN1cml0eS9maXJld2FsbHMvZ2V0LXN0YXJ0ZWQuaHRtbCUzRkNDSUQlM0RjYzAwMzA1MyUyNk9JRCUzRHRybHNjMDI3MDU0JTI2RFRJRCUzRHBkaXByZzAwMDAwMSUyNmRjbGlkJTNEJTI1ZWRjbGlkISIK%252526dc_cid%25253D203224912%252526dc_adid%25253D570667618&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 131ms
130ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=a~lopy3dwt&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fpixel.png%253FeyJ0eXBlIjoiU1RBUlQiLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0LyJ9fSwiY3VzdG9tIjp7ImN1c3RvbTEiOiIiLCJjdXN0b20yIjoiMi4wIiwiY3VzdG9tMyI6IjIuMCIsImN1c3RvbTciOiIxMTM1NzYwIiwiY3VzdG9tOCI6Ijc2MTA1NTE0IiwiZGF2M19kZXZpY2UiOiJERVZJQ0VUWVBFX1VOS05PV04iLCJkYXYzX291dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwiLCJkYXYzX3VhIjoiIiwibW9uaXRvcmluZyI6ImZhbHNlIiwicmVnaW9uIjoiaWUiLCJ4c2lkIjoiNzQ4MmYyYjgtN2FlMC00ODAwLWJhYWYtNDEzYjMzNmE2NGQ4In0sInRpbWVzdGFtcCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIiwiaGVhZGVycyI6eyJoZWFkZXIxMCI6IjIwNTA5Njk3NjU2IiwiaGVhZGVyMTIiOiJhZC5kb3VibGVjbGljay5uZXQiLCJoZWFkZXIzIjoiR29vZ2xlMiIsImhlYWRlcjQiOiI3IiwiaGVhZGVyOCI6Imlhc28iLCJoZWFkZXI5IjoiIn0sImNiIjoiMTY5OTQ1OTEzNDc2MDA5Njk3NSIsImFkRHVyYXRpb24iOjE3MDUwMzI3MDQsImlhc1NpbmdsZXRhZyI6dHJ1ZSwiaWFzU2luZ2xldGFnT3V0Y29tZSI6Ik9VVENPTUVfTV9fVkFTVF9fT01JRF9fV0VCX1BYTCJ9%2526advEntityId%253D1135760%2526pubEntityId%253D76105514&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 133ms
132ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=b~lopy3dwu&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fs0.2mdn.net%252Fdot.gif&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 133ms
132ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=c~lopy3dwu&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fpixel.png%253FeyJ0eXBlIjoiU0VDT05EQVJZX0lNUFJFU1NJT04iLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0LyJ9fSwiY3VzdG9tIjp7ImN1c3RvbTEiOiIiLCJjdXN0b20yIjoiMi4wIiwiY3VzdG9tMyI6IjIuMCIsImN1c3RvbTciOiIxMTM1NzYwIiwiY3VzdG9tOCI6Ijc2MTA1NTE0IiwiZGF2M19kZXZpY2UiOiJERVZJQ0VUWVBFX1VOS05PV04iLCJkYXYzX291dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwiLCJkYXYzX3VhIjoiIiwibW9uaXRvcmluZyI6ImZhbHNlIiwicmVnaW9uIjoiaWUiLCJ4c2lkIjoiNzQ4MmYyYjgtN2FlMC00ODAwLWJhYWYtNDEzYjMzNmE2NGQ4In0sInRpbWVzdGFtcCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIiwiaGVhZGVycyI6eyJoZWFkZXIxMCI6IjIwNTA5Njk3NjU2IiwiaGVhZGVyMTEiOiJEQ00iLCJoZWFkZXIxMiI6ImFkLmRvdWJsZWNsaWNrLm5ldCIsImhlYWRlcjMiOiJHb29nbGUyIiwiaGVhZGVyNCI6IjciLCJoZWFkZXI4IjoiaWFzbyIsImhlYWRlcjkiOiIifSwiY3JlYXRpdmVJZCI6IjIwMzIyNDkxMiIsImNiIjoiMTY5OTQ1OTEzNDc2MTY4NjczMyIsImFkRHVyYXRpb24iOi0xLCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwifQ%253D%253D%2526advEntityId%253D1135760%2526pubEntityId%253D76105514%2526iris_id%253D%255BIRIS_ID%255D%2526ss_iris_id%253D%257B%257BIRIS_ID%257D%257D%2526fw_iris_id%253D%2523%257Brequest.keyValue(%252522_fw_content_id%252522)%257D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 133ms
132ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=d~lopy3dwu&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fpixel.adsafeprotected.com%252Frfw%252Fst%252F1135760%252F76105515%252Fskeleton.gif%253Fxmtp%253Dv%2526xmapp%253D0%2526xsId%253D7482f2b8-7ae0-4800-baaf-413b336a64d8%2526bidurl%253Dhttps%253A%252F%252Fcybernews.com%252Fsecurity%252Fhello-alfred-data-leak%252F%2526ias_campId%253D1008772806%2526ias_pubId%253Dpub-5928161074779380%2526ias_placementId%253D20509697656%2526ias_chanId%253D1%2526ias_dealId%253D%2526ias_impId%253Dv4~~ABAjH0jHKSgm4m9ZBTAwesRLlbiJ%2526ias_dspId%253D3%2526ias_creativeId%253D203224912%2526ias_%253D%2526ias_xappb%253D%2526mon%253D76105515&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 133ms
133ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=e~lopy3dwu&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fpixel.png%253FeyJ0eXBlIjoiUVVBUlRJTEUxIiwicHVibGlzaGVyVXVpZCI6ImE1ZGIwMmIwLTJiNzgtNDlhMy04NGZmLTAwNTU5ZDY5N2NiOSIsInNpdGVVdWlkIjoiYWZkZGVmNWQtYzIwNC00MGE5LWI0ZmItOTY1YTE0NWQwNjk2IiwiYmlkUmVxdWVzdCI6eyJzaXRlIjp7InBhZ2UiOiJodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC8ifX0sImN1c3RvbSI6eyJjdXN0b20xIjoiIiwiY3VzdG9tMiI6IjIuMCIsImN1c3RvbTMiOiIyLjAiLCJjdXN0b203IjoiMTEzNTc2MCIsImN1c3RvbTgiOiI3NjEwNTUxNCIsImRhdjNfZGV2aWNlIjoiREVWSUNFVFlQRV9VTktOT1dOIiwiZGF2M19vdXRjb21lIjoiT1VUQ09NRV9NX19WQVNUX19PTUlEX19XRUJfUFhMIiwiZGF2M191YSI6IiIsIm1vbml0b3JpbmciOiJmYWxzZSIsInJlZ2lvbiI6ImllIiwieHNpZCI6Ijc0ODJmMmI4LTdhZTAtNDgwMC1iYWFmLTQxM2IzMzZhNjRkOCJ9LCJ0aW1lc3RhbXAiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImhlYWRlcnMiOnsiaGVhZGVyMTAiOiIyMDUwOTY5NzY1NiIsImhlYWRlcjEyIjoiYWQuZG91YmxlY2xpY2submV0IiwiaGVhZGVyMyI6Ikdvb2dsZTIiLCJoZWFkZXI0IjoiNyIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2OTk0NTkxMzQ3NTk3MTc1NzkiLCJhZER1cmF0aW9uIjoxNzA1MDMyNzA0LCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZBU1RfX09NSURfX1dFQl9QWEwifQ%253D%253D%2526advEntityId%253D1135760%2526pubEntityId%253D76105514&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 644E 0
17 B 131ms
131ms Ping
image/gif 2607:f8b0:4009:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=f~lopy3dwv&c=4512503951544&slotId=2256251975772&qqid=CP6yys_itIIDFeNXDwIdU2QOKA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1810&mt=video%2Fmp4&vs=1280x720&dm=6000&event_name=first_pause&asset_bytes=1741282&video_bytes=1514096&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=30&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=8&video_played_seconds=6.02&video_muted=true&video_seconds_loaded=6.02&vqdf=12&vqtf=180&vqfr=30&endedMediaDiff=-16
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231106_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:803::2003 Utica, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dt
dt.adsafeprotected.com/ Frame 644E
Redirect Chain

https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiQ09NUExFVEUiLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjV...
https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A5%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted...

43 B
215 B

173ms
173ms

Image
image/gif

2600:1f13:800:7782:88c8:2bb4:1468:fce7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A5%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoThirdQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoComplete%2Csl%3An%2Cad_duration%3A1705032704.1151%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Protocol: H2
Server: 2600:1f13:800:7782:88c8:2bb4:1468:fce7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 15:59:01 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Redirect headers

Location: https://dt.adsafeprotected.com/dt?anId=10173&asId=7482f2b8-7ae0-4800-baaf-413b336a64d8&tv=%7BpingTime%3A-4%2Ctime%3A-1%2Ctype%3Am%2Cve%3A%7BvEventCount%3A5%2CvEvents%3A%5B%7Bt%3A-2%2Ctp%3AadStarted%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoFirstQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoMidpoint%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoThirdQuartile%2Csl%3An%2Cad_duration%3A1705032704%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%2C%7Bt%3A-2%2Ctp%3AadVideoComplete%2Csl%3An%2Cad_duration%3A1705032704.1151%2Cwidth%3A-2%2Cheight%3A-2%2Cvolume%3A-2%7D%5D%7D%7D
Date: Wed, 08 Nov 2023 15:59:01 GMT
Connection: keep-alive
Content-Length: 0
Vary: Origin
Content-Type: image/png

GET
H3 200 dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D4%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26p0%3D0,0,0,0%26p1...
ade.googlesyndication.com/ddm/activity/ Frame 644E 42 B
63 B 56ms
56ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIhJeZ0OK0ggMVdiUGAB3XFgGrEAAYACDQ7vNgQhMI_rLKz-K0ggMV41cPAh1TZA4o;met=1;acvw=sv%3D958%26v%3D20231106%26cb%3Dout%26e%3D4%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,138,273,611%26p0%3D0,0,0,0%26p1%3D7,138,273,611%26p2%3D7,138,273,611%26p3%3D7,138,273,611%26tos%3D0,0,0,5727,0%26mtos%3D0,0,0,5727,5727%26amtos%3D0,0,0,0,0%26mtos1%3D0,0,1370%26mtos2%3D0,0,1590%26mtos3%3D0,0,1325%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26a3%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D5992%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D21%26pst%3D266%26dur%3D6016%26vmtime%3D6016%26dvs%3D0%26dfvs%3D0%26dvpt%3D1442%26is%3D33554706%26i0%3D33554450%26i1%3D33554706%26i2%3D33554706%26i3%3D33554706%26ic%3D0%26cs%3D33555218%26c%3D0.41%26c0%3D0%26c1%3D0,0.41,0.41%26c2%3D0.41%26c3%3D0.41%26mc%3D0.41%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,1442,1442%26qnc%3D0.41%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D111318164%26psm%3D127%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5727%26ss0%3D0%26ss1%3D0,0.02,0.02%26ss2%3D0.02%26ss3%3D0.02;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.02%26t%3D1699459135408;ecn1=1;etm1=0;eid1=13;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS