www.techradar.com Open in urlscan Pro
151.101.114.114 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Submission: On June 19 via api (June 19th 2021, 11:19:12 am UTC) from US

Summary HTTP 406 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 71 IPs in 7 countries across 71 domains to perform 406 HTTP transactions. The main IP is 151.101.114.114, located in Frankfurt am Main, Germany and belongs to FASTLY, US. The main domain is www.techradar.com.
TLS certificate: Issued by R3 on May 20th 2021. Valid for: 3 months.

This is the only time www.techradar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	151.101.114.114 151.101.114.114	54113 (FASTLY) (FASTLY)
9	185.113.25.52 185.113.25.52	20596 (FUTURE) (FUTURE)
15	67.27.234.124 67.27.234.124	3356 (LEVEL3) (LEVEL3)
6	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2600:9000:210... 2600:9000:2104:1800:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1 5	65.9.77.122 65.9.77.122	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.86.61 65.9.86.61	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
23	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
20	51.210.215.111 51.210.215.111	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1 7	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:15d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:1997	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY)
3	151.101.14.137 151.101.14.137	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	65.9.77.45 65.9.77.45	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3039::6815:c077	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::ac43:4686	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.246.143.132 54.246.143.132	16509 (AMAZON-02) (AMAZON-02)
1	52.211.195.119 52.211.195.119	16509 (AMAZON-02) (AMAZON-02)
2	3.127.178.105 3.127.178.105	16509 (AMAZON-02) (AMAZON-02)
1	104.111.228.137 104.111.228.137	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
4	3.231.179.169 3.231.179.169	14618 (AMAZON-AES) (AMAZON-AES)
6	54.194.137.128 54.194.137.128	16509 (AMAZON-02) (AMAZON-02)
2 2	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
14 99	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	104.16.91.60 104.16.91.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	185.86.138.114 185.86.138.114	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
2 2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	18.195.130.212 18.195.130.212	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
3	185.113.25.62 185.113.25.62	20596 (FUTURE) (FUTURE)
8	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	104.18.133.145 104.18.133.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
38	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	52.212.39.74 52.212.39.74	16509 (AMAZON-02) (AMAZON-02)
12	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
4 6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 4	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
2	52.213.246.12 52.213.246.12	16509 (AMAZON-02) (AMAZON-02)
4 6	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
3 3	18.197.99.6 18.197.99.6	16509 (AMAZON-02) (AMAZON-02)
3 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	35.156.250.242 35.156.250.242	16509 (AMAZON-02) (AMAZON-02)
3	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	72.251.244.140 72.251.244.140	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	65.9.77.106 65.9.77.106	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 1	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
2 2	216.52.2.48 216.52.2.48	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	185.29.133.199 185.29.133.199	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 3	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
2 2	3.123.143.157 3.123.143.157	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	185.86.139.94 185.86.139.94	201081 (SMARTADSE...) (SMARTADSERVER)
2	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
24	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
2	151.101.13.181 151.101.13.181	54113 (FASTLY) (FASTLY)
5	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
406	71

2 151.101.114.114 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.techradar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.113.25.52 (Bath, United Kingdom)

ASN20596 (FUTURE, GB)
PTR: vif13.web.future.net.uk

hawk.techradar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 67.27.234.124 (United States)

ASN3356 (LEVEL3, US)

vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mos.cms.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

bordeaux.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
champagne.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
slice.vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.servebom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2104:1800:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.77.122 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

uk-script.dotmetrics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.86.61 (United States)

ASN16509 (AMAZON-02, US)

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 51.210.215.111 (France)

ASN16276 (OVH, FR)
PTR: dtk-lb-gra06.dginfra.net

www.ultimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
medialb.ultimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.videoadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:15d (United States)

ASN13335 (CLOUDFLARENET, US)

boot.pbstck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:1997 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pbstck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.14.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.45 (United States)

ASN16509 (AMAZON-02, US)

static.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c077 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

futureplc-com.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.143.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-143-132.eu-west-1.compute.amazonaws.com

p.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.195.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.178.105 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.228.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-137.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.99.241 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.231.179.169 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-179-169.compute-1.amazonaws.com

api.bam-x.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.194.137.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.244 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

99 142.250.185.98 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.91.60 (United States)

ASN13335 (CLOUDFLARENET, US)

dmp.truoptik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.114 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.131 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.130.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

pool.grid-data.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.113.25.62 (Bath, United Kingdom)

ASN20596 (FUTURE, GB)
PTR: vif01.web.future.net.uk

api.vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.133.145 (United States)

ASN13335 (CLOUDFLARENET, US)

config.seedtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.39.74 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.89 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.242.245 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.246.12 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.94.180.126 (United States) 4 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.197.99.6 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.156.250.242 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-250-242.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:fa8:8806:16::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.140 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.77.106 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.133.199 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.93 (Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:110:c305::8000 (United Kingdom) 3 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.143.157 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.94 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

widget.perfectmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	googlesyndication.com a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	465 KB
92	doubleclick.net 14 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	331 KB
38	2mdn.net s0.2mdn.net	2 MB
29	taboola.com cdn.taboola.com trc.taboola.com 15.taboola.com trc-events.taboola.com vidstat.taboola.com images.taboola.com	580 KB
23	futurecdn.net vanilla.futurecdn.net bordeaux.futurecdn.net champagne.futurecdn.net cdn.mos.cms.futurecdn.net slice.vanilla.futurecdn.net api.vanilla.futurecdn.net	518 KB
19	ultimedia.com www.ultimedia.com medialb.ultimedia.com	581 KB
11	techradar.com www.techradar.com hawk.techradar.com	388 KB
9	yahoo.com 6 redirects ads.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	6 KB
9	openx.net 7 redirects us-u.openx.net rtb.openx.net	2 KB
9	google.com 1 redirects ampcid.google.com www.google.com adservice.google.com	2 KB
8	googletagservices.com www.googletagservices.com	289 KB
7	cpx.to p.cpx.to s.cpx.to	9 KB
6	spotxchange.com 4 redirects sync.search.spotxchange.com	4 KB
6	adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	95 KB
5	ampproject.org cdn.ampproject.org	100 KB
4	turn.com 2 redirects ad.turn.com r.turn.com	2 KB
4	teads.tv 2 redirects sync.teads.tv	828 B
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	pubmatic.com 4 redirects image2.pubmatic.com image6.pubmatic.com	1 KB
4	smartadserver.com 4 redirects sync.smartadserver.com ssbsync.smartadserver.com	2 KB
4	adnxs.com 3 redirects secure.adnxs.com ib.adnxs.com	4 KB
4	bam-x.com api.bam-x.com	3 KB
4	unpkg.com 2 redirects unpkg.com	10 KB
3	dotomi.com dclk-match.dotomi.com	310 B
3	3lift.com 3 redirects eb2.3lift.com	1 KB
3	advertising.com 3 redirects pixel.advertising.com	1 KB
3	nr-data.net bam.eu01.nr-data.net	475 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	5 KB
3	google.de ampcid.google.de www.google.de adservice.google.de	1 KB
3	google-analytics.com www.google-analytics.com	38 KB
2	perfectmarket.com widget.perfectmarket.com	33 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	quantserve.com cms.quantserve.com	925 B
2	smaato.net 2 redirects s.ad.smaato.net	856 B
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	ctnsnet.com 2 redirects gcm.ctnsnet.com	881 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	890 B
2	adsrvr.org 2 redirects match.adsrvr.org	898 B
2	eyeota.net ps.eyeota.net	2 KB
2	googletagmanager.com www.googletagmanager.com	75 KB
2	jsdelivr.net cdn.jsdelivr.net	3 KB
2	cloudflare.com cdnjs.cloudflare.com	113 KB
2	pbstck.com boot.pbstck.com cdn.pbstck.com	47 KB
2	parsely.com cdn.parsely.com p1.parsely.com	21 KB
2	dotmetrics.net uk-script.dotmetrics.net	4 KB
2	consensu.org quantcast.mgr.consensu.org	73 KB
1	sitescout.com pixel-sync.sitescout.com	191 B
1	mathtag.com 1 redirects sync.mathtag.com	816 B
1	simpli.fi 1 redirects um.simpli.fi	710 B
1	travelaudience.com 1 redirects ads.travelaudience.com	608 B
1	seedtag.com config.seedtag.com	12 KB
1	bidswitch.net pool.grid-data.bidswitch.net	220 B
1	truoptik.com dmp.truoptik.com
1	rubiconproject.com token.rubiconproject.com	214 B
1	bluekai.com stags.bluekai.com	1002 B
1	facebook.com www.facebook.com	147 B
1	facebook.net connect.facebook.net	2 KB
1	bkrtx.com tags.bkrtx.com	16 KB
1	ml314.com ml314.com	13 KB
1	btloader.com btloader.com	6 KB
1	videoplayerhub.com 1 redirects futureplc-com.videoplayerhub.com	553 B
1	narrativ.com static.narrativ.com	42 KB
1	newrelic.com js-agent.newrelic.com	15 KB
1	videoadex.com ads.videoadex.com	237 B
1	skimresources.com r.skimresources.com	405 B
1	servebom.com ads.servebom.com	201 B
1	onesignal.com cdn.onesignal.com	3 KB
0	wbtrk.net Failed um.wbtrk.net Failed
406	71

	Domain	Requested by
56	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
52	pagead2.googlesyndication.com	securepubads.g.doubleclick.net a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com www.techradar.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
38	s0.2mdn.net	www.techradar.com a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com s0.2mdn.net
35	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.techradar.com a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net
14	vanilla.futurecdn.net	www.techradar.com vanilla.futurecdn.net
13	www.ultimedia.com	vanilla.futurecdn.net www.ultimedia.com www.techradar.com
12	googleads4.g.doubleclick.net	www.techradar.com
12	googleads.g.doubleclick.net	www.techradar.com a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
11	cdn.taboola.com	www.techradar.com cdn.taboola.com
11	securepubads.g.doubleclick.net	bordeaux.futurecdn.net securepubads.g.doubleclick.net www.techradar.com www.googletagservices.com
9	hawk.techradar.com	www.techradar.com hawk.techradar.com
8	images.taboola.com	www.techradar.com
8	www.googletagservices.com	securepubads.g.doubleclick.net a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
7	a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	www.google.com	1 redirects www.techradar.com a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com tpc.googlesyndication.com
6	sync.search.spotxchange.com	4 redirects googleads.g.doubleclick.net
6	us-u.openx.net	4 redirects googleads.g.doubleclick.net
6	s.cpx.to	p.cpx.to
6	medialb.ultimedia.com
5	trc-events.taboola.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	ups.analytics.yahoo.com	3 redirects googleads.g.doubleclick.net
4	sync.teads.tv	2 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	api.bam-x.com	static.narrativ.com
4	unpkg.com	2 redirects www.ultimedia.com
3	trc.taboola.com	cdn.taboola.com
3	pr-bh.ybp.yahoo.com	3 redirects
3	dclk-match.dotomi.com	a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
3	eb2.3lift.com	3 redirects
3	rtb.openx.net	3 redirects
3	pixel.advertising.com	3 redirects
3	api.vanilla.futurecdn.net	vanilla.futurecdn.net
3	bam.eu01.nr-data.net	www.ultimedia.com
3	sb.scorecardresearch.com	1 redirects www.techradar.com
3	www.google-analytics.com	www.techradar.com vanilla.futurecdn.net
3	bordeaux.futurecdn.net	www.techradar.com bordeaux.futurecdn.net
2	widget.perfectmarket.com	cdn.taboola.com widget.perfectmarket.com
2	dt.adsafeprotected.com
2	ssbsync.smartadserver.com	2 redirects
2	pm.w55c.net	2 redirects
2	r.turn.com	a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	ap.lijit.com	2 redirects
2	cms.quantserve.com	a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
2	s.ad.smaato.net	2 redirects
2	tracking.m6r.eu	2 redirects
2	image6.pubmatic.com	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	ads.yahoo.com	googleads.g.doubleclick.net
2	static.adsafeprotected.com	pixel.adsafeprotected.com www.techradar.com
2	ib.adnxs.com	1 redirects googleads.g.doubleclick.net
2	pixel.adsafeprotected.com	www.techradar.com
2	image2.pubmatic.com	2 redirects
2	match.adsrvr.org	2 redirects
2	sync.smartadserver.com	2 redirects
2	secure.adnxs.com	2 redirects
2	ps.eyeota.net	www.techradar.com ps.eyeota.net
2	www.googletagmanager.com	www.techradar.com
2	cdn.jsdelivr.net	www.ultimedia.com
2	cdnjs.cloudflare.com	www.ultimedia.com
2	uk-script.dotmetrics.net	www.techradar.com
2	quantcast.mgr.consensu.org	www.techradar.com quantcast.mgr.consensu.org
2	www.techradar.com	www.techradar.com
1	vidstat.taboola.com	cdn.taboola.com
1	15.taboola.com	cdn.taboola.com
1	pixel-sync.sitescout.com	a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	sync.mathtag.com	1 redirects
1	um.simpli.fi	1 redirects
1	ads.travelaudience.com	1 redirects
1	config.seedtag.com	www.techradar.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pool.grid-data.bidswitch.net
1	dmp.truoptik.com
1	token.rubiconproject.com
1	stags.bluekai.com	tags.bkrtx.com
1	www.facebook.com
1	connect.facebook.net	www.techradar.com
1	tags.bkrtx.com	www.techradar.com
1	ml314.com	www.techradar.com
1	p.cpx.to	www.techradar.com
1	btloader.com
1	futureplc-com.videoplayerhub.com	1 redirects
1	static.narrativ.com	www.techradar.com
1	js-agent.newrelic.com	www.ultimedia.com
1	cdn.pbstck.com	boot.pbstck.com
1	ads.videoadex.com	www.ultimedia.com
1	boot.pbstck.com	www.ultimedia.com
1	r.skimresources.com	hawk.techradar.com
1	www.google.de	www.techradar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ads.servebom.com	bordeaux.futurecdn.net
1	slice.vanilla.futurecdn.net	www.techradar.com
1	p1.parsely.com	www.techradar.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	cdn.parsely.com	www.techradar.com
1	cdn.mos.cms.futurecdn.net	www.techradar.com
1	cdn.onesignal.com	www.techradar.com
1	champagne.futurecdn.net	www.techradar.com
0	um.wbtrk.net Failed	a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
406	106

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
global.techradar.com
www.futureplc.com
pinterest.com
www.bleepingcomputer.com
oag.ca.gov
www.verbraucherritter.de
popup.taboola.com
om.forgeofempires.com
trc.taboola.com
de.slow-watches.com

Subject Issuer	Validity	Valid
techradar.com R3	`2021-05-20` - `2021-08-18`	3 months	crt.sh
hawk.techradar.com R3	`2021-06-15` - `2021-09-13`	3 months	crt.sh
*.futurecdn.net DigiCert SHA2 High Assurance Server CA	`2020-06-26` - `2022-07-11`	2 years	crt.sh
bordeaux.futurecdn.net R3	`2021-05-15` - `2021-08-13`	3 months	crt.sh
champagne.futurecdn.net R3	`2021-05-07` - `2021-08-05`	3 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.dotmetrics.net Amazon	`2020-11-23` - `2021-12-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.parsely.com Amazon	`2020-08-02` - `2021-09-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
slice.vanilla.futurecdn.net R3	`2021-05-16` - `2021-08-14`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
ads.servebom.com R3	`2021-05-12` - `2021-08-10`	3 months	crt.sh
*.ultimedia.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-03-05`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2020-09-10` - `2021-10-12`	a year	crt.sh
pbstck.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
*.videoadex.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-02` - `2022-03-05`	2 years	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-21` - `2022-04-10`	a year	crt.sh
*.eu01.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-04` - `2022-02-08`	2 years	crt.sh
static.narrativ.com Amazon	`2021-04-30` - `2022-05-29`	a year	crt.sh
p.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
*.ml314.com Amazon	`2021-01-17` - `2022-02-14`	a year	crt.sh
*.eyeota.net R3	`2021-04-29` - `2021-07-28`	3 months	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2021-04-02` - `2022-04-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
api.narrativ.com Amazon	`2021-04-30` - `2022-05-29`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-02-09`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.truoptik.com Go Daddy Secure Certificate Authority - G2	`2020-10-19` - `2021-11-20`	a year	crt.sh
pool.grid-data.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-06` - `2022-03-06`	2 years	crt.sh
api.vanilla.futurecdn.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
teads.tv R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-06-16` - `2021-07-28`	a month	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-22` - `2021-09-15`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.turn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-31` - `2022-03-31`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
widget.perfectmarket.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 43 frames:

Primary Page: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Frame ID: C8DE1142639BB6AD078EBDECB7DEBDE6
Requests: 136 HTTP requests in this frame

Frame: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
Frame ID: 9A893744EA1ECD3E05E4DCE4622BA38D
Requests: 16 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/75049?ret=html&phint=kw%3DBusiness%20and%20finance%20software%2CPC%20%26%20Mac%2CSoftware%2CComputing&phint=__bk_t%3DTurboTax%20customer%20accounts%20affected%20by%20cyberattack%20%7C%20TechRadar&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&phint=__bk_v%3D3.1.10&limit=4&r=86830279
Frame ID: 89D9E8D2668AC7DECD92BD9328E67E33
Requests: 1 HTTP requests in this frame

Frame: https://api.bam-x.com/api/v0/session.html
Frame ID: F9CA096843ABBABCCD52B0D2AFD8CDA6
Requests: 1 HTTP requests in this frame

Frame: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 46653147885F66D8B8A99451EB692ABF
Requests: 15 HTTP requests in this frame

Frame: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B999CBCBBE22D7384858ABA95CD4FC0D
Requests: 15 HTTP requests in this frame

Frame: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1CD52475676F8303068580AF6995DB3C
Requests: 15 HTTP requests in this frame

Frame: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 02630354988D670E50E4E6E55D37A630
Requests: 15 HTTP requests in this frame

Frame: https://config.seedtag.com/loader.js?v=0.11664520064068995
Frame ID: E2A84F28B7A6795D2BCCE7972DADE0AE
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMp-qDJE_LLMrjC_9i3XnkqF1mmpgCFABNP_VOUxnPMvfFw4gCgqYShUAaX8BFN3JvSCjTFec7xKT_1AAR3dDU3tsYjtidhEHytbQr5jZVkKubA4dvE_a3lD8X7pUWRJrxPu7gSLoUBANtRcuGzRuTZ8tfXK1uOnxyDbm-d1zcwWcK58H22GMY19kIToZ_fay7kXIQz93PaU9PiehBjFSj9Ek2ubiNtyWwEDoGGx1ic0hBplfhvRtfkQxpHeZZ4gNkDioqXMDdJEJ-BWUGWuv6pEgtmQ5uBjQIQux2BYmOTSHRd8aXYJHW2G2QzVxljGn5H3fznCk&sig=Cg0ArKJSzKjiudonoEBFEAE&adurl=
Frame ID: 6037113A830E735E8AEA0E04F04271C9
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032106141722000/amp4ads-v0.mjs
Frame ID: 64CB0DBF2DA17675EE8D9B15CC6EA617
Requests: 15 HTTP requests in this frame

Frame: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A51725346BEED6D29A5C19D163E33D87
Requests: 14 HTTP requests in this frame

Frame: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1EE752017CEFD350187794A5C8685A20
Requests: 13 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=923193&campId=600x350&pubId=175633129&chanId=21792298605&placementId=5650696253&pubCreative=138344316664&pubOrder=2828023179&cb=120509958&adsafe_par&impId=&custom=&custom2=
Frame ID: 78D287FD3D1866971DB6E3E76F398FC5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhikz8SrATAB&v=APEucNUPeZ7sY74KBN6QuT6zjFFv80dbg2v65GOy9fpmlsQ6YB-DNM3gYtycmFvBktDgX9DJXd-A7RV8yHEvb7hOmLn5_m0mp9Bwc_5ntm2QPGUdI1KSrcCL118c4EgqXgYpTg197Me0XZXfGtB8U2rbxemeRCsGCgCpWwyofWobEtBP9LQz8tg
Frame ID: 06B52B5E5441AA492EFFF0C683221ACF
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNVU1IAEN_cTCzg3zu864BAVsP-F1ihDqcKpuoPsNzQm8V24ADhCUtIQn9qDyzJ2pJAvB9f5A0pCSxkNDwbex7igDD2kkTjXbIC41kDxNuun_togX0SFnc41w0_QAwT3ZTvT3Vj8568tg199m7_3DhTETSH3ivWvUXi28sRAN7X_CzmJXT4
Frame ID: D8427374B5BA85CA8871D5FC7DC1CEBF
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNX_5q8sfDy7uhxyjdmKxmvwFms1WjedXeYPbekouhu2-eXFIFAnleBL6Ngun7pOkz1qZ8lGZJBBBpxfEKCDBQ3oUPZIFDe801l9kuDTVqWkh7uF4nfb8eCE0UyS3bu8d8k1C499H8VaeLn8Q0tw7ZoO5ZQEQA4_vMNAUR333JXrQpPcoYM
Frame ID: E1F9595BA9A4EA149BF4D54D68CE6511
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNWbr52GxX59ZfolpNn7qDqjTjb7ECCVFVHBmmSm4MDyif3rXH3IspXvtCUp47Fa8-hvK78g0o-AUaOecjc9UvXziE-rMVo6sifMINOLFk_l9jiNpaSXcxjigHTbyst2bb49UfgkZzy2f5iXwnZNsI066er758x_5otgShjs1GE2Asm36lM
Frame ID: 75A7D269EEAF677A08BCBC083BC43FA4
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNUZ1Gu4NNV8dv4UcDbXYJhd8ZL9G9D8jgg5yaiSeot0FFUOF-3Py93Yy-R9npub6H9y_KN-smMJ4cRocQLL7l4vATxqxEi07lJcB9zYSTvUTra-yFBL-4DMVAsc8qtVM58vltMIf-rdCuGcNZZhtRPs8pXy2t7OSchrcp48mJoEScoO_GA
Frame ID: 95CE6A25631B12BBE86769F8487455EA
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNX1qgZOcLHQ8snkEUwHrj3q9oxneOpRfKWqICxO_0hVfhDD0sJZrATv8n_AYRNAP6zHeOsDjf_HP0vcwzokr_EIkc1Hk0SzvAC8LsP7a0HJSuA3Kvpe8BHeVSzRXsS2gH9n9IzBISY57dZ_o1bYp45viYlLHE9Jpn4fB9e7IjltyA838fE
Frame ID: 5A3983D0B3F1D11FED61796A318BB0C6
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: FBFF5A0269684371F9E2EB61F2253BA3
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AA547F70D9B49FD71E8DA162F0F1E00B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 930FD65F6C3A4DB2EFEB6D3C00FAFC75
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 47506CCDA35709882A336172B32DBC4D
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4AE6E0DD0BEB1B84A44C52F5E9781F47
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3D8FF6EBB150DDEC5F3E103255DEDFCA
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
Frame ID: 478ABA1AF60178B5CC8C3A44F022090D
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
Frame ID: FCD4D846C8AF36F3F8ABF8C1087C44DA
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
Frame ID: 3041363511CFB1E8C0583C2568339155
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 10FA7F7D5EBF0CB8EB12E91DC95A19B6
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5B10F8F4FEDCE7E89FEC2C040A38A74D
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
Frame ID: 12162145F86FAC268DEA38A1F64FC752
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CBEE6729FB08441853D9BF1FED7E01BB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A0891ED0A988A2C79CBF6E1276F57C5E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 61E10B3A965D1E77A60B26598435A05B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F18D006027F39FAE23C1A053C6F5C512
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 18F069A41C78DA1145564269A1914DDE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 78B0D6A16C0C36DE9A0E9BB609C0E0F7
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.5.js
Frame ID: 72137EE6C3980B64EA6CEF82B708C445
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js
Frame ID: 4F146CB1CD092BD362AB2155C5B370F2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js
Frame ID: CFD551DD45126439C2E85E8DD3D69840
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js
Frame ID: 53C1B0F3C8446B06EE32E7BB8C95B976
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js
Frame ID: F1A9CAB14FA09383BE0E0BB5583A71F7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

406
Requests

98 %
HTTPS

35 %
IPv6

71
Domains

106
Subdomains

71
IPs

7
Countries

5820 kB
Transfer

16679 kB
Size

7
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/TechRadar
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/user?screen_name=techradar
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/techradar?sub_confirmation=1
Title:

Search URL Search Domain Scan URL

URL: https://global.techradar.com/en-za?region-switch=ZA
Title: South Africa

Search URL Search Domain Scan URL

URL: https://global.techradar.com/da-dk?region-switch=DK
Title: Danmark

Search URL Search Domain Scan URL

URL: https://global.techradar.com/fi-fi?region-switch=FI
Title: Suomi

Search URL Search Domain Scan URL

URL: https://global.techradar.com/no-no?region-switch=NO
Title: Norge

Search URL Search Domain Scan URL

URL: https://global.techradar.com/sv-se?region-switch=SE
Title: Sverige

Search URL Search Domain Scan URL

URL: https://global.techradar.com/it-it?region-switch=IT
Title: Italia

Search URL Search Domain Scan URL

URL: https://global.techradar.com/nl-nl?region-switch=NL
Title: Nederland

Search URL Search Domain Scan URL

URL: https://global.techradar.com/nl-be?region-switch=BE
Title: België (Nederlands)

Search URL Search Domain Scan URL

URL: https://global.techradar.com/fr-fr?region-switch=FR
Title: France

Search URL Search Domain Scan URL

URL: https://global.techradar.com/de-de?region-switch=DE
Title: Deutschland

Search URL Search Domain Scan URL

URL: https://global.techradar.com/es-es?region-switch=ES
Title: España

Search URL Search Domain Scan URL

URL: https://global.techradar.com/es-us?region-switch=ES_US
Title: US (Español)

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/terms-conditions/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&url=https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked&media=https://cdn.mos.cms.futurecdn.net/XxEvtaBKpJqN7Wv27Q5bvC-1200-80.jpg
Title:

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/intuit-notifies-customers-of-hacked-turbotax-accounts/
Title: Bleeping Computer

Search URL Search Domain Scan URL

URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-49249
Title: 2014/2015

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/
Title: 2019

Search URL Search Domain Scan URL

URL: https://www.verbraucherritter.de/?utm_source=na&utm_medium=ta&utm_campaign=01_Desktop_RON_Traffic&GiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDW6E0o5affs4Lg8_Vx&tblci=GiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDW6E0o5affs4Lg8_Vx#tblciGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDW6E0o5affs4Lg8_Vx
Title: Verbraucherritter

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=futureplc-techradar&utm_medium=referral&utm_content=thumbs-feed-01:Below%20Article%20Thumbnails%20|%20Card%202:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/?ref=tab_row_en_mktdet2&&external_param=2970284978&pid=futureplc-techradar&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F7e016667a06c3953bbd551436b1db2b6.jpeg&tblci=GiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDJqD8o6KzG6ZqWwNQ5#tblciGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDJqD8o6KzG6ZqWwNQ5
Title: Forge of Empires - Free Online Game

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/futureplc-techradar/log/3/click?pi=%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&ri=a7d2814d8e7db9d87be8ee352f9a6baf&sd=v2_5b585ce141d9c94298d10c53dc8f6794_abc22292-0686-4229-b72a-364456e16b55-tuct7c75825_1624101541_1624101541_CNawjgYQuM89GLur-5-iLyABKAEwODib4wlAhIoQSLCG2ANQo-wQWAFgAGixr-m1yv33zq0B&ui=abc22292-0686-4229-b72a-364456e16b55-tuct7c75825&it=text&ii=~~V1~~7963819353821056689~~OFyc7mXNB5YysWszg6uFyX8SwDy8THpsXPV7z5v_UUXTxvAnL2wqac4MyzR7uD46gj3kUkbS3FhelBtnsiJV6MhkDZRZzzIqDobN6rWmCPA3hYz5D3PLat6nhIftiT1lwdxwdlxkeV_Mfb3eos_TQbWnY7GZ-dZKuMUBQj20-id12iwxS_PQQw0DDZ7_51LwowlsRVrPEcAzBd55PBDyF5sLaFtsjYYLu1eKz2HZ7bMYKj9SoDi0gGRTWCOMPEq6UUIdg9nBBaLpV63jgzC9eDDu07MI-Vh-HMpVI0CxSx0&pt=text&li=rbox-t2v&sig=b37f44126377acd2f6bb7e673048e69ae82b983be369&redir=https%3A%2F%2Fom.forgeofempires.com%2Ffoe%2F%3Fref%3Dtab_row_en_mktdet2%26%26external_param%3D2970284978%26pid%3Dfutureplc-techradar%26bid%3Dhttp%253A%252F%252Fcdn.taboola.com%252Flibtrc%252Fstatic%252Fthumbnails%252F7e016667a06c3953bbd551436b1db2b6.jpeg%26tblci%3DGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDJqD8o6KzG6ZqWwNQ5%23tblciGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDJqD8o6KzG6ZqWwNQ5&vi=1624101541307&p=innogamesforgeofempiressc&r=99&tvi2=2512&lti=deflated&ppb=CJgG&cpb=EhMyMDIxMDYxNi0zNC1SRUxFQVNFGMgLILK8BCoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIJd2F0ZXI0MDE5OABAm-MJSISKEFCwhtgDWKPsEGMIsw0Q0BMYAmRjCNcWENQfGCNkYwiMHhDqKRgHZGMI0gMQ4AYYCGRjCJYUEJocGBhkYwj0FBCeHRgfZHIQAAAAAAAAAAAAAAAAAAAAAHgBgAECiAHJgoxJ&cta=true
Title: Play Now

Search URL Search Domain Scan URL

URL: https://de.slow-watches.com/de/?utm_source=taboola_futureplc-techradar&utm_content=142200442&utm_medium=native&utm_campaign=TABO-DE-desk&tblci=GiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDZz0copPL8xJeYtoGzAQ#tblciGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDZz0copPL8xJeYtoGzAQ
Title: slow-watches.com

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/futureplc-techradar/log/3/click?pi=%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&ri=ab544a55d55173e34433113af04dc1d2&sd=v2_5b585ce141d9c94298d10c53dc8f6794_abc22292-0686-4229-b72a-364456e16b55-tuct7c75825_1624101541_1624101541_CNawjgYQuM89GLur-5-iLyABKAEwODib4wlAhIoQSLCG2ANQo-wQWAFgAGixr-m1yv33zq0B&ui=abc22292-0686-4229-b72a-364456e16b55-tuct7c75825&it=photo&ii=~~V1~~-9005180423556933097~~7uNq0yagXIEqu7R4B2maxm54o1Bp71yUI_tDahT2nzrTxvAnL2wqac4MyzR7uD46gj3kUkbS3FhelBtnsiJV6MhkDZRZzzIqDobN6rWmCPA3hYz5D3PLat6nhIftiT1lwdxwdlxkeV_Mfb3eos_TQdTBE1-iKQ0FSc91FDjL2id12iwxS_PQQw0DDZ7_51LwIpRv15T_JK-Ani5Fs1fBT0Hbn9sOoKO83SDuxA8qUPR_-0-gvo_6SPT6071Wq10cUUIdg9nBBaLpV63jgzC9eDDu07MI-Vh-HMpVI0CxSx0&pt=text&li=rbox-t2v&sig=f4fbd77b46dc909192100c861eee5a969d3102d5b3e3&redir=https%3A%2F%2Fde.slow-watches.com%2Fde%2F%3Futm_source%3Dtaboola_futureplc-techradar%26utm_content%3D142200442%26utm_medium%3Dnative%26utm_campaign%3DTABO-DE-desk%26tblci%3DGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDZz0copPL8xJeYtoGzAQ%23tblciGiCBdPxNQ4xKR-92HM9hzMb4wTB9ce1XomqIOCi3y1JpgCDZz0copPL8xJeYtoGzAQ&vi=1624101541307&p=slowwatches-sc&r=47&tvi2=2512&lti=deflated&ppb=CLgF&cpb=EhMyMDIxMDYxNi0zNC1SRUxFQVNFGMgLILK8BCoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIJd2F0ZXI0MDE5OABAm-MJSISKEFCwhtgDWKPsEGMIsw0Q0BMYAmRjCNcWENQfGCNkYwiMHhDqKRgHZGMI0gMQ4AYYCGRjCJYUEJocGBhkYwj0FBCeHRgfZHIQAAAAAAAAAAAAAAAAAAAAAHgBgAECiAHJgoxJ&cta=true
Title: Weiterlesen

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/
Title: Visit our corporate site

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/terms-conditions/
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/privacy-policy/
Title: Privacy policy

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/cookies-policy/
Title: Cookies policy

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/accessibility-statement/
Title: Accessibility Statement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://sb.scorecardresearch.com/cs/10055482/beacon.js HTTP 302
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Request Chain 69

https://unpkg.com/@silvermine/videojs-quality-selector/dist/css/quality-selector.css HTTP 302
https://unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/css/quality-selector.css

Request Chain 73

https://unpkg.com/@silvermine/videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js HTTP 302
https://unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/js/silvermine-videojs-quality-selector.min.js

Request Chain 83

https://futureplc-com.videoplayerhub.com/galleryplayer.js HTTP 301
https://btloader.com/tag?h=futureplc-com&upapi=true

Request Chain 94

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11214%26ref%3D%26hn_ver%3D16%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11214%2526ref%253D%2526hn_ver%253D16%2526fid%253D9affc115-13f8-4de0-977d-d51fa30f34ab HTTP 302
https://s.cpx.to/an_fire?app_nexus_uid=8933602836192316962&pid=11214&ref=&hn_ver=16&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Request Chain 95

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&google_tc= HTTP 302
https://s.cpx.to/ca.png?dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&google_gid=CAESEARMt-Xco_qyQHS1O2ciZcI&google_cver=1

Request Chain 98

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab&gdpr=0 HTTP 302
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab&gdpr=0&cklb=1 HTTP 302
https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=7077615781948950241&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Request Chain 99

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
https://s.cpx.to/sync?dsp_uid=c45eb75d-38ca-4654-aeb3-8fa36a37a2f5&dsp=TTD

Request Chain 100

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab HTTP 302
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0CA14BCD-EA05-440B-BC90-69427E99453A&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Request Chain 194

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 213

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1

Request Chain 214

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YM3So.RXxROUWiLWGfuY5wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1&google_hm=2

Request Chain 215

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKpNGpkvcuflU10NPfYrksg&google_cver=1

Request Chain 216

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkzMzYwMjgzNjE5MjMxNjk2Mg%3D%3D

Request Chain 217

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1

Request Chain 218

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1

Request Chain 220

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==

Request Chain 221

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1

Request Chain 222

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1

Request Chain 224

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==

Request Chain 226

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1

Request Chain 227

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=24a12da5-d0f0-11eb-bc05-1586fee60506 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2

Request Chain 233

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1

Request Chain 234

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=24a766dd-d0f0-11eb-84cf-16ae82d30406 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2

Request Chain 236

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEOaqyvg5cpWmrjPzpRLlPjw&_origin=1&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEOaqyvg5cpWmrjPzpRLlPjw&_origin=1&google_cver=1&apid=UP24a6c645-d0f0-11eb-a177-06ee5e2b51a2

Request Chain 237

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP24a6c645-d0f0-11eb-a177-06ee5e2b51a2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAyNGE2YzY0NS1kMGYwLTExZWItYTE3Ny0wNmVlNWUyYjUxYTI%3D

Request Chain 238

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1mYXk4c3A5RTJ1RzlacWNkN2UzeTJ0ZW8xYUhkLjFZYn5B

Request Chain 284

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_cver=1&google_push=AYg5qPJAlpP_hthf1_NMaQQSOZF5dBj-gfth9uNpXSJ1ZcQH0Xh1VEzpKWg-zM_mUloE9CXbJxCx5eMIaovKX9tuS2jgYvmZM-k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJAlpP_hthf1_NMaQQSOZF5dBj-gfth9uNpXSJ1ZcQH0Xh1VEzpKWg-zM_mUloE9CXbJxCx5eMIaovKX9tuS2jgYvmZM-k

Request Chain 285

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEdpkNsiYfDOTjEpZKsCG4Q&google_cver=1&google_push=AYg5qPLDoqeDN1Z_oGl0A_1gYGlpLBIz6WXmlnVknIdxt8NpTrixT40QzJyy_xt-y6F8OOpRwUUYKs-GTsV1TqJfI7rD2YN5q1g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLDoqeDN1Z_oGl0A_1gYGlpLBIz6WXmlnVknIdxt8NpTrixT40QzJyy_xt-y6F8OOpRwUUYKs-GTsV1TqJfI7rD2YN5q1g&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk

Request Chain 286

https://ads.travelaudience.com/google_pixel?google_gid=CAESEO_RsQoaPr47IpjcEQvZ4LM&google_cver=1&google_push=AYg5qPKWi6Le97ioFLybQOEErtTPdNYzH3XcwliPKJ78qKaZk4nQxHYvVumM5_MZnfEdU18ofALVKOaJsiUoJGHgOOeyOw6JNqE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=cUaN8SMeSWaAM96O8hivIQ2&google_push=AYg5qPKWi6Le97ioFLybQOEErtTPdNYzH3XcwliPKJ78qKaZk4nQxHYvVumM5_MZnfEdU18ofALVKOaJsiUoJGHgOOeyOw6JNqE

Request Chain 287

https://rtb.openx.net/sync/dds?google_gid=CAESEIvGYVRgugJ0PUll5KiVzmM&google_cver=1&google_push=AYg5qPInYcpLT5uq1WGCk5vgd6nAh36FcHLCPTAs8AJxlPKAU5XAYmXqHJHIaL8LyZmHii6lZXabWbbB1s1n7zblaunN83ffh_E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPInYcpLT5uq1WGCk5vgd6nAh36FcHLCPTAs8AJxlPKAU5XAYmXqHJHIaL8LyZmHii6lZXabWbbB1s1n7zblaunN83ffh_E&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

Request Chain 288

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEECyjY_A6mr1AwBjuYmAaJ0&google_cver=1&google_push=AYg5qPLVL77stMCv_RUIbbT19oUVwom7RUlU3ssORjfKRhmsHzLzUVGJQ33Iu6UWvl2lbwjwS9te_Q8Db44fwdbIFAbJe7yhrk4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLVL77stMCv_RUIbbT19oUVwom7RUlU3ssORjfKRhmsHzLzUVGJQ33Iu6UWvl2lbwjwS9te_Q8Db44fwdbIFAbJe7yhrk4

Request Chain 289

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELbYp0N-U9WnZSjM3Vw23Ac&google_cver=1&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4&google_gid=CAESELbYp0N-U9WnZSjM3Vw23Ac HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4

Request Chain 300

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEDVazbNiwX_jA3l_oBpznCI&google_cver=1&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8bnnc7qzKVYi_42ZMmh8-a_vc5ObSr3A4aCBvFmsJw HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEDVazbNiwX_jA3l_oBpznCI&google_cver=1&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8bnnc7qzKVYi_42ZMmh8-a_vc5ObSr3A4aCBvFmsJw&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=wGihybAeDrZSNiMYksfd7Q&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8bnnc7qzKVYi_42ZMmh8-a_vc5ObSr3A4aCBvFmsJw

Request Chain 301

https://rtb.openx.net/sync/dds?google_gid=CAESEIvGYVRgugJ0PUll5KiVzmM&google_cver=1&google_push=AYg5qPIrf4jXhDl_IxUJuXd7cHBipUUMrJ0X89_VQn02Z64wPwOdpEZpvhdpvIGn3y5RGK8T6R24gmWzGwkQkVBuGuoZQLhf4asNtQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIrf4jXhDl_IxUJuXd7cHBipUUMrJ0X89_VQn02Z64wPwOdpEZpvhdpvIGn3y5RGK8T6R24gmWzGwkQkVBuGuoZQLhf4asNtQ&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

Request Chain 302

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEECyjY_A6mr1AwBjuYmAaJ0&google_cver=1&google_push=AYg5qPLFskTU1w67MYd-p-PRpk0jR1GLaqtv9dFMtmwDfpK3SP6wq2fANXw8YSfw1FvGuLXhlYNroidS8oSg9i4Vo744p_3fWqpDGg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLFskTU1w67MYd-p-PRpk0jR1GLaqtv9dFMtmwDfpK3SP6wq2fANXw8YSfw1FvGuLXhlYNroidS8oSg9i4Vo744p_3fWqpDGg

Request Chain 303

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1

Request Chain 304

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPdxK-VfQ289YfLQEmOyS-c&google_cver=1&google_push=AYg5qPJgsX_AiPtan3epbBRK1vsdsafstilVYtWp2FR5V9dmcpKadZSb3R6qKaCHIm3WSrwP_wh2fgJayviaStUszusGoqxUQQ-ZmQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJgsX_AiPtan3epbBRK1vsdsafstilVYtWp2FR5V9dmcpKadZSb3R6qKaCHIm3WSrwP_wh2fgJayviaStUszusGoqxUQQ-ZmQ

Request Chain 305

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL3kuy39TZhOVOoi4uGSBBc&google_cver=1&google_push=AYg5qPJ8-IkXXfMS8vabcYpMChpQbeIgMPrmKMgwRLh-Ch9f2eMWmxy0TZxYvCPPaEqEdnoXOApAPvEQvPX6Maw0QHIJJz7d0yj1nw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1TbFVUNUhwRTJ1SEN3RnVQT05IQXdYWFVnWkZ0a1FKY35B&google_push=AYg5qPJ8-IkXXfMS8vabcYpMChpQbeIgMPrmKMgwRLh-Ch9f2eMWmxy0TZxYvCPPaEqEdnoXOApAPvEQvPX6Maw0QHIJJz7d0yj1nw

Request Chain 309

https://um.simpli.fi/gp_match?google_gid=CAESEGqglBkA7caWCMYAFU2dSEE&google_cver=1&google_push=AYg5qPKoNTF5pe1HSIAMHnVgrXhT4GDzINnMbeBeEoD9IoUSDuibTee-q5ut4OG2c9tF66bNH9zjPGGwqNqHSNsb9Fk2IceMdL8R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=15F4EA4765494EB7A3C6B28DE3A0C774&google_push=AYg5qPKoNTF5pe1HSIAMHnVgrXhT4GDzINnMbeBeEoD9IoUSDuibTee-q5ut4OG2c9tF66bNH9zjPGGwqNqHSNsb9Fk2IceMdL8R

Request Chain 311

https://rtb.openx.net/sync/dds?google_gid=CAESEIvGYVRgugJ0PUll5KiVzmM&google_cver=1&google_push=AYg5qPI8TValsdBpGeoklW5o-3mhvfbBUZbjPtSiZmja0FSvuots7zdNudsAW3adM1O8vCpFheFjiz6zY4kvZkrMR9CCanM6je24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI8TValsdBpGeoklW5o-3mhvfbBUZbjPtSiZmja0FSvuots7zdNudsAW3adM1O8vCpFheFjiz6zY4kvZkrMR9CCanM6je24&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

Request Chain 312

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJPFmvRsyeh8FDs1i7qKZUY&google_cver=1&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90Zc4W16zKSi_ HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJPFmvRsyeh8FDs1i7qKZUY&google_cver=1&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90Zc4W16zKSi_&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90Zc4W16zKSi_&google_hm=0683dc14e86522b954ed3c12

Request Chain 313

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPdxK-VfQ289YfLQEmOyS-c&google_cver=1&google_push=AYg5qPKW1nfjKc51bPl1tkf6j-HmVy3ArUqIAQVV0-ZNkidW86aAjNLTjnFgt3ZqnxWzE6vZE681X_XblJE4OuBVsk3lk0TEG5ya HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKW1nfjKc51bPl1tkf6j-HmVy3ArUqIAQVV0-ZNkidW86aAjNLTjnFgt3ZqnxWzE6vZE681X_XblJE4OuBVsk3lk0TEG5ya

Request Chain 314

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELbYp0N-U9WnZSjM3Vw23Ac&google_cver=1&google_push=AYg5qPJSiGHwNHVrmQaaMTB4wzBLzdxYyUscD7YXt4nrKGqdE2h6eACrQTPZ9pKlxY1s7HjYx0fA5LTD74Ud-inTZNq7uFCuAbXf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPJSiGHwNHVrmQaaMTB4wzBLzdxYyUscD7YXt4nrKGqdE2h6eACrQTPZ9pKlxY1s7HjYx0fA5LTD74Ud-inTZNq7uFCuAbXf

Request Chain 318

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESELpTlWk_U7y74Tcs65kcU2w&google_cver=1&google_push=AYg5qPLvsJvP0bW_KVTskksU5TmQB9ci32nKqSfSTY2lPZ-H-gk0H5oHJyxxt0ydoAy1gXzzJuOFYufDJ87ClGrPc5unWsXW4vA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLvsJvP0bW_KVTskksU5TmQB9ci32nKqSfSTY2lPZ-H-gk0H5oHJyxxt0ydoAy1gXzzJuOFYufDJ87ClGrPc5unWsXW4vA

Request Chain 319

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_cver=1&google_push=AYg5qPJIW5dVIFaudJdVovNqUDEQZ_xxkjkI7Fh7W7yHxGtu3TGkavnQJuntus3g0TpGrNJI0fpCEeJspL2FV-iutTG2f5GaZfo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJIW5dVIFaudJdVovNqUDEQZ_xxkjkI7Fh7W7yHxGtu3TGkavnQJuntus3g0TpGrNJI0fpCEeJspL2FV-iutTG2f5GaZfo

Request Chain 320

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEdpkNsiYfDOTjEpZKsCG4Q&google_cver=1&google_push=AYg5qPKvEWZGk9mjsCRf6Dzik8EmGEfS8BlweIKudp7HuN7I_jIwWu3wjJcN48XE4xkJ6jF0-tOniowa_ypEWg0YXH7iBlmxdoQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKvEWZGk9mjsCRf6Dzik8EmGEfS8BlweIKudp7HuN7I_jIwWu3wjJcN48XE4xkJ6jF0-tOniowa_ypEWg0YXH7iBlmxdoQ&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk

Request Chain 321

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEJTWdZUHi-vbuDw0Sw8RVV0&google_cver=1&google_push=AYg5qPLb5npsxAypbmiprFJ2PdRjDuxpWNrhraO6y9CPljnt6vlZw4-eNhCpGk0JoYJpBJEkrTMesy0JgQNXUMWbtTEDqtR3TcM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPLb5npsxAypbmiprFJ2PdRjDuxpWNrhraO6y9CPljnt6vlZw4-eNhCpGk0JoYJpBJEkrTMesy0JgQNXUMWbtTEDqtR3TcM

Request Chain 322

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHIMifz-G09W5cTDuOIUPkM&google_cver=1&google_push=AYg5qPJhS-psQqn_0L3krSQax_Xtv4tlWd8IMkXBVfCnbC1xjUkCnnodlfnJFVqE8hUJ5HRSYuAJObmlE9cwV9JtBWIzJPCosg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJhS-psQqn_0L3krSQax_Xtv4tlWd8IMkXBVfCnbC1xjUkCnnodlfnJFVqE8hUJ5HRSYuAJObmlE9cwV9JtBWIzJPCosg&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D

Request Chain 324

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1&google_push=AYg5qPIFR6-CmxSqL7yjbSg_snJ9kh_u-npUaYBt3bjVgXA2Dpf9uSHr_cDHnfU3bsgx3Km9506m4JgBNaTpuxpQBeqbFcEQ4DPzOg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzkxODUwNTY3MjA5MTU0NTczOA== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1

Request Chain 326

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cver=1&google_push=AYg5qPIMUBSXBgDQZ9xgoQTpKDHWSyZS4e0ZDeZqhisY-bdVsik450nReAkl5VyDdYbGY7iLFK4JvLdD2XZy4YKK96SxfN40eObixg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cver=1&google_push=AYg5qPIMUBSXBgDQZ9xgoQTpKDHWSyZS4e0ZDeZqhisY-bdVsik450nReAkl5VyDdYbGY7iLFK4JvLdD2XZy4YKK96SxfN40eObixg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXk2NFVka0sxTFV6MDc1&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cver=1&google_push=AYg5qPIMUBSXBgDQZ9xgoQTpKDHWSyZS4e0ZDeZqhisY-bdVsik450nReAkl5VyDdYbGY7iLFK4JvLdD2XZy4YKK96SxfN40eObixg

Request Chain 327

https://a.tribalfusion.com/i.match?p=b6&u=CAESEMHSshRX-AAQz4XHN_2X-ec&google_cver=1&google_push=AYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMHSshRX-AAQz4XHN_2X-ec&google_cver=1&google_push=AYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 328

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHIMifz-G09W5cTDuOIUPkM&google_cver=1&google_push=AYg5qPJnG3q0MhB20Odtz2gV0my94c-BTGMfQCzp7PnfqZIasLesRaqBv0EqlbYYSvWtK_XjLtAbb0wuQx9Iz5hSzA_Q3KPByLvz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJnG3q0MhB20Odtz2gV0my94c-BTGMfQCzp7PnfqZIasLesRaqBv0EqlbYYSvWtK_XjLtAbb0wuQx9Iz5hSzA_Q3KPByLvz&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D

Request Chain 329

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1

Request Chain 330

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEP35YbrAllXgVW44Xzk4aME&google_cver=1&google_push=AYg5qPL4fCn0HkHI4NyUsBkw42IJduDZyBKpb7kQhPUQ9S_m0f9-mpoBZFXGZfs-0t1fBiQZ-9ei67iHA-NlEL2cAfnBbSaxUvksKA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPL4fCn0HkHI4NyUsBkw42IJduDZyBKpb7kQhPUQ9S_m0f9-mpoBZFXGZfs-0t1fBiQZ-9ei67iHA-NlEL2cAfnBbSaxUvksKA&google_hm=NzA3NzYxNTc4MTk0ODk1MDI0MQ%3D%3D

Request Chain 337

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1&google_push=AYg5qPLQSef582q35ILV8i8Y-Hq6lBa2rOOOefgGS-3zHKVyfIn0WeuxpsMN3wkmuK9ncm83J5KD4bhV-utzVQy8QFuxGUeR4-0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzkxODUwNTY3MjA5MTU0NTczOA== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1

Request Chain 339

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEJTWdZUHi-vbuDw0Sw8RVV0&google_cver=1&google_push=AYg5qPJNBvOeIRUUpMT1DR0eQoFSR_9aLFhW-yJstCf0E6hrpt1Q7FZTKSsMlMeZAC7QHrgktyF0LGsS7XG7loFhd6S62pllhuv7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPJNBvOeIRUUpMT1DR0eQoFSR_9aLFhW-yJstCf0E6hrpt1Q7FZTKSsMlMeZAC7QHrgktyF0LGsS7XG7loFhd6S62pllhuv7

Request Chain 340

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHIMifz-G09W5cTDuOIUPkM&google_cver=1&google_push=AYg5qPKm7Fkjw4_WF56qOXGOfLwzVfEdZsmu6ra9lvnyPdl31YH4ilG6HCwxumfwK0ifS1LeaqSzb6i3BZhIFkkADxMBPjF_bGo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKm7Fkjw4_WF56qOXGOfLwzVfEdZsmu6ra9lvnyPdl31YH4ilG6HCwxumfwK0ifS1LeaqSzb6i3BZhIFkkADxMBPjF_bGo&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D

Request Chain 341

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1

Request Chain 342

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEP35YbrAllXgVW44Xzk4aME&google_cver=1&google_push=AYg5qPJ6bk3jDXhbb2V5xv1IhD7gJn828Wz_GzCBTF1rHvCaOclAaWJB7xV9un3HCyttHbVgh-vmTIPK9uHX05Rs7XvFwjX8xDR4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJ6bk3jDXhbb2V5xv1IhD7gJn828Wz_GzCBTF1rHvCaOclAaWJB7xV9un3HCyttHbVgh-vmTIPK9uHX05Rs7XvFwjX8xDR4&google_hm=NzA3NzYxNTc4MTk0ODk1MDI0MQ%3D%3D

406 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request multiple-turbotax-customer-accounts-hacked Show response
www.techradar.com/news/ 502 KB
127 KB 39ms
20ms Document
text/html 151.101.114.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.114.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d4c0c1b8a101cc1dc9ce8082e9d2a974a99983567fe19c79f6399beb5a5b4e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:method: GET
:authority: www.techradar.com
:scheme: https
:path: /news/multiple-turbotax-customer-accounts-hacked
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
x-ftr-request-id: f0539ae2-670b-44e8-b3c7-0818c227d32a 00000000:2F14_00000000:01BB_60CB3E57_ADE3DBC:4D9D
last-modified: Thu, 17 Jun 2021 12:13:39 GMT
x-traceid: ba27957c12b0d6b4
xkey: techradar-platform-responsive techradar-article-ARkEYF62AjyBhsyqTujkjW techradar-article-regionsetid-oTWF3bU9noq5mvqUvrhV7k techradar-articletype-news techradar-articletemplate-standard techradar-article-age-recent techradar-region-US techradar-language-en techradar-author-JWofh8oRX8nKNQSAFUJe7j techradar-tag-b8hZkNFyrkXEjQ35Q4f26m techradar-tag-SgPAgjhBA9q7EGSedp8dtk techradar-tag-q6yCtLib8QVUGN9bFfhERj techradar-tag-PDD9LoGPwxgZ5QkfJwXwn4 techradar-tag-MfqmF9NSEgLrxWoptwNwF3 techradar-tag-d2FrBhFT5eEGbW3zsX6FJ8 techradar-tag-sgTcdRwP8oogbX7oaZSYRb techradar-tag-dSjQCYixnee9Yzmm5TYnD4 techradar-tag-VEAGB8mZZDPt2bBUJecCXj techradar-tag-PzQpznWxezkNDP7pKeparV techradar-tag-8MHeG8yuzBbYNqfB2YoE7V techradar-version-296797 techradar-server-phpfpm-688b4f8976-g6g72
content-encoding: gzip
x-ftr-cache-status: HIT
x-ftr-expires: Sat, 19 Jun 2021 12:13:39 GMT
x-age: 484
expires: Thu, 17 Jun 2021 12:26:43 GMT
cache-control: max-age=300,public
x-ftr-balancer: fteproxy-185-113-25-48
x-ftr-backend: www-live-sites-varnish
x-ftr-backend-server: ftevarnishprodgreen
via: 1.1 varnish, 1.1 varnish
x-resp-is-stale: true
accept-ranges: bytes
date: Sat, 19 Jun 2021 11:18:54 GMT
age: 1444
x-served-by: cache-lon11663-LON, cache-hhn4076-HHN
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1624101535.551554,VS0,VE13
vary: Accept-Encoding
set-cookie: FTR_Country_Code=DE; path=/; domain=www.techradar.com
x-country-code: DE
x-country-code-real: DE
strict-transport-security: max-age=300
content-length: 129079

GET
H/1.1 200
OK seasonal.min.css
hawk.techradar.com/css/browser/16.2.5-4125c45102f18311486bcba061cb8d43aa437e0a/ 153 B
856 B 187ms
22ms Stylesheet
text/css 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/css/browser/16.2.5-4125c45102f18311486bcba061cb8d43aa437e0a/seasonal.min.css
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: a634caafaf97a747cdf2f0995363aa8188ff5181d533c14de30fbe607d0a49bc

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 08:08:07 GMT
X-Hawk-Country
Xkey: asset-type-fie-widgets
Age: 184247
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 153
X-FTR-Expires: Thu, 24 Jun 2021 08:08:07 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACB6_00000000:01BB_60CDD29E_1DBF0AE:0B17
Last-Modified: Wed, 16 Jun 2021 17:53:16 GMT
X-Country-Code-Real: DE
ETag: "60ca3a8c-99"
Content-Type: text/css
X-FTR-Backend-Server: fievarnishprodred
Cache-Control: max-age=604800, immutable, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK promotion.min.css
hawk.techradar.com/css/browser/16.2.5-4125c45102f18311486bcba061cb8d43aa437e0a/ 95 KB
9 KB 190ms
24ms Stylesheet
text/css 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/css/browser/16.2.5-4125c45102f18311486bcba061cb8d43aa437e0a/promotion.min.css
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 70a3c68ee8ccb00752002a45bfb79c13ce97435ac5e3f1b5bc02094f4db6cd3e

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 08:08:52 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-widgets
Age: 184202
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 8350
X-FTR-Expires: Thu, 24 Jun 2021 08:08:52 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACBC_00000000:01BB_60CDD29E_FB7258:0B16
Last-Modified: Wed, 16 Jun 2021 17:53:16 GMT
X-Country-Code-Real: DE
ETag: W/"60ca3a8c-17ab5"
Vary: Accept-Encoding
Content-Type: text/css
X-FTR-Backend-Server: fievarnishprodwhite
Cache-Control: max-age=604800, immutable, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK magazinesubscriptions.min.css
hawk.techradar.com/css/browser/16.2.5-4125c45102f18311486bcba061cb8d43aa437e0a/ 97 KB
9 KB 191ms
26ms Stylesheet
text/css 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/css/browser/16.2.5-4125c45102f18311486bcba061cb8d43aa437e0a/magazinesubscriptions.min.css
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 9c3bf56a50e683c3a6f650cefdd3d6d1c1821956ff6e540d197582f024bf930d

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 17 Jun 2021 08:09:15 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-widgets
Age: 184179
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 8772
X-FTR-Expires: Thu, 24 Jun 2021 08:09:15 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACBA_00000000:01BB_60CDD29E_35033F6:0B18
Last-Modified: Wed, 16 Jun 2021 17:53:16 GMT
X-Country-Code-Real: DE
ETag: W/"60ca3a8c-18281"
Vary: Accept-Encoding
Content-Type: text/css
X-FTR-Backend-Server: fievarnishprodred
Cache-Control: max-age=604800, immutable, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK trd.min.css
hawk.techradar.com/css/browser/ 5 KB
2 KB 190ms
24ms Stylesheet
text/css 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/css/browser/trd.min.css
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 303a80079b8134e227e25c4489e1f70ed498e2045f36b80c780365411e05156f

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:05:46 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-widgets
Age: 788
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 1749
X-FTR-Expires: Sat, 19 Jun 2021 11:25:46 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACB8_00000000:01BB_60CDD29E_35033F7:0B18
Last-Modified: Fri, 18 Jun 2021 13:18:08 GMT
X-Country-Code-Real: DE
ETag: "60cc9d10-1395"
Vary: Accept-Encoding
Content-Type: text/css
X-FTR-Backend-Server: fievarnishprodred
Cache-Control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK OpenSans.woff2
vanilla.futurecdn.net/techradar/296797/media/fonts/ 10 KB
11 KB 184ms
35ms Font
application/octet-stream 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/fonts/OpenSans.woff2
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 5de4d39b298a975f2e5e8ba914ed1dd280b93506e7e1e6d74f7157dad088cef3

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:503C_00000000:0050_60CD973B_30CEC:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-2844"
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK OpenSans-Semibold.woff2
vanilla.futurecdn.net/techradar/296797/media/fonts/ 10 KB
11 KB 183ms
34ms Font
application/octet-stream 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/fonts/OpenSans-Semibold.woff2
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 3b5c9d3b1a69cfa4ef54ad04e4a8c1725d0c487e5192f200fbfd5c2f96258192

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:4E9C_00000000:0050_60CD973B_25116:35A8
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-28a4"
access-control-allow-methods: GET
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK OpenSans-Bold.woff2
vanilla.futurecdn.net/techradar/296797/media/fonts/ 10 KB
11 KB 184ms
36ms Font
application/octet-stream 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/fonts/OpenSans-Bold.woff2
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 89e89a88516b28a3f5735f8dc6ef9937b2fe9584982bce4cbddb60ff67389b15

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:6D26_00000000:0050_60CD973B_30CEF:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-2840"
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK techradar.woff
vanilla.futurecdn.net/techradar/296797/media/fonts/ 8 KB
9 KB 184ms
36ms Font
application/font-woff 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/fonts/techradar.woff
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 0f7021610b9cd6073912f1a3ffa0dbdf7b6b52edf827f2cbff76a0e4fc0f2014

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Age: 15203
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 8424
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:9A58_00000000:0050_60CD9738_3A60A:35A9
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: "60cb24ec-20e8"
Access-Control-Allow-Methods: GET
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK techradar.min.css
vanilla.futurecdn.net/techradar/296797/media/css/ 376 KB
53 KB 185ms
37ms Stylesheet
text/css 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/css/techradar.min.css
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: e28a60fb185e1a2f469880cfff94c451e46a85cdb5026e0bb03e4feb09a567a9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:30 GMT
Content-Encoding: gzip
Age: 15204
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:E70C_00000000:0050_60CD973A_30CE8:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-5df45"
Access-Control-Allow-Methods: GET
Content-Type: text/css
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:30 GMT

GET
H/1.1 200
OK main.9b28108de37dacd40e1f.bundle.js Show response
vanilla.futurecdn.net/techradar/296797/media/shared/js/ 429 KB
109 KB 184ms
37ms Script
application/javascript 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 675deebe8fdfa76a2f9b7e6a289778a4fd48efbd06271815cab952ea2a8297f1

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:9D9C_00000000:0050_60CD973B_30CF3:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:17 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ed-6b312"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK missing-image.svg
vanilla.futurecdn.net/techradar/media/img/ 3 KB
2 KB 41ms
32ms Image
image/svg+xml 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/techradar/media/img/missing-image.svg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 131423a5b0117aa6fddbde39abed88048b2ee6a147ade1fbf040b551614ab2d2

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:99E8_00000000:0050_60CD973B_30CF1:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-a6b"
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK responsive.js Show response
hawk.techradar.com/js/w/es6/ 368 KB
121 KB 195ms
37ms Script
application/javascript 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/js/w/es6/responsive.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 5e7a2bad37bbfa59daaa3d64641cd088b37d9fb9dbfe56ecea073e70a49034a6

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:13:08 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-widgets
Age: 346
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 122720
X-FTR-Expires: Sat, 19 Jun 2021 11:33:08 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACBE_00000000:01BB_60CDD29E_4CA04FE:0B19
Last-Modified: Fri, 18 Jun 2021 13:18:11 GMT
X-Country-Code-Real: DE
ETag: "60cc9d13-5be7f"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
X-FTR-Backend-Server: fievarnishprodwhite
Cache-Control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H2 200 bordeaux.js Show response
bordeaux.futurecdn.net/ 418 KB
112 KB 135ms
11ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://bordeaux.futurecdn.net/bordeaux.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

37e462e1f7550be08dccd8e494b056922c15d33681fcd2ed083c025dadbcd6d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
last-modified: Mon, 14 Jun 2021 13:48:16 GMT
server: nginx/1.19.0
etag: W/"60c75e20-689f1"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1624101534.cds151.fr8.hn,1624101534.cds215.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=1539
accept-ranges: bytes
bordeaux-version: 4.0.6
content-length: 114440

GET
H2 200 champagne.js Show response
champagne.futurecdn.net/ 55 KB
17 KB 34ms
10ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://champagne.futurecdn.net/champagne.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

633e8e4321d69a35b6a8e7f89f638be406db896dcbe25d70c670124046b33bcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 14:13:09 GMT
server: nginx/1.19.0
champagne-version: 1.0.2
etag: W/"60bf7af5-dbcf"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1624101534.cds164.fr8.hn,1624101534.cds131.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=908
accept-ranges: bytes
content-length: 17296

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.techradar.com/ 5 KB
2 KB 141ms
16ms Script
application/javascript 2600:9000:2104:1800:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.techradar.com/choice.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 10a309db055151bac385330a41350892b8366944a67f88289c2a7ae3e4dc5ecd

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: br
last-modified: Thu, 13 May 2021 11:37:29 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-C1
etag: W/"cc3ca63fbc476fc3fd241727cd1b8ef0"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0186e9c41d0aebb13c1398b95b7f4757.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: gYz1t4pvNCxkzJXgKlnKZ3YZOG_5lnGX0t0Lyj1s8PdYu3voBRxIjg==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 3254
date: Sat, 19 Jun 2021 10:24:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 19 Jun 2021 12:24:40 GMT

GET
H2 200 door.js Show response
uk-script.dotmetrics.net/ 7 KB
3 KB 164ms
33ms Script
application/javascript 65.9.77.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uk-script.dotmetrics.net/door.js?d=www.techradar.com&t=tr
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 40ec91b5987ae5536857c45f2a644ebb428fd1fa5c176a7919edcd388c519ae3

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: br
server: Kestrel
x-amz-cf-pop: AMS1-C1
etag: ".www.techradar.com.tr.183.2021061911"
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 8da78542dac6b4328eb443200c30bbff.cloudfront.net (CloudFront)
cache-control: private
content-type: application/javascript
x-amz-cf-id: 527_1rwzD-aEzOAJkW5Rx0xG9yUUbw9K5BjbbBaPIR1OzeSjV4XJmA==

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 44ms
27ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a531652edc904de03234d8344995e573fe6ded1dd7fa20c8dc8cb2d5d1137b7

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2898
etag: W/"6b41fdcdc880098fecc6c968a5a7299a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 661c5bff5a131f31-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597d39300001f317c36f000000001
expires: Tue, 22 Jun 2021 11:18:54 GMT

GET
H/1.1 200
OK XxEvtaBKpJqN7Wv27Q5bvC-970-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 27 KB
28 KB 158ms
37ms Image
image/webp 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mos.cms.futurecdn.net/XxEvtaBKpJqN7Wv27Q5bvC-970-80.jpg.webp
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.19.0 /
Resource Hash: adba0bbe3ed4a927cf6207a478975bea85c225b56b579ef189b23204f728d1f7

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:30:34 GMT
X-Backend: default
Age: 2760500
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: mos_kodiak
Connection: keep-alive
X-FTR-Cache-Status: MISS
Content-Length: 27652
X-FTR-Balancer: bulkproxyprodred
X-FTR-Request-ID: 00000000:809D_00000000:0050_60A3B369_47077E:086C
Server: nginx/1.19.0
X-Served-By: kodiak-varnish-7cf5d4cc4d-2gh8v
Content-Type: image/webp
X-FTR-Backend-Server: kube
Cache-Control: max-age=5184000
Accept-Ranges: bytes
Expires: Sat, 17 Jul 2021 12:38:09 GMT

GET
H2 200 missing-image.svg
www.techradar.com/media/img/ 3 KB
2 KB 7ms
6ms Image
image/svg+xml 151.101.114.114
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.techradar.com/media/img/missing-image.svg

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.114.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

131423a5b0117aa6fddbde39abed88048b2ee6a147ade1fbf040b551614ab2d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:path: /media/img/missing-image.svg
pragma: no-cache
cookie: FTR_Country_Code=DE
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.techradar.com
referer: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 952645
x-ftr-backend-server: ftevarnishprodgreen
x-cache: HIT, HIT
x-ftr-backend: www-live-sites-varnish
x-age: 415995
x-ftr-cache-status: HIT
content-length: 1061
x-ftr-expires: Sat, 03 Jul 2021 15:08:14 GMT
x-ftr-balancer: fteproxyred
x-ftr-request-id: 00000000:8D56_00000000:01BB_60BF495A_5C914AF:3812
last-modified: Thu, 03 Jun 2021 14:08:46 GMT
x-country-code-real: DE
x-timer: S1624101535.600770,VS0,VE0
etag: W/"60b8e26e-a6b"
x-served-by: cache-lon11623-LON, cache-hhn4076-HHN
strict-transport-security: max-age=300
access-control-allow-methods: GET
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Sat, 03 Jul 2021 15:08:14 GMT
cache-control: max-age=2592000
access-control-allow-credentials: true
set-cookie: FTR_Country_Code=DE; path=/; domain=www.techradar.com
accept-ranges: bytes
access-control-allow-origin: *
x-country-code: DE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-cache-hits: 4, 4266

GET
H/1.1 200
OK hawklinks.js Show response
hawk.techradar.com/hl/es6/ 163 KB
43 KB 182ms
37ms Script
application/javascript 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/hl/es6/hawklinks.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 73e1a83763138cda9698dce772af8cc13c3f2cc5627269b8ea1d1a44edc8baa1

Request headers

Origin: https://www.techradar.com
Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:11:20 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-hawklinks
Age: 454
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 43723
X-FTR-Expires: Sat, 19 Jun 2021 11:31:20 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACC2_00000000:01BB_60CDD29E_1DBF0AF:0B17
Last-Modified: Wed, 16 Jun 2021 17:36:44 GMT
X-Country-Code-Real: DE
ETag: "60ca36ac-28b5e"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
X-FTR-Backend-Server: fievarnishprodred
Cache-Control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H2 200 p.js Show response
cdn.parsely.com/keys/techradar.com/ 56 KB
21 KB 120ms
16ms Script
application/x-javascript 65.9.86.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/techradar.com/p.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c7074428f35c5b89051302a21c430412e5c17881667183b4b52fbd19ed9178ab

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Fri, 18 Jun 2021 21:32:49 GMT
content-encoding: gzip
last-modified: Wed, 03 Mar 2021 19:39:18 GMT
server: nginx
age: 49565
etag: W/"603fe5e6-e19f"
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 3c5f93efb24b4927140dd52806f3d1e1.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: Gf6Aj545oDdKJ1_4z2wcmz36w014_EQw4UfY8EQCTHXYiLQVOD2tyQ==
expires: Sat, 19 Jun 2021 21:32:49 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
554 B 113ms
14ms XHR
application/json 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.techradar.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/28/ 278 KB
71 KB 17ms
17ms Script
text/javascript 2600:9000:2104:1800:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/28/cmp2.js?referer=www.techradar.com
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.techradar.com/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 29507fd3a172d0d54a23c53defa95fe78dbf477c5577b7b789abc2946c8a40d8

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:41 GMT
content-encoding: br
age: 14
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Wed, 10 Mar 2021 17:10:52 GMT
server: AmazonS3
etag: W/"814cf3c7bdd5dafb6ad642c1b52006c2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 0186e9c41d0aebb13c1398b95b7f4757.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-meta-qc-ineu: True
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: 8bUymjcTbBGh7GtP83dPCDXitLfs5UF4DPp33JLm68zOkpZ0KXuuwg==

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
483 B 33ms
13ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.techradar.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
259 B 384ms
97ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1624101534759&plid=83287616&idsite=techradar.com&url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&sref=&sts=1624101534752&slts=0&title=TurboTax+customer+accounts+affected+by+cyberattack+%7C+TechRadar&date=Sat+Jun+19+2021+13%3A18%3A54+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=66669584&u=pid%3D41fba9ccc59b33e07ba683d50e3965a5
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:55 GMT
Cache-Control: no-cache
Last-Modified: Saturday, 19-Jun-2021 11:18:55 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 bordeaux-responsive-desktop-article-layout.c93805d0ed3c04943388.js Show response
bordeaux.futurecdn.net/ 5 KB
1 KB 24ms
10ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://bordeaux.futurecdn.net/bordeaux-responsive-desktop-article-layout.c93805d0ed3c04943388.js

Requested by

Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

f09ca0b6a4a7a98dea325f0d805b061bf01d350a07efcb3f09ea136e3eae92e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
last-modified: Mon, 14 Jun 2021 13:48:16 GMT
server: nginx/1.19.0
etag: W/"60c75e20-14fc"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1624101534.cds120.fr8.hn,1624101534.cds243.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=9689
accept-ranges: bytes
bordeaux-version: 4.0.6
content-length: 1235

GET
H2 200 bordeaux-responsive-desktop-article-format.c93805d0ed3c04943388.js Show response
bordeaux.futurecdn.net/ 5 KB
2 KB 24ms
10ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://bordeaux.futurecdn.net/bordeaux-responsive-desktop-article-format.c93805d0ed3c04943388.js

Requested by

Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

823ad659e6ed50a1ad0daa3a883b0764257d4b65b2275c088ec49f34e68ae6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
last-modified: Mon, 14 Jun 2021 13:48:16 GMT
server: nginx/1.19.0
etag: W/"60c75e20-1542"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1624101534.cds120.fr8.hn,1624101534.cds218.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=9687
accept-ranges: bytes
bordeaux-version: 4.0.6
content-length: 1787

GET
H2 200 react.js Show response
slice.vanilla.futurecdn.net/0-6-23// 128 KB
42 KB 33ms
10ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://slice.vanilla.futurecdn.net/0-6-23//react.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: aa33ff28df27cb82f3db3f7e5b9f726796099b323565ef93a867a2b4b440154f

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-trace-id: 00000000000000003956d360b79f4b9d
x-ftr-backend-server: http.van-prod
date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 10:04:21 GMT
cache-control: public, max-age=2592000
etag: W/"1fe35-178eebce888"
x-hw: 1624101534.cds163.fr8.hn,1624101534.cds248.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-ftr-request-id: 00000000:7F98_00000000:0050_60892C4D_141CDA1:77A7
x-ftr-backend: van-prod-slice
accept-ranges: bytes
content-length: 42348
x-ftr-balancer: fteproxyblue

GET
H2

200

beacon.js Show response
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain

https://sb.scorecardresearch.com/cs/10055482/beacon.js
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

4 KB
4 KB

14ms
14ms

Script
application/javascript

65.9.77.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:14:22 GMT
via: 1.1 f32f19f2f9b3c0c60a4ff31c809ed008.cloudfront.net (CloudFront)
etag: "5b0f9f0704a703b8da651007721fac57"
last-modified: Thu, 04 Mar 2021 13:31:34 GMT
server: AmazonS3
age: 273
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 3690
x-amz-cf-id: qAhgO2ja0I5Tv4Y_3eH0Pj3rvYvS8dANopcgW8szNZ03fz_NToAgNw==

Redirect headers

date: Sat, 19 Jun 2021 11:18:54 GMT
via: 1.1 f32f19f2f9b3c0c60a4ff31c809ed008.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: /internal-cs/default/beacon.js
content-length: 52
x-amz-cf-id: WaasFsVnOB3pmceFVVuxAwsHiXgWATIIQ_i9nSiRmRDz9UxgmH3oag==

GET
H2 200 hit.gif
uk-script.dotmetrics.net/ 43 B
1 KB 35ms
34ms Image
image/gif 65.9.77.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uk-script.dotmetrics.net/hit.gif?id=5237&url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&dom=www.techradar.com&r=1624101534874&pvs=1&pvid=kq3o4cjkgd9y8rmvku&c=false
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Kestrel /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
dotmetrics-hit-status: 01 OK
server: Kestrel
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
p3p: policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 8da78542dac6b4328eb443200c30bbff.cloudfront.net (CloudFront)
cache-control: no-cache
content-type: image/gif
x-amz-cf-id: REsEHwmIEbZi8rJkfNwBmSNliWTcXH73GR50bokI-qiRZm35MXqGkw==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 44ms
15ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

9a2c0a3b3510b56be29d68362d3e731986fdc810bb57d6ed461185b278ff89e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "906 / 179 of 1000 / last-modified: 1624054126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21494
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:54 GMT

GET
H2 200 show_cookies Show response
ads.servebom.com/ 2 B
201 B 69ms
35ms Fetch
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servebom.com/show_cookies?fmt=json&r=72945
Requested by: Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.techradar.com
date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
access-control-allow-credentials: true
content-length: 28
x-hw: 1624101534.cds158.fr8.hn,1624101534.cds108.fr8.sc,1624101534.cds108.fr8.p
content-type: text/html

GET
H/1.1 200
OK vendors~region-redirect.298f22c94ed9c8b21ea9.chunk.js Show response
vanilla.futurecdn.net/techradar/media/shared/js/ 12 KB
4 KB 36ms
34ms Script
application/javascript 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/media/shared/js/vendors~region-redirect.298f22c94ed9c8b21ea9.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: e14d033f3d90fa03199f709f80132cf6ddc63756b5d026774a7402db031364cc

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 3534
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:A7C6_00000000:0050_60CD973B_3A61E:35A9
Last-Modified: Thu, 17 Jun 2021 10:33:17 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ed-2f22"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:35 GMT

GET
H/1.1 200
OK region-redirect.c475ff0ce28a772ae443.chunk.js Show response
vanilla.futurecdn.net/techradar/media/shared/js/ 5 KB
3 KB 35ms
32ms Script
application/javascript 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/media/shared/js/region-redirect.c475ff0ce28a772ae443.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: a248461f716cfc969cc2600b73be331cb7ec48f4c745cc1105c34322b5e1ec47

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:30 GMT
Content-Encoding: gzip
Age: 15204
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:E70C_00000000:0050_60CD973A_30CE9:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:17 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ed-14ef"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H/1.1 200
OK suggestion-box.e477b448a808d3cea94e.chunk.js Show response
vanilla.futurecdn.net/techradar/media/shared/js/ 19 KB
3 KB 35ms
33ms Script
application/javascript 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/media/shared/js/suggestion-box.e477b448a808d3cea94e.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 47b909013d3417b03924fcd883814b0bb4de66cacb2e7e66b8bbb367b5cf9d40

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 2740
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:BF53_00000000:0050_60CD973B_20DF9:4AE2
Last-Modified: Thu, 17 Jun 2021 10:33:17 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ed-4c2e"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:35 GMT

GET
H/1.1 200
OK nav-subscribe.7626e74e0ab3bd38e703.chunk.js Show response
vanilla.futurecdn.net/techradar/media/shared/js/ 2 KB
2 KB 70ms
33ms Script
application/javascript 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/media/shared/js/nav-subscribe.7626e74e0ab3bd38e703.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: ae606d55159036056ae7af211d701d66df6929f096a1eb9b0f3c6ba7ca66eba1

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15203
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:B797_00000000:0050_60CD973B_3A61C:35A9
Last-Modified: Thu, 17 Jun 2021 10:33:17 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ed-825"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H2 200 smart.js Show response
www.ultimedia.com/js/common/ 40 KB
8 KB 51ms
15ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/js/common/smart.js

Requested by

Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

b394ea8edffcaa643791a6d6ae840f701975acead68e3a8a627f0c0122034a63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:54 GMT
content-encoding: gzip
last-modified: Mon, 04 Jan 2021 09:37:29 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"5ff2e1d9-a129"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:54 GMT

GET
H3-29 200 pubads_impl_2021061503.js Show response
securepubads.g.doubleclick.net/gpt/ 325 KB
114 KB 30ms
15ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

408abc3a5bedff37056ecb1ba4872225de8a269ffe9aa04fd8fd38a7e7ec5116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 21:10:23 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116743
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:55 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-48894329-1&cid=853721705.1624101535&jid=894421430&gjid=983549826&_gid=2141880810.1624101535&_u=aGBAgEABAAQCAE~&z=754522694

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 19 Jun 2021 11:18:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.techradar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 14ms
13ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1898871928&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&ul=en-us&de=UTF-8&dt=TurboTax%20customer%20accounts%20affected%20by%20cyberattack%20%7C%20TechRadar&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=future_id&ea=set%20hybrid_id&el=&_u=aGBAgEABAAQC~&jid=894421430&gjid=983549826&cid=853721705.1624101535&tid=UA-48894329-1&_gid=2141880810.1624101535&cd57=null&cd40=TurboTax&cd41=Customer%7CIntuit%7CSoftware%7CData_breach%7CTax&cd42=Intuit&cd43=Software&cd45=TurboTax&cd46=Business_and_finance_software&cd47=TurboTax_customer_accounts_affected_by_cyberattack&cd50=5&cd51=false&cd58=Business_and_finance_software%7CPC_%26_Mac%7CSoftware%7CComputing&cd74=&cd1=news&cd2=computing&cd3=computing&cd4=tech_techradar%2F&cd5=ARkEYF62AjyBhsyqTujkjW&cd6=%7Csecurity%7Ccybersecurity%7Ccyberattacks%7Cpasswords%7Cpassword_management%7Cpassword_hygiene%7Cfinancial_software%7Ctax_software%7Cturbotax%7Ccomputing%7Ctrbc%7Csecurity-channel%7Ctype_news%7Cchannel_computing%7Ccontentdev%7Cvan_buying_guide_progressive%7Cserversidehawk&cd7=mayank_sharma&cd8=14-06-2021&cd10=EN-US&cd27=296797&cd33=text%2Cembed%2Ctext%2Clist%2Cheading%2Ctext%2Clist&cd95=news&cd106=0&cd126=en&cd127=US&cd128=15-06-2021&cd31=9.3&cd30=4g&z=1890847759

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 11:29:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85741
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2 Show response
www.ultimedia.com/api/widget/getwidget/mdtk/02312367/zone/ 136 B
332 B 1037ms
1006ms XHR
application/json 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/api/widget/getwidget/mdtk/02312367/zone/2?url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&meta_breadcrumb=&meta_tag=

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/js/common/smart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

e78f56276c04b58863c43424709892edc08c45c7eb17bdc289d3cdd2a060fb1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 19 Jun 2021 11:18:56 GMT
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json

GET
H2 200 visible_player.js Show response
www.ultimedia.com/js/common/ 33 KB
11 KB 17ms
16ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/js/common/visible_player.js?v=1624060800000

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/js/common/smart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

025cd92e900ceb1570614c16c3a0828fa3c439bcb47cf8dcf059e9eeea3bed77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:55 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 14:02:38 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"60c8b2fe-82a2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:55 GMT

GET
H2 200 notification.js Show response
www.ultimedia.com/js/common/ 5 KB
2 KB 17ms
16ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/js/common/notification.js?v=1624060800000

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/js/common/smart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

780396b361c35383795d3d1fb3e71e8c1e57e717973f3a4599ec4f11ba75f84e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:55 GMT
content-encoding: gzip
last-modified: Thu, 06 Aug 2020 13:33:09 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"5f2c0695-129f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:55 GMT

GET
H2 200 visibilityStat.js Show response
www.ultimedia.com/js/common/ 2 KB
1 KB 17ms
16ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/js/common/visibilityStat.js?v=1624060800000

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/js/common/smart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

675ab0a24f0160c73eaa7dde430b9f5ee68a54dc0c0c8d7d2bd0a811f30f6fd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:55 GMT
content-encoding: gzip
last-modified: Thu, 06 Aug 2020 13:33:10 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"5f2c0696-701"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:55 GMT

GET
H2 200 b2
sb.scorecardresearch.com/ 64 B
330 B 21ms
21ms Image
image/gif 65.9.77.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&comscorekw=prokw&gdpr=1&gdpr_p1t=0&gdpr_li=0&gdpr_purps=&gdpr_pcc=AA&cs_cmp_nc=0&cs_cmp_id=10&cs_cmp_sv=28&cs_cmp_rt=1&cs_it=b2&cv=3.8.0.210223&ns__t=1624101535059&ns_c=UTF-8&c7=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&c8=TurboTax%20customer%20accounts%20affected%20by%20cyberattack%20%7C%20TechRadar&c9=
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:55 GMT
via: 1.1 f32f19f2f9b3c0c60a4ff31c809ed008.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: WxmEoIEgQzdDqRotdCUH-zdUPGhj27EdNMLJoQ3EuU-5DOPrMCGgjg==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
257 B 17ms
17ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-48894329-1&cid=853721705.1624101535&jid=894421430&_u=aGBAgEABAAQCAE~&z=1266751931

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-48894329-1&cid=853721705.1624101535&jid=894421430&_u=aGBAgEABAAQCAE~&z=1266751931

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK merchant-domains.php Show response
hawk.techradar.com/ 295 KB
60 KB 24ms
23ms Fetch
application/json 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/merchant-domains.php?site=TRD
Requested by: Host: hawk.techradar.com
URL: https://hawk.techradar.com/hl/es6/hawklinks.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 0ec71ff87102ef7cbd44db128703ca84c8360dd0fb07d69b2d7de6553f61c3e6

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:03:20 GMT
Content-Encoding: gzip
X-Hawk-Country
Age: 934
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-api
X-FTR-Cache-Status: HIT
Content-Length: 60864
X-FTR-Expires: Sat, 19 Jun 2021 11:23:20 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACBE_00000000:01BB_60CDD29E_4CA0504:0B19
X-Country-Code-Real: DE
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8;
X-FTR-Backend-Server: fievarnishprodwhite
Cache-Control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area

GET
H/1.1 200
OK translations.php Show response
hawk.techradar.com/ 30 KB
11 KB 23ms
23ms Fetch
application/json 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/translations.php?language=en-DE
Requested by: Host: hawk.techradar.com
URL: https://hawk.techradar.com/js/w/es6/responsive.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 72038f7e343171cc1da3c3810b23efa80fcfa1667a2134c794a3c13310da8dd1

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:08:29 GMT
Content-Encoding: gzip
X-Hawk-Country
Age: 625
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-api
X-FTR-Cache-Status: HIT
Content-Length: 10030
X-FTR-Expires: Sat, 19 Jun 2021 11:28:29 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACBE_00000000:01BB_60CDD29F_4CA0579:0B19
X-Country-Code-Real: DE
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8;
X-FTR-Backend-Server: fievarnishprodred
Cache-Control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area

GET
H2 200 / Show response
r.skimresources.com/api/ 149 B
405 B 32ms
15ms Fetch
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?persistence=1&xguid=01BT2SNRZKMTD96W8181AS0KKC&data={%22pubcode%22:%2292X363%22,%22domains%22:[%22techradar.com%22,%22bleepingcomputer.com%22,%22ca.gov%22],%22page%22:%22https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked%22}&checksum=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Requested by

Host: hawk.techradar.com
URL: https://hawk.techradar.com/hl/es6/hawklinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

768b4c5398b942252e2ea031605dc76450130f831eb830091fcf4fd5a452f134

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.techradar.com
vary: Accept-Encoding
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK trd.min.css
hawk.techradar.com/css/browser/ 5 KB
2 KB 24ms
24ms Stylesheet
text/css 185.113.25.52
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hawk.techradar.com/css/browser/trd.min.css
Requested by: Host: hawk.techradar.com
URL: https://hawk.techradar.com/js/w/es6/responsive.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.52 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif13.web.future.net.uk
Software: /
Resource Hash: 303a80079b8134e227e25c4489e1f70ed498e2045f36b80c780365411e05156f

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:05:46 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-widgets
Age: 788
X-Hawk-Area: DE
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 1749
X-FTR-Expires: Sat, 19 Jun 2021 11:25:46 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-36
X-FTR-Request-ID: 00000000:ACBA_00000000:01BB_60CDD29E_35033FB:0B18
Last-Modified: Fri, 18 Jun 2021 13:18:08 GMT
X-Country-Code-Real: DE
ETag: "60cc9d10-1395"
Vary: Accept-Encoding
Content-Type: text/css
X-FTR-Backend-Server: fievarnishprodred
Cache-Control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK missing-image.svg
vanilla.futurecdn.net/techradar/media/img/ 3 KB
2 KB 33ms
33ms Image
image/svg+xml 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/techradar/media/img/missing-image.svg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 131423a5b0117aa6fddbde39abed88048b2ee6a147ade1fbf040b551614ab2d2

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15204
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:99E8_00000000:0050_60CD973B_30CF1:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-a6b"
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H2 200 smart Show response
www.ultimedia.com/api/widget/ 77 KB
10 KB 77ms
76ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/api/widget/smart?j=new&t=1624101535053&exclude=&meta_description=Cybercriminals%20accessed%20several%20TurboTax%20accounts%20using%20stolen%20credentials%20breached%20elsewhere.&meta_ogtitle=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&meta_ogdescription=The%20attacks%20were%20the%20result%20of%20poor%20password%20management%20by%20users&meta_twittertitle=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&meta_twitterdescription=The%20attacks%20were%20the%20result%20of%20poor%20password%20management%20by%20users&meta_articledatemodified=2021-06-14T11%3A16%3A27.575Z&meta_title=TurboTax%20customer%20accounts%20affected%20by%20cyberattack%20%7C%20TechRadar&meta_h1=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&meta_h2=Poor%20password%20hygiene&meta_datepublished=2021-06-14T12%3A02%3A46Z&url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&mdtk=02312367&zone=2&layout=&otherplayer=0&target=ultimedia_wrapper

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/js/common/smart.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

e4bc0868ed790ba9ab3cc54087c6ac883e1d923adfcd8159ed4920b069062213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: gzip
vary: Accept-Encoding
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset="utf-8"

GET
H2 200 responsivev3.js Show response
www.ultimedia.com/widgets/js/ 108 KB
43 KB 19ms
18ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/widgets/js/responsivev3.js?v=2.0.2.7537

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/api/widget/smart?j=new&t=1624101535053&exclude=&meta_description=Cybercriminals%20accessed%20several%20TurboTax%20accounts%20using%20stolen%20credentials%20breached%20elsewhere.&meta_ogtitle=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&meta_ogdescription=The%20attacks%20were%20the%20result%20of%20poor%20password%20management%20by%20users&meta_twittertitle=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&meta_twitterdescription=The%20attacks%20were%20the%20result%20of%20poor%20password%20management%20by%20users&meta_articledatemodified=2021-06-14T11%3A16%3A27.575Z&meta_title=TurboTax%20customer%20accounts%20affected%20by%20cyberattack%20%7C%20TechRadar&meta_h1=TurboTax%20customer%20accounts%20affected%20by%20cyberattack&meta_h2=Poor%20password%20hygiene&meta_datepublished=2021-06-14T12%3A02%3A46Z&url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&mdtk=02312367&zone=2&layout=&otherplayer=0&target=ultimedia_wrapper

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

99e39599d9a8292c712094b6114233d19961923037fc0e2d9441c773f654b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: gzip
last-modified: Thu, 06 Aug 2020 13:33:09 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"5f2c0695-1ae39"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:56 GMT

GET
H2 200 responsivev3.js Show response
www.ultimedia.com/widgets/js/ 108 KB
43 KB 18ms
17ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/widgets/js/responsivev3.js?v=2.0.2.7537

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

99e39599d9a8292c712094b6114233d19961923037fc0e2d9441c773f654b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: gzip
last-modified: Thu, 06 Aug 2020 13:33:09 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"5f2c0695-1ae39"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:56 GMT

GET
H2 200 iframe Show response
www.ultimedia.com/deliver/generic/ Frame 9A89 75 KB
19 KB 147ms
147ms Document
text/html 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

e40171f5791b64901d1d68fb0c245b984deb3fd0986b25d10d8bf096c29c08ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: www.ultimedia.com
:scheme: https
:path: /deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Response headers

server: nginx/1.10.3 (Ubuntu)
date: Sat, 19 Jun 2021 11:18:56 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
access-control-allow-origin: *
access-control-allow-credentials: true
pragma: no-cache
expires: -1
vary: Accept-Encoding
content-encoding: gzip
set-cookie: STICKY=b4a1420293bf60df5ef1682c2c3c02a9; path=/; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 sprit_10.png
www.ultimedia.com/img/widget/ 3 KB
3 KB 18ms
17ms Image
image/png 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ultimedia.com/img/widget/sprit_10.png

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

232e2107e9ebb4adaae34e5aa7f8eba38b819ed4a735bac8f26d41106635c97c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Thu, 06 Aug 2020 13:33:09 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "5f2c0695-b9d"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
content-length: 2973
expires: Tue, 20 Jul 2021 11:18:56 GMT

GET
H2 200 sprit_6.png
www.ultimedia.com/img/widget/ 3 KB
3 KB 18ms
18ms Image
image/png 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ultimedia.com/img/widget/sprit_6.png

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

43fc744dc9f9bdd26ba499a6e1840b548740e7ce2b63e7c986d997d2bcae496e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Thu, 06 Aug 2020 13:33:09 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "5f2c0695-d0e"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
content-length: 3342
expires: Tue, 20 Jul 2021 11:18:56 GMT

GET
H2 200 / Show response
www.ultimedia.com/deliver/statistiques/widgetdisplay/ 0
211 B 19ms
17ms Script
text/html 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/deliver/statistiques/widgetdisplay/?mdtk=02312367&zone=2&url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&autoplay=2&widget_type=videolist&result=2&params=%7B%22nb_videos%22%3A6%2C%22search%22%3A%22q5sm8f%22%2C%22index%22%3A%22%22%2C%22limit%22%3A1623672166%2C%22videos_results%22%3A%22%22%2C%22first_video_id%22%3A%225655324%22%2C%22first_video_id_content%22%3A%2221%22%2C%22click_to_play%22%3A0%7D

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: gzip
vary: Accept-Encoding
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 q0lqz5u-X.jpg
medialb.ultimedia.com/multi/3ups8/ 8 KB
8 KB 294ms
284ms Image
image/jpeg 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medialb.ultimedia.com/multi/3ups8/q0lqz5u-X.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: a9e981ae78d049d13c88bb8c8138a69c63fdcc58d793c7aa3017bbbf8cc6ceb4

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Wed, 12 May 2021 11:05:55 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "609bb693-20f8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
content-length: 8440
expires: 7d

GET
H2 200 q0sxmvv-X.jpg
medialb.ultimedia.com/multi/3uzmu/ 6 KB
6 KB 25ms
16ms Image
image/jpeg 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medialb.ultimedia.com/multi/3uzmu/q0sxmvv-X.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 0ad8ff16d564ea282c6e2fef20b32da05b467cc75d5d61bfabd5aaacad5c4a68

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Wed, 12 May 2021 11:05:55 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "609bb693-18d3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
content-length: 6355
expires: 7d

GET
H2 200 q0sxmvq-X.jpg
medialb.ultimedia.com/multi/3uzmu/ 6 KB
7 KB 322ms
313ms Image
image/jpeg 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medialb.ultimedia.com/multi/3uzmu/q0sxmvq-X.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 4f9319ff054a4e23bcf5955ea6cfa3ac0caf3065f316b6648b73169ec4e4fc82

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Wed, 12 May 2021 10:06:50 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "609ba8ba-19da"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
content-length: 6618
expires: 7d

GET
H2 200 q0x3rzk-X.jpg
medialb.ultimedia.com/multi/3uzsr/ 7 KB
7 KB 321ms
312ms Image
image/jpeg 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medialb.ultimedia.com/multi/3uzsr/q0x3rzk-X.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 56b74a7b6aae50f4c4c7e586df6be251b2445721ddeec694c9d7341664e88e04

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Wed, 12 May 2021 10:06:50 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "609ba8ba-1bd9"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
content-length: 7129
expires: 7d

GET
H2 200 q0x3rz5-X.jpg
medialb.ultimedia.com/multi/3uzsr/ 7 KB
7 KB 24ms
15ms Image
image/jpeg 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medialb.ultimedia.com/multi/3uzsr/q0x3rz5-X.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d0e4669f4a99a7e805a5eb964c1ebc48916cefe5a5a4ce226e2b49bbd9f26c82

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Wed, 12 May 2021 11:05:55 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "609bb693-1a83"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
content-length: 6787
expires: 7d

GET
H2 200 q0qv3xu-X.jpg
medialb.ultimedia.com/multi/3uzxx/ 6 KB
6 KB 24ms
16ms Image
image/jpeg 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://medialb.ultimedia.com/multi/3uzxx/q0qv3xu-X.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 9ffd9b775c0e9b7d1ffdb066dd7f12b73678e004f5b8f4407f13fedf04df75e4

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Wed, 12 May 2021 10:06:50 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "609ba8ba-1884"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
content-length: 6276
expires: 7d

GET
H2 200 bf5033eb-b355-4133-8d55-2c0380d5405b Show response
boot.pbstck.com/v1/tag/ Frame 9A89 1 KB
952 B 69ms
44ms Script
application/javascript 2606:4700:10::6816:15d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boot.pbstck.com/v1/tag/bf5033eb-b355-4133-8d55-2c0380d5405b
Requested by: Host: www.ultimedia.com
URL: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:15d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cc73673ee110f8f020e736a2667ff047f37903796651016d27b9338b26733d8

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cache-control: private,max-age=120
cf-ray: 661c5c0a8f14bf0f-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597da920000bf0f8132d000000001

GET
H2 200 video-js.min.css
cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/ Frame 9A89 39 KB
10 KB 34ms
18ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/video-js.min.css

Requested by

Host: www.ultimedia.com
URL: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91f94a3c7e05d1c1afd01260e88ebea5be6720ed3514c7a82bba96a33d4d6b21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.ultimedia.com
Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 127552
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9046
cf-request-id: 0ac597da8a000064c778b19000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04020-9c5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ierPjLMZ0%2FAeU9MURA3DNCANJNTlT%2BEvW3PbY%2FVB5rfC8KACx%2Fm5nNCDrTj%2BunHjQn1Dipjbcts%2BwMV7tR4ZarA8ifp1NHDLDIgwRCsv7kpthhGVgCDbcDKTULGNqNWnZZp1BBbQMIDgUo4f3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 661c5c0a7dd064c7-FRA
expires: Thu, 09 Jun 2022 11:18:56 GMT

GET
H2 200 videojs-errors.css
cdn.jsdelivr.net/npm/videojs-errors@4.2.0/dist/ Frame 9A89 2 KB
1 KB 37ms
19ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/videojs-errors@4.2.0/dist/videojs-errors.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f77a5637f21ed2fd3ec40fdabed99089c7e9483b26601ada71eb546cf959930

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.ultimedia.com
Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7654222
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597da8d0000d70d31916000000001
x-served-by: cache-fra19168-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"8d9-oOpTv9XkgTzGVYCB2N0KDJ9fp1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 661c5c0a7f80d70d-FRA

GET
H2

200

quality-selector.css
unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/css/ Frame 9A89
Redirect Chain

https://unpkg.com/@silvermine/videojs-quality-selector/dist/css/quality-selector.css
https://unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/css/quality-selector.css

431 B
386 B

18ms
13ms

Stylesheet
text/css

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/css/quality-selector.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aaa2c811c57c6b7d0d1dc088a9642b932d0a4039e582bb8f75ad3d250a180317

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3141720
fly-request-id: 01F5MBQQJEGV15GG89ZZD5GHAC
content-encoding: br
vary: Accept-Encoding
cf-request-id: 0ac597daa700004e32550ce000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1af-rhfrbitbUubLnWKxbEiUUD00k/8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 661c5c0aa82e4e32-FRA

Redirect headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 295
vary: Accept, Accept-Encoding
cf-request-id: 0ac597da8b00004e3283197000000001
fly-request-id: 01F8HZM8K0H0V0D4Z2W3P3VXP5
server: cloudflare
location: /@silvermine/videojs-quality-selector@1.2.5/dist/css/quality-selector.css
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
cf-ray: 661c5c0a7fb84e32-FRA

GET
H2 200 advertisement.js Show response
ads.videoadex.com/jw/ Frame 9A89 20 B
237 B 107ms
15ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.videoadex.com/jw/advertisement.js?v=20210619131856
Requested by: Host: www.ultimedia.com
URL: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.210.215.111 , France, ASN16276 (OVH, FR),
Reverse DNS: dtk-lb-gra06.dginfra.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 76b7bfe1c73966516f95f039734ac728c843a664e8fb860820b75c08bdf7be07

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Thu, 06 Aug 2020 13:33:09 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "5f2c0695-14"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
content-length: 20
expires: Tue, 20 Jul 2021 11:18:56 GMT

GET
H2 200 video.min.js Show response
cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/ Frame 9A89 458 KB
103 KB 34ms
19ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/video.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90bf6452264f553da2a967eb617aeb61a5fd7e18fbe6b61db1716a8de702d832

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.ultimedia.com
Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 224287
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 104849
cf-request-id: 0ac597da8d000064c782245000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04020-72609"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mVddVJouHdiJ%2FMv%2FOojR9oyxhkaDkdV2yobt8HfNo%2FRRok1EAy4B6A4CYIVzRH0D20gZWX8rw%2F4dDeNsuxJ18sAwZxi890k7o%2F%2FgDLFyUBgdPCKvQPnhw6TO9HU%2BALrUS9oG1EdWxuM8biwucQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 661c5c0a7dd264c7-FRA
expires: Thu, 09 Jun 2022 11:18:56 GMT

GET
H2 200 videojs-errors.min.js Show response
cdn.jsdelivr.net/npm/videojs-errors@4.2.0/dist/ Frame 9A89 5 KB
2 KB 36ms
19ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/videojs-errors@4.2.0/dist/videojs-errors.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa0911dcc4faf8c1af34373c4ef2646f429c5d322344e0e94034c1b8a5fb72bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.ultimedia.com
Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7654222
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597da8d0000d70d028a9000000001
x-served-by: cache-fra19122-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"1385-b89cn7GaYu0rIUWSPimsEUMn468"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 661c5c0a7f85d70d-FRA

GET
H2

200

silvermine-videojs-quality-selector.min.js Show response
unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/js/ Frame 9A89
Redirect Chain

https://unpkg.com/@silvermine/videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js
https://unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/js/silvermine-videojs-quality-selector.min.js

24 KB
9 KB

20ms
15ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@silvermine/videojs-quality-selector@1.2.5/dist/js/silvermine-videojs-quality-selector.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f548bc7676dd25abb9901005467dc9e3c7df5de142e003293bdb2409378a310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3141506
fly-request-id: 01F5MBY8G4JQQSHYYEEGYBP803
content-encoding: br
vary: Accept-Encoding
cf-request-id: 0ac597daa800004e3210942000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"5fdf-Z6Mzp8fgD5ABilacq9b9JRiiRL4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 661c5c0aa8374e32-FRA

Redirect headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 347
vary: Accept, Accept-Encoding
cf-request-id: 0ac597da8b00004e3239be5000000001
fly-request-id: 01F8HZJR4Y9JNTW0SXDF2Z1Q6E
server: cloudflare
location: /@silvermine/videojs-quality-selector@1.2.5/dist/js/silvermine-videojs-quality-selector.min.js
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
cf-ray: 661c5c0a7fba4e32-FRA

GET
H2 200 dtkplayer-vjs.js Show response
www.ultimedia.com/js/player-digiteka/ Frame 9A89 1 MB
395 KB 18ms
17ms Script
application/javascript 51.210.215.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ultimedia.com/js/player-digiteka/dtkplayer-vjs.js?v=5.11.06

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.210.215.111 , France, ASN16276 (OVH, FR),

Reverse DNS

dtk-lb-gra06.dginfra.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

bedb250fbc085e7e094128dc62fd514630fd0cc924780d5b6052d922d30d79aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 10:03:52 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"60cc6f88-14d892"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2678400
strict-transport-security: max-age=31536000; includeSubDomains
expires: Tue, 20 Jul 2021 11:18:56 GMT

GET
H2 200 monitoring-dbf144e.js Show response
cdn.pbstck.com/ Frame 9A89 171 KB
46 KB 47ms
30ms XHR
application/javascript 2606:4700:10::ac43:1997
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbstck.com/monitoring-dbf144e.js
Requested by: Host: boot.pbstck.com
URL: https://boot.pbstck.com/v1/tag/bf5033eb-b355-4133-8d55-2c0380d5405b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1997 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f16ac21e440ca9e4121318b6321d3cf83ed58ab737e36308a964ca79425765a

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
cf-cache-status: HIT
age: 162543
x-guploader-uploadid: ABg5-Uw9QCcOidil9AaQlvCdJKIIW8MScukAtnPDJZRswzEzGi5WWfgymxzioqiH8kWGnktwO3LHiGZyw4DXO3HgsVmJncfrYg
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597dad100001e4727a95000000001
last-modified: Thu, 17 Jun 2021 14:09:51 GMT
server: cloudflare
etag: W/"7b2e6dde9ca6bfd5ee9994a92734201c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=i4L83A==, md5=ey5t3pymv9XumZSpJzQgHA==
x-goog-generation: 1623938991235728
access-control-allow-origin: *
content-type: application/javascript
access-control-expose-headers: Cache-Control, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=604800, immutable
x-goog-stored-content-length: 47675
cf-ray: 661c5c0aec301e47-FRA
expires: Thu, 24 Jun 2021 14:09:52 GMT

GET
BLOB 200
OK 8cf603f9-5dbd-4cd9-8916-1264b169ffcc
https://www.ultimedia.com/ Frame 9A89 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.ultimedia.com/8cf603f9-5dbd-4cd9-8916-1264b169ffcc
Requested by: Host: www.ultimedia.com
URL: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 200 nr-spa-1198.min.js Show response
js-agent.newrelic.com/ Frame 9A89 38 KB
15 KB 26ms
7ms Script
application/javascript 151.101.14.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1198.min.js
Requested by: Host: www.ultimedia.com
URL: https://www.ultimedia.com/deliver/generic/iframe?mdtk=02312367&zone=2&type_player=0&sendstats=0&src=q0lqz5u&width=452&height=300&urlfacebook=https%3A%2F%2Fwww.techradar.com%2F&ad=1&autoplay=no&fstart=2&title=Xiaomi+Mi+11+%7C+Everything+you+need+to+know&endMessage=um_ultimedia_wrapper_ultimediaEndRoll&widgetPrefix=um_ultimedia_wrapper_&tagparam=&tagparamdecoded=&sspParam=&visible=&gdprconsentstring=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8ec272b76ebdf8756da8e60cbec342b26e1e314d223b828e34b02aedea5d6d5a

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: "498f8d87fcfe5e90fda6a3ae4c47c6b0"
x-amz-request-id: 9M07NDE5Q3E4Y6V8
x-cache: HIT
content-length: 14594
x-amz-id-2: OkGCPzFZar5mxwOs6JhOkVp79QeAfUMHFXWYNbf/l/bXVOqCLCiYV/W4QiZHYTcZYeDWpGnlyOM=
x-served-by: cache-fra19168-FRA
last-modified: Fri, 29 Jan 2021 19:19:10 GMT
server: AmazonS3
x-timer: S1624101537.585475,VS0,VE0
date: Sat, 19 Jun 2021 11:18:56 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 294

GET
H2 200 NRJS-85cca59f12bf4593115 Show response
bam.eu01.nr-data.net/1/ Frame 9A89 57 B
236 B 30ms
13ms Script
text/javascript 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://bam.eu01.nr-data.net/1/NRJS-85cca59f12bf4593115?a=158799923&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=377&ck=0&ref=https://www.ultimedia.com/deliver/generic/iframe&be=321&fe=342&dc=323&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1624101536219,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:2,%22rp%22:149,%22rpe%22:150,%22dl%22:152,%22di%22:323,%22ds%22:323,%22de%22:323,%22dc%22:342,%22l%22:342,%22le%22:343%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 varnish
x-timer: S1624101537.618133,VS0,VE4
strict-transport-security: max-age=300
x-cache: MISS
content-type: text/javascript;charset=ISO-8859-1
x-cache-hits: 0
accept-ranges: bytes
content-length: 57
x-served-by: cache-fra19178-FRA

POST
H2 200 NRJS-85cca59f12bf4593115 Show response
bam.eu01.nr-data.net/events/1/ Frame 9A89 24 B
135 B 10ms
10ms XHR
image/gif 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://bam.eu01.nr-data.net/events/1/NRJS-85cca59f12bf4593115?a=158799923&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=413&ck=0&ref=https://www.ultimedia.com/deliver/generic/iframe

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 varnish
x-timer: S1624101537.638276,VS0,VE3
x-served-by: cache-fra19178-FRA
strict-transport-security: max-age=300
x-cache: MISS
content-type: image/gif
access-control-allow-origin: https://www.ultimedia.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 24
x-cache-hits: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 117 KB
42 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KFKJ7S

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2caf174ed6d24a795610fd53645a4807320592e14310fb220f95772249729db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42393
x-xss-protection: 0
last-modified: Sat, 19 Jun 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 19 Jun 2021 11:18:56 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 90 KB
33 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KHCPGDF

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75c31224c26778b891b6059a4890944602233d94b66a0390c2832082cf2f0229

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34094
x-xss-protection: 0
last-modified: Sat, 19 Jun 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 19 Jun 2021 11:18:56 GMT

GET
H/1.1 200
OK future.js Show response
static.narrativ.com/tags/ 152 KB
42 KB 51ms
17ms Script
application/javascript 65.9.77.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.narrativ.com/tags/future.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 284fdff0fb208f095883c8dfe58887e7f489b1eb1d2983b4a723dbaabc911aa7

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:03:56 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 17 Jun 2021 16:02:22 GMT
Server: AmazonS3
Age: 907
ETag: W/"c4307a5ca4b62f1b7e6623c9136abe23"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 bdbb0d922c29917c00cfed799f55e7c2.cloudfront.net (CloudFront)
Cache-Control: max-age=3600
Transfer-Encoding: chunked
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: VYmogFCRMgMvay-lDqN73TQxdZ7TWA-gpiU3Fk12RGkKNhDCEZw8UQ==

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://futureplc-com.videoplayerhub.com/galleryplayer.js
https://btloader.com/tag?h=futureplc-com&upapi=true

13 KB
6 KB

39ms
22ms

Script
application/javascript

2606:4700:20::ac43:4686
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=futureplc-com&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08ab941f4ec89349e726684b25e12cf47e0743c8901666062a0e13ce9c7fe42e

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2832
content-encoding: br
cf-request-id: 0ac597dbf90000d6cd45828000000001
server: cloudflare
etag: W/"2a74fcb043e50cb8782f7ef75472de34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=UYVobXvfURETSGrQor4VatLVDMfD%2BKTAB87m8r8K%2FPtXpYmFyAD%2B34%2BPn0EGtWzcXRv9WwCZAQ%2FJE8oimXTwlghtthvL2Bdp%2FYIeovkjV0diNvzopnyvDSHqc1T%2B%2FF1WaAVOsps%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 661c5c0cc983d6cd-FRA

Redirect headers

date: Sat, 19 Jun 2021 11:18:56 GMT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ABf6iSlBXTUThCFoP7DXztbx1BCbRw7pktT6y0NuAaRqROo%2FvGuDABBC3l4hsna%2B2gcxnB2M51U6%2FJ3eKlth8TBwtjz3gd7QAXilFfIToA5yt8LhZWUa2CNXZIgoWdWzggxrA%2FwSC7Wm6L46WhCDYKyEr8m0Q2MLUA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=futureplc-com&upapi=true
cache-control: max-age=3600
cf-ray: 661c5c0c8c9e4eb6-FRA
cf-request-id: 0ac597dbda00004eb6171ce000000001
expires: Sat, 19 Jun 2021 12:18:56 GMT

GET
H/1.1 200
OK px.js Show response
p.cpx.to/p/11214/ 3 KB
3 KB 135ms
34ms Script
application/javascript 54.246.143.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/11214/px.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.143.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-143-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f8942a4d07d719aefb6790eec32e2d83ef40a9ddfe0e7571e33cf58a0d44262f

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:56 GMT
Cache-Control: max-age=2419200, public
Connection: keep-alive
Content-Length: 3015
Content-Type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ 28 KB
13 KB 138ms
35ms Script
application/javascript 52.211.195.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?195
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.195.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8036e893559287b0a9982f4476fc16208c7b98a0b0b73622085a1d7a35a62270

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:55 GMT
Content-Encoding: gzip
Last-Modified: Sat, 19 Jun 2021 11:18:23 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=86366
Connection: keep-alive
Content-Length: 12574
Expires: Sun, 20 Jun 2021 11:18:23 GMT

GET
H/1.1 200
OK pixel Show response
ps.eyeota.net/ 1 KB
2 KB 33ms
8ms Script
text/plain 3.127.178.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ps.eyeota.net/pixel?pid=1q6m4ou&t=ajs&sid=futurenet&fepPrimaryCompany=Intuit&fepPrimaryProduct=TurboTax&fepSecondaryProducts=Customer,Intuit,Software,Data_breach,Tax&kw=TurboTax,Customer,Intuit,Software,Data_breach,Tax,Business_and_finance_software
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d192dd389cf1bd71de9ec65f62295e0b44c2d75051d3d61c9bf863b7d3052ced

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:56 GMT
Content-Length: 1401
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 51 KB
16 KB 34ms
15ms Script
application/javascript 104.111.228.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js?referer=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.228.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-137.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 21 May 2021 19:14:21 GMT
Server: nginx/1.15.8
ETag: W/"60a8068d-cbc2"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Sat, 19 Jun 2021 11:18:56 GMT
Connection: keep-alive
Content-Length: 16078
Expires: Sat, 26 Jun 2021 11:18:56 GMT

GET
H2 200 fbds.js Show response
connect.facebook.net/en_US/ 4 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbds.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b0c3a6f5688d7e52c6c7eabc9ad866fa8e92127394cebae37f213bfe74d12add

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: oIqJpp3BDNewWvKv/k+ryw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 2164
x-fb-rlafr: 0
x-fb-debug: wQ+fve5sFuluEdu1FFT/8ihtYqIqGF+yuY+EhI3tpsTdd8sEoRUKwdVupviG/D1+lGe2DHBjYqdwR57regNIXA==
x-fb-trip-id: 686109401
x-fb-content-md5: 757c2318e9d2db1c084d55c461d41d31
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Sat, 19 Jun 2021 11:18:56 GMT
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "d7c9920b98da1e4e5e2c6089d36c8590"
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:20:44 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=230404523817416&ev=PixelInitialized&dl=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&rl=&if=false&ts=1624101536734

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 19 Jun 2021 11:18:56 GMT

GET
H/1.1 200
OK pixel Show response
ps.eyeota.net/ 0
344 B 9ms
8ms Script
text/plain 3.127.178.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ps.eyeota.net/pixel?pid=1q6m4ou&t=ajs&sid=futurenet&fepPrimaryCompany=Intuit&fepPrimaryProduct=TurboTax&fepSecondaryProducts=Customer,Intuit,Software,Data_breach,Tax&kw=TurboTax,Customer,Intuit,Software,Data_breach,Tax,Business_and_finance_software&c_b=1&gdpr=1&gdpr_consent=&c_l=1&c_s=0
Requested by: Host: ps.eyeota.net
URL: https://ps.eyeota.net/pixel?pid=1q6m4ou&t=ajs&sid=futurenet&fepPrimaryCompany=Intuit&fepPrimaryProduct=TurboTax&fepSecondaryProducts=Customer,Intuit,Software,Data_breach,Tax&kw=TurboTax,Customer,Intuit,Software,Data_breach,Tax,Business_and_finance_software
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:56 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1 200
OK Cookie set 75049 Show response
stags.bluekai.com/site/ Frame 89D9 71 B
1002 B 181ms
162ms Document
text/html 23.45.99.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/75049?ret=html&phint=kw%3DBusiness%20and%20finance%20software%2CPC%20%26%20Mac%2CSoftware%2CComputing&phint=__bk_t%3DTurboTax%20customer%20accounts%20affected%20by%20cyberattack%20%7C%20TechRadar&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&phint=__bk_v%3D3.1.10&limit=4&r=86830279
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js?referer=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.99.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-99-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.techradar.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 8bd8
Date: Sat, 19 Jun 2021 11:18:56 GMT
Connection: keep-alive
Set-Cookie: bkdc=phx; expires=Thu, 16-Dec-2021 11:18:56 GMT; path=/; domain=.bluekai.com; SameSite=None; Secure bkpa=KJhBMLNrQp9xCJXsqC9YSDQm3s3oz3+D+50H1D+LQVNAgIFAfqrrsCUJVrtwjffjmRZy38Ivyd7j9MRYNjvrxZoL8oODqbdKuxlmJVUO2WCNAoooe+x81taQk+gtGbD8vR2DlhZ7h54dgEP32uMN2zItfTK8HfnrFON1htTAT+bCDV9MCUwMB4TYoyATx3xm2dMgwGOki/pwWP5cS95z4nvHtSlfEmfqKSaj/vTr3PbuXA/FCJ9MuVtD8+yGtZA/Hn6GFbOzaXQy8ABt0hfoLAKtEa9WsnK/q6JDIEf4aIAikzEZABgZ5ehPHPZ44yexjUQ4; expires=Thu, 16-Dec-2021 11:18:56 GMT; path=/; domain=.bluekai.com; SameSite=None; Secure bku=vuDO9veupVe3pN/8; expires=Thu, 16-Dec-2021 11:18:56 GMT; path=/; domain=.bluekai.com; SameSite=None; Secure

GET
H/1.1 200
OK Cookie set session.html Show response
api.bam-x.com/api/v0/ Frame F9CA 637 B
2 KB 384ms
96ms Document
text/html 3.231.179.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.bam-x.com/api/v0/session.html

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/future.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.231.179.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-231-179-169.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

6246181ac297819af28db2b38ae02ec62ce6898359187bce59b9296a1b56dac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Host: api.bam-x.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.techradar.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-None-Match,If-Modified-Since,X-BAM-Params
Access-Control-Allow-Methods: DELETE,GET,POST,PUT,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Allow: DELETE,GET,POST,PUT,OPTIONS
Cache-Control: private, max-age=999999999, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=utf-8
Date: Sat, 19 Jun 2021 11:18:57 GMT
ETag: 1743865747002722027
P3P: CP="NON DSP COR ADMo DEVo TAIo PSA PSDo OUR BUS CNT"
Server: nginx/1.20.0
Set-Cookie: uid_bam=1743865747002722027; expires=Mon, 19 Dec 2022 11:12:57 GMT; path=/; domain=bam-x.com; SameSite=None; Secure
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Robots-Tag: noindex, follow
Content-Length: 637
Connection: keep-alive

GET
H/1.1 200
OK fire.js Show response
s.cpx.to/ 1 KB
2 KB 124ms
31ms Script
application/javascript 54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cpx.to/fire.js?pid=11214&ref=&hn_ver=16&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Requested by

Host: p.cpx.to
URL: https://p.cpx.to/p/11214/px.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

2645d09b4b8af80535aa165ec758091cb8826569b9cecea5ab2dc6186371b0b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sat, 19 Jun 2021 11:18:56 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=UTF-8
Content-Length: 1147
Expires: Wed, 02 Jun 2021 14:52:40 GMT

GET
H/1.1

200
OK

an_fire
s.cpx.to/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11214%26ref%3D%26hn_ver%3D16%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11214%2526ref%253D%2526hn_ver%253D16%2526fid%253D9affc115-13f8-4de0-9...
https://s.cpx.to/an_fire?app_nexus_uid=8933602836192316962&pid=11214&ref=&hn_ver=16&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

95 B
865 B

31ms
31ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/an_fire?app_nexus_uid=8933602836192316962&pid=11214&ref=&hn_ver=16&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sat, 19 Jun 2021 11:18:57 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Sat, 19 Jun 2021 11:18:57 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:57 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.137:80
AN-X-Request-Uuid: 2cd2aa87-8d31-4318-9e25-f2d96a654710
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/an_fire?app_nexus_uid=8933602836192316962&pid=11214&ref=&hn_ver=16&fid=9affc115-13f8-4de0-977d-d51fa30f34ab
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab
https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&google_tc=
https://s.cpx.to/ca.png?dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&google_gid=CAESEARMt-Xco_qyQHS1O2ciZcI&google_cver=1

95 B
804 B

59ms
30ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&google_gid=CAESEARMt-Xco_qyQHS1O2ciZcI&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sat, 19 Jun 2021 11:18:57 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.cpx.to/ca.png?dsp=dbm&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&google_gid=CAESEARMt-Xco_qyQHS1O2ciZcI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ 0
214 B 50ms
18ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=34010&puid=3a9a639ff9069377&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 403 sync.gif
dmp.truoptik.com/0362536315099b06/ 0
0 50ms
21ms Image
text/html 104.16.91.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.truoptik.com/0362536315099b06/sync.gif?cbk=https%3A%2F%2Fs.cpx.to%2Fsync&dsp=TRUOPTIK&fid=9affc115-13f8-4de0-977d-d51fa30f34ab&fck=3a9a639ff9069377&cbp=dsp_uid
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.91.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab&gdpr=0
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab&gdpr=0&cklb=1
https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=7077615781948950241&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

95 B
871 B

30ms
30ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=7077615781948950241&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sat, 19 Jun 2021 11:18:57 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Sat, 19 Jun 2021 11:18:57 GMT

Redirect headers

location: https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=7077615781948950241&fid=9affc115-13f8-4de0-977d-d51fa30f34ab
pragma: no-cache
date: Sat, 19 Jun 2021 11:18:56 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1
https://s.cpx.to/sync?dsp_uid=c45eb75d-38ca-4654-aeb3-8fa36a37a2f5&dsp=TTD

95 B
876 B

35ms
31ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp_uid=c45eb75d-38ca-4654-aeb3-8fa36a37a2f5&dsp=TTD

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sat, 19 Jun 2021 11:18:57 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Sat, 19 Jun 2021 11:18:57 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:57 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://s.cpx.to/sync?dsp_uid=c45eb75d-38ca-4654-aeb3-8fa36a37a2f5&dsp=TTD
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 179

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D9affc115-13f8-4de0-977d-d51fa30f34ab
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0CA14BCD-EA05-440B-BC90-69427E99453A&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

95 B
881 B

56ms
30ms

Image
image/png

54.194.137.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0CA14BCD-EA05-440B-BC90-69427E99453A&fid=9affc115-13f8-4de0-977d-d51fa30f34ab

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Sat, 19 Jun 2021 11:18:57 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Sat, 19 Jun 2021 11:18:57 GMT

Redirect headers

location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0CA14BCD-EA05-440B-BC90-69427E99453A&fid=9affc115-13f8-4de0-977d-d51fa30f34ab
date: Sat, 19 Jun 2021 11:18:57 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK sync
pool.grid-data.bidswitch.net/ 43 B
220 B 39ms
9ms Image
image/gif 18.195.130.212
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pool.grid-data.bidswitch.net/sync?pid=42
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.130.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:57 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 37ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.techradar.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.techradar.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 266 KB
86 KB 1312ms
1311ms XHR
text/plain 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=351294456403875&correlator=1323011451350270&output=ldjh&impl=fifs&eid=31061160%2C21064367%2C31061004%2C31061199&vrg=2021061503&ptt=17&gdpr=1&sc=1&sfv=1-0-38&ecs=20210619&iu_parts=10518929%2Ctech_techradar%2Ctrpro%2Ccomputing&enc_prev_ius=0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3&prev_iu_szs=728x90%7C970x90%7C970x250%7C980x240%2C300x250%7C300x251%7C300x600%7C300x601%2C300x250%7C300x252%7C300x600%7C300x602%2C300x250%7C300x253%7C300x600%7C300x603%2C1x1%2C320x50%7C10x10%7C600x120%2C1x1%2C970x90%7C728x90%7C728x91%2C120x600%7C160x600%2C120x600%7C160x600&fluid=0%2C0%2C0%2C0%2C0%2Cheight%2C0%2C0%2C0%2C0&ists=40&prev_scp=pos%3D1%26placement%3Ddfp_rs_desktop_leaderboard_1%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3D1%26placement%3Ddfp_rs_desktop_mpu_1%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3D2%26placement%3Ddfp_rs_desktop_mpu_2%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3D3%26placement%3Ddfp_rs_desktop_mpu_3%26format%3Dadx%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cplacement%3Ddfp_rs_desktop_overlay_oop_1%26oop%3Doverlay%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3D1%26placement%3Ddfp_rs_desktop_in_article_ad_1%26format%3Din-article-ad%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cplacement%3Ddfp_rs_desktop_skin_oop_1%26format%3Droadblock%26oop%3Dskin%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3Danchored%2Csticky%26placement%3Ddfp_rs_desktop_anchored_leaderboard%2Cdfp_rs_desktop_sticky_leaderboard%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3Dleft%2Csticky%2Cleft-sticky%26placement%3Ddfp_rs_desktop_skyscrapper-1%26format%3Dskyscraper%2Croadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%7Cpos%3Dright%2Csticky%2Cright-sticky%26placement%3Ddfp_rs_desktop_skyscrapper-2%26format%3Dskyscraper%2Croadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno&eri=1&cust_params=site%3Dtechradar%26url%3Dhttps%253A%252F%252Fwww.techradar.com%252Fnews%252Fmultiple-turbotax-customer-accounts-hacked%26test%3DA%26screen%3Dlarge%26source%3D%26kw%3DTRBC%252Csecurity-channel%252Ctype_news%252Cchannel_computing%252Ccontentdev%252Cvan_buying_guide_progressive%252Cserversidehawk%252CComputing%252Csecurity%252Ccybersecurity%252Ccyberattacks%252Cpasswords%252Cpassword%2520management%252Cpassword%2520hygiene%252Cfinancial%2520software%252Ctax%2520software%252CTurboTax%26vertical%3Dcomputing%26pagetype%3Dnews%26manu%3DIntuit%26articleid%3DARkEYF62AjyBhsyqTujkjW%26sitePlatform%3Dvanilla%26fepPrimaryProduct%3DTurboTax%26fepSecondaryProducts%3DCustomer%252CIntuit%252CSoftware%252CData%2520breach%252CTax%26fepCompanies%3DSoftware%26fepCategory%3DBusiness%2520and%2520finance%2520software%26fepGroups%3DBusiness%2520and%2520finance%2520software%252CPC%2520%2526%2520Mac%252CSoftware%252CComputing%26fepPrimaryCompany%3DIntuit%26primaryCategory%3DBusiness%2520and%2520finance%2520software%26secondaryCategories%3DBusiness%2520and%2520finance%2520software%252CPC%2520%2526%2520Mac%252CSoftware%252CComputing%26bordeauxLayout%3Dresponsive-desktop-article%26bordeauxFormat%3Dresponsive-desktop-article&cookie_enabled=1&bc=31&abxe=1&lmt=1623932019&dt=1624101537177&dlt=1624101534570&idt=512&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C965%2C965%2C965%2C-12245933%2C635%2C-12245933%2C315%2C115%2C1325&adys=185%2C543%2C1592%2C2877%2C-12245933%2C1530%2C-12245933%2C1110%2C365%2C365&adks=2162323382%2C1137301587%2C2343966432%2C1779243833%2C3138391978%2C4017967611%2C3138391972%2C2333350355%2C1346052358%2C1346052359&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&ifi=1&u_tz=120&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x-1%7C300x-1%7C300x-1%7C300x-1%7C0x0%7C602x350%7C0x0%7C1600x-1%7C160x-1%7C160x-1&msz=728x-1%7C300x-1%7C300x-1%7C300x-1%7C0x0%7C10x10%7C0x0%7C1600x-1%7C160x-1%7C160x-1&ga_vid=853721705.1624101535&ga_sid=1624101537&ga_hid=1898871928&ga_fc=false&fws=644%2C644%2C644%2C644%2C132%2C644%2C132%2C644%2C644%2C644&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C0%7C1%7C2%7C-1%7C3%7C-1%7C0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

dd8462581fbf0cc10e037227ac64af5dbfef91db165a3b932c08636fbdae1224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88076
x-xss-protection: 0
google-lineitem-id: 5721362321,5721362321,5721362321,5721362321,5715967367,5650696253,-2,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 524280024673,525562854157,525562854157,525562854157,138352726963,138344316664,-2,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.techradar.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 60ms
14ms Other
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK app.js Show response
vanilla.futurecdn.net/techradar/296797/media/shared/js/ 328 KB
85 KB 33ms
33ms Script
application/javascript 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/app.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 7a1ab1bbff48ffaf19924ecc9eceadd85d61899da1b6fae2d1f71841b3bb8927

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:33 GMT
Content-Encoding: gzip
Age: 15204
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 86353
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:DD46_00000000:0050_60CD973D_30CF7:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:17 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ed-5212b"
access-control-allow-methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:34 GMT

GET
H/1.1 304
NOT MODIFIED session.gif
api.bam-x.com/api/v0/ 0
825 B 97ms
96ms Image 3.231.179.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.bam-x.com/api/v0/session.gif?uid_bam=1743865747002722027

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.231.179.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-231-179-169.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:57 GMT
Server: nginx/1.20.0
ETag: 1743865747002722027
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Access-Control-Allow-Methods: DELETE,GET,POST,PUT,OPTIONS
P3P: CP="NON DSP COR ADMo DEVo TAIo PSA PSDo OUR BUS CNT"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Cache-Control: private, max-age=999999999, must-revalidate, proxy-revalidate
Connection: keep-alive
X-Robots-Tag: noindex, follow
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-None-Match,If-Modified-Since,X-BAM-Params

GET
H/1.1 200
OK related Show response
api.vanilla.futurecdn.net/article/v3/ 3 KB
2 KB 90ms
23ms Fetch
application/json 185.113.25.62
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vanilla.futurecdn.net/article/v3/related?articleTerritory=US&count=3&site=techradar
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.62 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif01.web.future.net.uk
Software: /
Resource Hash: 132e07f2ff5c408cc7d7b7e8e0ab00df19f8dcd7590fc29eef84ba1294abb3a1

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:57 GMT
Content-Encoding: gzip
Xkey: techradar-article, techradar-article-latest, techradar-article-api-6bd589456c-trlmn
Age: 356
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
X-Backend: default
X-FTR-Cache-Status: HIT
X-FTR-Balancer: apiproxyprod01
X-FTR-Request-ID: 00000000:A1C6_00000000:01BB_60CDD2A1_21C0A01:596D
X-Served-By: cache-api-79cb4f9fbc-bmvb2
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
X-FTR-Backend-Server: http.van-prod
Cache-Control: public,max-age=900
Access-Control-Allow-Origin: https://www.techradar.com
Expires: Sat, 19 Jun 2021 11:28:00 UTC

GET
H/1.1 200
OK related Show response
api.vanilla.futurecdn.net/article/v3/ 12 KB
4 KB 92ms
24ms Fetch
application/json 185.113.25.62
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vanilla.futurecdn.net/article/v3/related?articleTerritory=US&articleVerticalHandle=computing&count=15&site=techradar
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.62 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif01.web.future.net.uk
Software: /
Resource Hash: dacda9fa5e09c78ad75e74c2c878693d483d38011690f2fb77d38dd3cb32fc0b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:57 GMT
Content-Encoding: gzip
Xkey: techradar-article, techradar-article-latest, techradar-article-api-6bd589456c-trlmn
Age: 823
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
X-Backend: default
X-FTR-Cache-Status: HIT
X-FTR-Balancer: apiproxyprod01
X-FTR-Request-ID: 00000000:A1C2_00000000:01BB_60CDD2A1_25A751F:596E
X-Served-By: cache-api-79cb4f9fbc-bmvb2
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
X-FTR-Backend-Server: http.van-prod
Cache-Control: public,max-age=900
Access-Control-Allow-Origin: https://www.techradar.com
Expires: Sat, 19 Jun 2021 11:20:14 UTC

GET
H/1.1 200
OK related Show response
api.vanilla.futurecdn.net/article/v3/ 12 KB
5 KB 90ms
23ms Fetch
application/json 185.113.25.62
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vanilla.futurecdn.net/article/v3/related?articleTerritory=US&articleType=news&count=15&site=techradar
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.62 Bath, United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif01.web.future.net.uk
Software: /
Resource Hash: 248f51c9a7f6136709822ceccfe6f73892d869514a8368ba7f4d542965c22088

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:57 GMT
Content-Encoding: gzip
Xkey: techradar-article, techradar-article-latest, techradar-article-api-6bd589456c-72b8t
Age: 231
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
X-Backend: default
X-FTR-Cache-Status: HIT
X-FTR-Balancer: apiproxyprod01
X-FTR-Request-ID: 00000000:A1C0_00000000:01BB_60CDD2A1_21C0A00:596D
X-Served-By: cache-api-79cb4f9fbc-bmvb2
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
X-FTR-Backend-Server: http.van-prod
Cache-Control: public,max-age=900
Access-Control-Allow-Origin: https://www.techradar.com
Expires: Sat, 19 Jun 2021 11:30:06 UTC

POST
H/1.1 201
CREATED / Show response
api.bam-x.com/api/v0/events/impressions/page_impression/ 0
915 B 105ms
105ms XHR
text/html 3.231.179.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.bam-x.com/api/v0/events/impressions/page_impression/

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/future.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.231.179.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-231-179-169.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept: {"uid_bam":"1743865747002722027","BAMX_Opt_Out":""}
Referer: https://www.techradar.com/
X-BAM-Params: {"uid_bam":"1743865747002722027","BAMX_Opt_Out":""}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 19 Jun 2021 11:18:57 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Server: nginx/1.20.0
ETag: 1743865747002722027
X-Robots-Tag: noindex, follow
Allow: DELETE,GET,POST,PUT,OPTIONS
Access-Control-Allow-Methods: DELETE,GET,POST,PUT,OPTIONS
P3P: CP="NON DSP COR ADMo DEVo TAIo PSA PSDo OUR BUS CNT"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Cache-Control: private, max-age=999999999, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-None-Match,If-Modified-Since,X-BAM-Params
Content-Length: 0

OPTIONS
H/1.1 200
OK /
api.bam-x.com/api/v0/events/impressions/page_impression/ Frame 0
0 381ms
97ms Preflight
text/html 3.231.179.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.bam-x.com/api/v0/events/impressions/page_impression/

Protocol

HTTP/1.1

Server

3.231.179.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-231-179-169.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: accept,content-type,x-bam-params
Origin: https://www.techradar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: accept, content-type, x-bam-params
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin: https://www.techradar.com
Access-Control-Max-Age: 86400
Allow: POST, OPTIONS
Content-Type: text/html; charset=utf-8
Date: Sat, 19 Jun 2021 11:18:57 GMT
Server: nginx/1.20.0
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Vary: Origin
X-Robots-Tag: noindex, follow
Content-Length: 0
Connection: keep-alive

GET
H/1.1 200
OK missing-image.svg
vanilla.futurecdn.net/techradar/media/img/ 3 KB
2 KB 34ms
34ms Image
image/svg+xml 67.27.234.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/techradar/media/img/missing-image.svg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 131423a5b0117aa6fddbde39abed88048b2ee6a147ade1fbf040b551614ab2d2

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 07:05:31 GMT
Content-Encoding: gzip
Age: 15206
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:99E8_00000000:0050_60CD973B_30CF1:4AE3
Last-Modified: Thu, 17 Jun 2021 10:33:16 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"60cb24ec-a6b"
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 19 Jul 2021 07:05:31 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/app.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 3257
date: Sat, 19 Jun 2021 10:24:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 19 Jun 2021 12:24:40 GMT

GET
H3-29 200 container.html Show response
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4665 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Jun 2021 11:18:57 GMT
expires: Sun, 19 Jun 2022 11:18:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B999 6 KB
3 KB 19ms
8ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Jun 2021 11:18:57 GMT
expires: Sun, 19 Jun 2022 11:18:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3d2fb5e2edecc03632d4232f8956dfc6cea25557cdd082cab892d00f2769bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842926269324"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28241
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 container.html Show response
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1CD5 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Jun 2021 11:18:57 GMT
expires: Sun, 19 Jun 2022 11:18:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0263 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Jun 2021 11:18:57 GMT
expires: Sun, 19 Jun 2022 11:18:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 loader.js Show response
config.seedtag.com/ Frame E2A8 39 KB
12 KB 55ms
27ms Script
application/javascript 104.18.133.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://config.seedtag.com/loader.js?v=0.11664520064068995
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.133.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bd8efc43a7c783ebcfdd6eeaa231e502ffac82fe6983e457eea36a301c7d5a9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 37339
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597e3200000fb5c8397b000000001
last-modified: Thu, 17 Jun 2021 12:55:57 GMT
server: cloudflare
etag: W/"9d792bdd87b28f2ee6e949f770af5482"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 661c5c1838c5fb5c-DUS
expires: Sat, 19 Jun 2021 11:38:58 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6037 0
0 42ms
42ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMp-qDJE_LLMrjC_9i3XnkqF1mmpgCFABNP_VOUxnPMvfFw4gCgqYShUAaX8BFN3JvSCjTFec7xKT_1AAR3dDU3tsYjtidhEHytbQr5jZVkKubA4dvE_a3lD8X7pUWRJrxPu7gSLoUBANtRcuGzRuTZ8tfXK1uOnxyDbm-d1zcwWcK58H22GMY19kIToZ_fay7kXIQz93PaU9PiehBjFSj9Ek2ubiNtyWwEDoGGx1ic0hBplfhvRtfkQxpHeZZ4gNkDioqXMDdJEJ-BWUGWuv6pEgtmQ5uBjQIQux2BYmOTSHRd8aXYJHW2G2QzVxljGn5H3fznCk&sig=Cg0ArKJSzKjiudonoEBFEAE&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 6037 17 KB
7 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:10:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7072
x-xss-protection: 0
server: cafe
etag: 14457676323939599074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:10:45 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 6037 3 KB
2 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6037 122 KB
37 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H2 200 1641825327934747947
tpc.googlesyndication.com/simgad/ Frame 6037 60 KB
60 KB 28ms
8ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1641825327934747947

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e743940bd3e7cb4cea3c663f6ef0b57271fbf3e4bb26e8565faf5cdf749f213e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 11:38:43 GMT
x-content-type-options: nosniff
age: 603615
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61445
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 13:01:23 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 11:38:43 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032106141722000/ Frame 64CB 189 KB
55 KB 35ms
4ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032106141722000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1275f5002f1fb5418de69bba40d0be4b9613e7aa418ee1e4944fe3d3dc3040ff

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 310222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55231
x-xss-protection: 0
server: sffe
date: Tue, 15 Jun 2021 21:08:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a1cc68f2f20fccef"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:08:36 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032106141722000/v0/ Frame 64CB 13 KB
5 KB 50ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032106141722000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73a783d2e5f778e1af41cc4126dfea9956cf43a518e2707658c0200c93765527

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 310222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4808
x-xss-protection: 0
server: sffe
date: Tue, 15 Jun 2021 21:08:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "20d5993134a00e72"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:08:36 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032106141722000/v0/ Frame 64CB 85 KB
27 KB 47ms
17ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032106141722000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10bfad757ebad3e5250a813741d2e98dde085d3dee974beaa2fd5b3d8c76f21

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 310222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27288
x-xss-protection: 0
server: sffe
date: Tue, 15 Jun 2021 21:08:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0e18b5d4ac760a2b"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:08:36 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032106141722000/v0/ Frame 64CB 3 KB
1 KB 46ms
16ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032106141722000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b51423401412ab5d2fec98015b6892087f95d633507fb7a047e9851abb23f221

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 310222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1299
x-xss-protection: 0
server: sffe
date: Tue, 15 Jun 2021 21:08:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da415af7878c9ead"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:08:36 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032106141722000/v0/ Frame 64CB 40 KB
13 KB 46ms
16ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032106141722000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06503352984183697b7695de1d989652bc05634c474b958169e92a3b430d9d34

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 310222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12849
x-xss-protection: 0
server: sffe
date: Tue, 15 Jun 2021 21:08:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b6ce0de783bcb6f"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jun 2022 21:08:36 GMT

GET
DATA 200
OK truncated
/ Frame 64CB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9de171624db5ceebc3a80b2470c8b39c826b8b3e900c6a61ff5d403667d7ea4

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 container.html Show response
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A517 6 KB
3 KB 9ms
9ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Jun 2021 11:18:57 GMT
expires: Sun, 19 Jun 2022 11:18:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1EE7 6 KB
3 KB 11ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Jun 2021 11:18:57 GMT
expires: Sun, 19 Jun 2022 11:18:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame E2A8 0
23 B 49ms
42ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssXG1KeLgugc1_fG_A1mt38OJubk3W3afJMNrtj7vy2WO5XC6w-cOAJMYtW81bsbGgbvf4pTDSiVgDll7Sn9Qf0PbH9W1DzuLgT0oOqTY1XRk1D7XtNYwprQsoxG-6Zu8DY_9UBrfDPUk4999eAodnLIbl0kLA0v6onywXZWxocveaoJLbwucxuhI8wLUXvJKL_2KUeiKtTdCVQsYgrEqOCLk8jVbSXhAX-HN6ldAnZTzqw_t17BAp4Nbk4TGiFVhwj_pEM7guBNz69ErzpkUnnoktMImsrHr6sQJF-cHS1ooecaL2ROQwMcaiVnKEotPNQm0ou9bw&sig=Cg0ArKJSzPCRV47BFRKZEAE&urlfix=1&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 3386408582312724794
s0.2mdn.net/simgad/ Frame 64CB 329 KB
329 KB 44ms
12ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3386408582312724794

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7596715c38f9d9cb99868ddaace96be2dd70b73bd0db7f6e51452320ec6c9672

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 15:35:04 GMT
x-content-type-options: nosniff
age: 589434
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337074
x-xss-protection: 0
last-modified: Mon, 12 Apr 2021 13:27:25 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 15:35:04 GMT

GET
H2 200 2802763622382265143
s0.2mdn.net/simgad/ Frame 64CB 30 KB
30 KB 35ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2802763622382265143

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc07683824de08b1a3136c6c195ac3983eea1d32f3b2dab2b11c2ed14cd03a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:14:15 GMT
x-content-type-options: nosniff
age: 283
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30687
x-xss-protection: 0
last-modified: Mon, 12 Apr 2021 13:27:37 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 11:14:15 GMT

GET
H2 200 ad
googleads.g.doubleclick.net/dbm/ Frame 64CB 42 B
339 B 34ms
29ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DfykesiPBh787vTuYbLwsJkG3YhnhohNUtNDzbtO3_PsTHj75VIbViZogMUE0uJ8ojkkB0zup1XkSFVJzIdTUZyFkMGFqxv_TPvAGZ9wfYFo9v834Qf-rwcSj52OhhZQRsQ0vkDlnN02N98lRUxHr9NFSYcQ&dbm_d=AKAmf-CvJGNbeFhJ0hc6dwDZQfr_GTGs_4C9po7axPBmW0qn-WPMA8WgMTi4InZnTed8Up8k0nnXSj1ZVmAYdClqtnR9O8vJNvbPlPyutC-LmtxFHRphCRNFk5Vm8X7tB0DIIWiGLzwQuRDWjWz_iejBWaK25bb0kBCNAXcsOnpyL154wjJxpnEU4yVapthTvkRY-MnxtjhA6l7GcDSB5Dt_LH0gMQX-PrUHpVn9AkYTwxfRCiRSmWIuACmo7AfIuvWHEvrYdP3MAfFjgJeWDELOPQvOLXNNDKYKIhqpgS6QMo63p0W6ylZNKgT6jRBGUFvHOrVk1wtUed3xmo01L336bhbmCmcmxMsqHNmO40ZfpdAjL4o8f4wQPkWIC-G5Kbgxpq7WdATZvb9vbCPg3I6NGDuZaE39ZDQgedh6qxA-vicMDB2XqB3E27Ea3L-1OJm-4v0R7aneJZMkGi7ttoUOfElX0NCQwbvgQTTqsmOAvVdk_DhPbZoM9cG57dLHP_vkPK269KM_0WhU9NyQDGsXkfab12xKokWRmkMvSXAXHOpbRABl9n-3yvM2Y6OSxw7uKkCdorbkdxow4ZYahMDjB9v7Dz6z3dquWFI6mjNTFPWYlItFXnMdMcR8SQJRenwKZZz8VJ8IyrBin2HPwsH9Ry8u7po4BVRLJV9LHsQoVZhDFbCuk7zVHoCf_pTkIAswF0bhi1au3McWL5x2raQjWE4lxaPz5abFcG8BCF853wAvy5znZG8olQ8VapsUor-DzZMLrarnAhA_02t89tBY8BMmAEfoxrGyaovDA3DIdkpyGa7EB0Xh_XMxsL1bpRJfAGw-Q76-JGyNFTd_7sSC7DVQjBA2aGyHdg-6PvdFP6IxsJx5ZAb8njBYGBYjc5KQ5q2rP-Fs4JDtPD7fznaXAqxJFC2o9f-vUchRVbOG8NCgUZcpRY0JJhsyEYSFGnSwZc19mfgjUIeecGiiGHaw8R3G0mAJ2Afz0D1Y2IWi-rLDC-XWqWCx0iMYLBrlcAHQyyRtNFbBjSYm8vxo45YvFPDccd2ZQR-tttbl9lDVvx8xNMoGYz_uAIzpOjZD-KDVvzMuAPiBkadV_y5wCL6sQnA7jicog-i4bAckC9hvpow8Yy91x67Lukf8kwCw77XJl140665EUx9sgL-9qfjy8QB32GunF6ZvDKl3Lk56CWPBU42gtPxtQmaB87EAySlh3xH36v_RbBZjel-I2werJvJ_6m4ArAVElb0-9hyaEwK3XPr8Ko51g5NMoocyOtOAMOqSRg8TEQrE5TDW4eIcnJKO4U0WLnYX10TIqvhAtKQpFUyLpzzO7YotwNFGaDjp5u-BSCX33igWGt-LCKt7sV7jZU_n5VrZYjKKcPWLO7sqQohvwtr-zGAIOLiLb89B4nP82Lkmf3mDx_7ZvKf3_Aw-USnH91u6b-4HiAgpYGG6f1Yc2fjzFZ4Lw0ZBn18XTxWXApD9mKmhKC2OaC33VSFQ7YMHXllNLFQA41iwihac4xhW0oAuHyGo_43T4e7tBZZA-fOuG-aGIbG4_npZKsGO-sk6fReDKaDE0bwQp_WIDLhA6Wb41IQs9aSXGWUUA8xxYLdEANGnbqnqMIXRRPeuoQJnD5tcSqjhV56MubCYnEDiQ8RCHzHr__FHHDQSWQzwuNAYCDEEMG97dQLggY8ZIvyHQewPhuZvGR8PAEuGC265mMWf9o2rQ7u1BLycDcnREdXzc04TCvpzC2ternroGL1EPiyNnQHj3wu9lF3wEJxclsgYix0-XORop81fM0DqiWjT2mKMivnW6GGsEoeZWNPN7_pHQFNVHuYTKboOFhU9LY20XoBvTw6tXeIrWIpONkNsE3VIZ5mbVRTIadFCDerrSc0rFz70vX91jHPdD5_Vfy3oEbHFfi_OxxXqKq78Sf6ffl_cfSabA2QJkLbit4WFpBFsBVkAevFF11cvl1Cek9n3w9NBwOgy06ssxV2Sr0lQ50DfV0jRHfrHpoW41xZ-y9iWfa2NShTsCdWKWOkNY4YIwbUV9MZFtsO782SBGG1izKa4xZQkiV07qAn4BxiC0NzK13fajzSyZ3BlHoJg3MHke1Wf8YkCDfYl-ddeDKf7YvF50NLQ6cDabnrUQAm1SKWsdw3xLDLlLPxgACg6OhkNKex5XC2UhvLqILK95o5ZdJsycSoEhj_80vj7eXmlirC4M4771HoCrQ-U_4_b-gmIPwn_deuDALVIOJy_6Nw9g3_m9jE5xRkVkrUSaNui-ElH38hM9cb54mqVu5946gDL9qk0Wuijv0XSDKk04NA0T1Ir6TsUcs7i9iVjb7xo8BupKda2FSekRofPfVuyLKkus5N0vmMF_6-Z-9tyURn7q-PlXVwQFBO4YXUAiKelsyj-Oar4HJDQdyDkQ0LczRE838eXuxQ7pvSsN8BWckVOlJWwVTc_eI97zf1neavLe5ad1MK6lQSZtO7ON8CYffSj1eovkzU40lXqeuO3e-YaRW2NeaAz-IT8Qoie64D1P4FckYfEmtsMRmgtOT3hj3S8EiaVHOwceA5ay9SoPnvwUkKpeho2xqGGRO8RhHtXt51Lb8zPtLT8gyVlDMgXog8r-hIM_RAaBEclwp9oMyrpYd1JhaPb2eG2DQPcbVGpOWEFfqyl9WBgP9HbeW43NArPwMrhEDgrbL6PKcEVf0MQMNf7Y2Nj2sMcu121Bu302dBAMG6w-JCGBpn93wCamH_BH8kxv9X4YNBI9tFSQ40QGHc2uWLe_9FR-JPBdpicCI0-xQ6WZCNTqGf8s-AzYCl-DmOJ2k2cuRaCA9PopgLNULXGPDFrgB3_-drXu_bTBk6-pFK93tFAWaFRf9nkCZg9ol0ouGnayhlWNBQzeqcOYGKGH_zP5Kq3qAnhB_zjb7XNtWSc0qIJe7JPE0mjPcJvyqhyhOvGHpbIUYw7MUMhNR5MxDNtrUOnRWwPAdcsbbBNaw9DZ-EKaXKC-d74Kr64FTOyE2ndFxMF-liJEiV4-Kj9z2Y8iGzQZX84QuoiIHaahFriaSsidp5zypHCWQkxxR14xMpdFgicgepSjw-LRWOBYq_JJj8nhG6xS1W9iA&cid=CAASEuRoDGbkfk506Dou7osBnBjG7A

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 64CB 0
0 47ms
42ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CjIaJodLNYIi4Edn_gQeB_bGIBvr0hchioL3YgIEOm7bw44MdEAEg5-WiGGCVgoCAsAegAe7JlO8CyAEGqQLiB2L-duezPqgDAcgDCqoE-wFP0G3c5Tqh7W7dQez2Q9fBH9Tf4S8r4FPEWmHTEtH-yZWF5HXKlqxzC2oqmtmvxZNgeRhwFbnv2Fb6C8eVhHKcVP6hyiqYxp7BL8sxty8heaJW8dBXb7dPVoPVewk82DpZaOrUdESG-YKGfjFw7VmwT9PfEVe49TJihF9n1PL9azQuBqlnqrVuQEXq-AO3jZdSgIRstamCbXuY735r-uq1PSncr_dZI_OaEiT3GaStGjM_Lptie2kn4mxLrgFcDy7oRTUwubc6PgR8f3sWbRlLyMoyY4L9XqpoqsvX7oL_TGjsxapBh0obZ6s_hGgPx2Xsz6lZTOe17bBik8AEjYfFmsID4AQDiAXg7Ke8L5IFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AH-rXrkAGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG9gHAfIHChCrlRgY9YeOpAHSCAkIgOGAEBABGB2ACgPICwGwE7m_oAvIE9b08gjQEwDYEw2IFAPYFAHQFQGAFwGyFxoKGAgAEhRwdWItNTc4NzU5MjQ4Mzc2Njc2MA&sigh=pFRAKEPHKlg&cid=CAQSOwCNIrLMAaB2kUTU-Wxcp8pdot5XZ_ENBtfT9MqvTOu5f6MKq24a8DzpbwJhVMy9X6DSl_WdLQ4Pak4m&template_id=509&vt=10
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 64CB 0
0 25ms
21ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRN4nSur82eUJBT4kbe8Hcau_l7wnkwiNk0TUKs1ldCkQzOMPvrxE-NaFo89thTuSRQwqgjP7WCyAPOAXgot2XQcMA0ZQ
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 64CB 2 KB
2 KB 27ms
6ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 07:08:16 GMT
x-content-type-options: nosniff
server: cafe
age: 15042
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 20 Jun 2021 07:08:16 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 64CB 295 B
319 B 27ms
6ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 09:59:33 GMT
x-content-type-options: nosniff
server: cafe
age: 4765
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Jun 2021 09:59:33 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 44ms
17ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021061503&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8bef438d7f943286be82b012f97f30294ebfcc0f1164b889d7e577722866905

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7850
x-xss-protection: 0

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6037 0
0 95ms
78ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnex-4dJMhZ2B93TSAEm0DDhQlPpPtTmnwPDvo1jrXpEtsWYvqh5lZhR4CDdSfR7IrAvZiglx423-L4YezDlxGuiXbBcbzu-wpF5_4b6xmZoNKGatyWpi2CLa5KK9UcNwdHxkmkP5HqRgjV_1260mSx7iWGksqAmTZdVBPF6BtQCkhUFPXS407mVx-PtW-KNtCDvgBOo0hHY3EDV9MEYBDh5j1OK3DQy19FgpXMg_2moKSKyRItwDGlu9SQRCjer-m_g3_TxwKLJXBqF3v6fYYGZ6ej_Do70JoNHmxIFN1GljrAvsNJrZJ-yTONdjhHhFxJxmf4sm9Ww&sig=Cg0ArKJSzFltS1bQRid4EAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
DATA 200
OK truncated
/ Frame 6037 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da0d225b827963ce2ee07f67c70d9358566745bd7e386b64ee0eabf015cffa1e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 78D2 49 KB
14 KB 148ms
45ms Script
application/javascript 52.212.39.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=923193&campId=600x350&pubId=175633129&chanId=21792298605&placementId=5650696253&pubCreative=138344316664&pubOrder=2828023179&cb=120509958&adsafe_par&impId=&custom=&custom2=
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.39.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 890fcfaadd00fd8483e1ba7b51c31b099af96c719211d43df3838be8288641b9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
x-server-name: app06.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 06B5 624 B
297 B 49ms
49ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhikz8SrATAB&v=APEucNUPeZ7sY74KBN6QuT6zjFFv80dbg2v65GOy9fpmlsQ6YB-DNM3gYtycmFvBktDgX9DJXd-A7RV8yHEvb7hOmLn5_m0mp9Bwc_5ntm2QPGUdI1KSrcCL118c4EgqXgYpTg197Me0XZXfGtB8U2rbxemeRCsGCgCpWwyofWobEtBP9LQz8tg

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMeYigEQu8ShAhikz8SrATAB&v=APEucNUPeZ7sY74KBN6QuT6zjFFv80dbg2v65GOy9fpmlsQ6YB-DNM3gYtycmFvBktDgX9DJXd-A7RV8yHEvb7hOmLn5_m0mp9Bwc_5ntm2QPGUdI1KSrcCL118c4EgqXgYpTg197Me0XZXfGtB8U2rbxemeRCsGCgCpWwyofWobEtBP9LQz8tg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmDyB5mnLxUGuOFtHYHZpmMzhEKJo_vZ4lAVLDu-eF-VHVRxl3WvZ_hXEa8Jh0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Jun 2021 11:18:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4665 61 KB
24 KB 52ms
52ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJIVNhG8FD8bCmR7WlQ3LQDRTQ31vg3hpVFPxQpJ9lcwJZaTAYziiYPkienomdppOb3hUe2PNjSYDcGvJsyQFG5VmXEahByioGkEZ4WJuB7KzFYt2urzKCClOIFU4YMp6HkY9ddzU2VVxnUKbO4VUkc1n3lA&dbm_d=AKAmf-CUVuGwh96dHSRCpYHNs4rmDpqv0AgBTAmTv0NkoeaK39pW9HtgkKlPEM6t2uturxicS5uBqBbH3sZi2FE5u9J2vOSkuVPQ8SVmPXV_L7STqDZfXECn0MLpYHucZSRM6RDdFeH6LLlIo850j8SgSLVYru_XyzYmwUXVsq-AIF9RDrdwfD0LG7kmRb8cemO7NgXA2l550nD_sKS0zCptlVuGsL_bj-91E0eh4TzUbveUQkgSmlTBu_ySqvh6MNs0Rws1HLQPN5FXlmVfJ3gaZ8tXJnjgzsX2ECeGk_KJXs7x-tbZfBW3tOAIoNURZj3JtXg8DgMYQtjFwSHvm5nFCVYR-cT6FmyH6ZdVYiDXItA986bHQccHKVrSHjiFs39D2iPP3_-5jJnXrlFZub-jsoafjX7mx6wXSGljFq1WvB9xGVgmD8GQHx6pS5BwFV2IslkJofU6Roi9ylFJRL0xkdBWv6Ge5UdC4Iz7siwBXgAMwkYePfXbnKyzUdtpKIUSajoLeCgQcJLwDpKEmbh52bPVFlNnkNZ-FveVuMKNx_DbCMR9XMRXcYcQ6UDsyZrd2f83ROSxuxaOevNmGNDTVs3G6UYuNpLomnmXN2-GjTwhaLnazItG2R0-4d0S2bK03GCkWoDg5whbsA6eNmzW-YBYIWZwpoKsRIues39eRmQw4Z9FTL6cY_rALTl72wnL3d8kmQe7V_3EEGDcQdnASBMx2iXGVPe3c9RVlkTiavZptKFZwwtT9wLda5_YKB3MAuch7wvtBCONylVFp9ivjDeHXGiTlhdJqLv3FgdWazel6Il8pQjiIIjrC5EB5xqVuauUE3rSU-x-HuJBAe6y08acMEwttBNjfpLtqsid-AAxent7REJU-bRIpr6yh_p9ewPku4_ptxOWbjCa8_LczWTu3msE71SitEnhZLFnBUwrYvELGkJshvwzIPg3t4NDYpGC8UzgXPEnA3lawpur7qb7rwy6pMAunl4cm_r3aYvVGfLZqcpay904DOXg9RNTeA6pwefS3BzKjQuzAmgx8HkpPUSSBp2NnclxAwzvleXZjqzK6MD5eKYljdL1oZ4SSkhYZ6hLQmbYiX7OsxmCxabrBv5A69xZyUOpzKWyTrME2h5payEDx01nhxwHUJDZCVVUN2VJLAQxBO912xxYPf0zUGoaS7POQuGXGdWKrh_UIH1oKHC9U0o0Qw3XUEznXuhlxo5zPaLorrK7lJK5WDSooS_TZxxn0cWtonvRG2QX_28ABuj4v5oFWQJgkFNlWVhmpzosMVxMprRJMq9o44M09NT4myzq5d6MGmnI5Wy_AL2WqZFpZpfArhFVvb_FbdsTtQbeSFQsZ-NIwBVRzhIkj7mZyGQry5QRRVu0QdUWbaQr_tNQxeRE8PCvAA9nSMNbQkwT8m8IdwteWwOimmT6heNYIBCtc_5Er7XxR_6iWhBoOP-sJleMRApIMJpY3jLZgOaI6jfVq1bLXLjGwCkQsa7hZ_XJV6_U509K270LC0b1ViAjaBVDsrdIuglqkUht7fFCKrWbLU_SsjbtNoncrCpBDp79OleTCZQ_1AgOyvIu2I64Er1vJkWC4zaxYrNncaNK1uQSVzqz5K1bKNFNxDzpJgU84KYpT1qQYPJM9GE46MFwIj78TmYGPzkuv460nZvdUnZBXWT4RidnAn1eHpYM8JE4EBFECyuI8_shGUCfGzlELkpdsIqhFCqWZiWTrASg5r0Y00yFq_3ysYxnTUnvJJARk0waTGR6zDpg7ablvRhv6ujew1c4nHTL3mGrDP2AVTnSWTM34knVvMBGawMilfLVCvW50p9rdX3iqcFgiJzBB0L9c0oqhDY84RiUjeFc0fbfiOqLuVx5udnOPOwWpRSN8w3h_uQSGbnb4_wBDEFIEFWwW9jrBlOXvBOJRd3pFXC1fqav48sEc2w9SUCjDk1XzApt7j5BcWF8NBfTl-X6juTfeGrMaLHgtNSSoP3xe8G23ZDhbV7iFgK6qYVJk_iEafmsaKPQxDLhbDH3V5jTCf0Xk2yS2lu63Rj1soT9ld8ucO0wJ0nGDEA3ieGPpuMsESQkTeLWQIKgcc89cZTuLC6BT246tNbZ2ZWHyET1UtTH9JKL2bQcTMuPen_wfp3vJAPWFoGXgNGiJOCmjjiO9blAg1T_zZHUaHSHxwo1luWDsf13iNXpxwPrEMOM5SGAi12WFVWZzX5NOBw16DHoPrmUsDQ7ExuZrFuD_qtODXXR8maNfchCqxIRDk90Dz0BCOGx3xpo_1JEgXcjJ2D-DnArdSHAgo1ZHqRd9SacrsVORAijTQHPhdBsjfX3IHFxGG5Xlvu9pYUdUsd5JOHw3fkAThlFpNgAQ5rK6fCYRXbeteEJY9vTevlUkcZGhTM0rPN6DBvdB_-U2hOnpf2Cwh2SzFECNOrTar1Ss4ltmBKov24K-Dv0bRy3xT8PpgnKqVwsxtXifU5ZXMCwVw6goivju3OJVcX6USe16JlRYe2iLNgg0GuEknumdGgho8yCDytjBJ-NF-pv2sT8pXsPoj_d9Ze2gbLbGd_7pvfHOeM-M--WaA7Ln1rMY66jf_PdFrv29FzseU0-bRvAvbJxb_Do0SjriZpD_oTy5UIxpyUs3su0kFyexG2sUpkH54EV8C6pP3oTJZjZXdk0LP1cW8rz4a_aQr3ua9uXvfFVf-yT1zN6ViOXamwO3JdJW5Wvq9uo3swgcOESxvfp5lAW90fzfg1PjcF3TWniSWNpk0B5lwa3dbAyOPbfJJbO_UUBATM7K75dPEthEbvkpq8l5MXeYYcCDIotTECYmL1KDOgFTF09SKdSNTALS28beygEDZH27K8ZfFpgZxHiHxcJ1fSxyiE70LJQv6FkrrGRpFeiC3dOpZT5MMsBSLaU9vy3_8L2ZLD1LaNr9Nu0Yo0cswFL1UvRr8hH3UuAYDXaZ-zKMsD_W0aW5jPq-queiItdJgbdUvRgfdPnd0VuddUjsPL4suuoBL-ZTYeliQ7p8_tIvBQUAMglL-zdQmwkoLyzoUWVTN4PwibRtzCVYnQzWdB_ZgEtrgCPxDZJzj8AdjE7Z7uJwWZZPkhrnMgft2CMvAYKZ3VNPpKBvcXtfLys5GDAIAomCwLbvlImNSsvoKbb_tgNr5tq20KGdX9EVk6ISp5bEK-ysi-uc0p6tRKOBxPXwCjdl53aT5OCgcbaBv-4_humhN0Ol0iGznfPvt2IsSh5amBokXTxIEGjNBeTlCoxgUStruzBcy7X1Rb933Riev2crrGOTkyqzdE8i0UhkCYRoI30TmFZcSDc_bHrNgSphVsqfpCGt5np66_hrbv_Fntutus5x_zG3rQb0aVnnqvfheJvHgrv713Bl3p4QnBi1M93wGwMF7EX46cCeQVjpU92ct6In5_lP5UPNDZHfYx48lNYFyDCa8sy47Jv_fLiNvG9XgqNoK2e4YE2Xj4hexAkJkPVW4UagIbc7aQcC4i6CkbIUj8RMRh-tiu56NO7PUx6bqnsU4esBuMQYUsWitj6WrhqPF6GJpnVR68JJvx9mPpovXIboQKkwbNgC71yJMC7YT6Aw6C2HT-nze__CGJu40XX1ERQQvqtb1SS6egkd21qvJkYUr3uzbAXJHJjTw6gg3FhnXDU6M4gfXAXgQEKiGxaDf-nch01QehGQEo9JIe7CzHK5R-t781X7ZHphVR-iADJqV818EWq5p-uyBlp4TYvCRFN5Jqq4GyK-1QQzxNTCBOMHSetgd_vo21zLF_fw7aKJiqxwcKgHBOXrnlYLSqMrKvX4fA1Rdf0BkWnVEGoPD2Kz2N5wHphGsC-xasStWkQ7NMtWSHX0gmDcxia0H0bQUON0rq-JOwYQZ-BxwbkL-ISv3QSL39ErOyxxByn_cpIOL43Q86X4KbtA81MBFnoPnXrbXCs85he66pTqFKGtqQ1Jo81A4FlBndkdBfaIzGRvBhqscextGOYkgd5tHFIXoMs2aVMGnSyc5f-b4KbD6eapyQw6n5iwtEHwokL6ooIywGGaIJ72zIKx67Y5ic7bZ4ybkr3yVVKMXglLmQUMbgxIGwEBB3kPrawORNDGUJZTDMFY-bk2dEXyCIByX8vo4BbE_L6H9uD4ROTKGTWTvokoUxazISsSfFOIvbbkPVEoIr49cSuanrtd4uR6fDvxqysAg-txul4jyIOeWVvq-6bL4cIlWi2xO0vu3PBOhZK29SWvBDJk50mSiq5AwrhOvmrizCf0XLRknfJLWSmOPoLABsIn4xXLIEN8L8_e8-f_yIss2HQJwbMgJVwhxXf_lDA1ljzujdSorVl4Oe0KJaa4g3qIk4K1CHuOQburpAN5RxvtUbUPiqDGoXaJrj-2d25f-agSXI6Ef26hZeFNpkJxZQc0dA&cid=CAASEuRoz-EHRx54kXSeUgQ70GpkWw&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjsuXTSvl77hwMqs7pdyBd2zJGFh1Vf6Ayo6uQUfUmtHUo70jAVx1Z7_sMCAWs84QfkyaMv-34Ca9UydJtKN569BJn3UZ_DlQnnWeLmV8APOkZdwAcLkhBb5clD5mK2BPJUkBnySA_dT0DD7cPAEleazjNCQfnT4uN6levb86gPbOAbhbiUVdoinvtHFeDC2JXzNklaPNoAOOT2iY7vXGhztx-gz22nIyB39pCok4JLg3ox5-rJ3pW99E82-1H2R2jdSuu44sCu_syTmjOHJj9JD1SjZjADT2O2XGAWrje01NmMyNkMuQrEkprNyeMnyDg_D_jASgK1rWVrYGpjo%26sig%3DCg0ArKJSzG9pBD8_yXHBEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

842a744745a2dbf574be528ddf41025c034e11e4226fa0738bfd9110acf64204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24990
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4665 42 B
63 B 53ms
51ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D1W6gf0yAXGCo4L9q2dVnUmA4H8ChOvYpbZ5DWOtpapOih7QS7_vOJI6aMK0eRxZCcNj7QPpYG381m7pxx3IXDidy5YTPvAqpJQ7V4iMNXXELo7bs

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 4665 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4665 122 KB
37 KB 61ms
17ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 4665 13 KB
6 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:20 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D842 640 B
316 B 45ms
43ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNVU1IAEN_cTCzg3zu864BAVsP-F1ihDqcKpuoPsNzQm8V24ADhCUtIQn9qDyzJ2pJAvB9f5A0pCSxkNDwbex7igDD2kkTjXbIC41kDxNuun_togX0SFnc41w0_QAwT3ZTvT3Vj8568tg199m7_3DhTETSH3ivWvUXi28sRAN7X_CzmJXT4

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNVU1IAEN_cTCzg3zu864BAVsP-F1ihDqcKpuoPsNzQm8V24ADhCUtIQn9qDyzJ2pJAvB9f5A0pCSxkNDwbex7igDD2kkTjXbIC41kDxNuun_togX0SFnc41w0_QAwT3ZTvT3Vj8568tg199m7_3DhTETSH3ivWvUXi28sRAN7X_CzmJXT4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmDyB5mnLxUGuOFtHYHZpmMzhEKJo_vZ4lAVLDu-eF-VHVRxl3WvZ_hXEa8Jh0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Jun 2021 11:18:58 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B999 61 KB
25 KB 47ms
45ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHGig_1cl-qs24uHU_llc6cgKEWVnnFUn2HrU9E35q5FHMU8KSSNGcXeyy0LkAVPMVMuG_ioXt2M0SNHWMcfgiLz1PKneA9qhaFn4L98gZxmxHn5ge-tHs4Cr0tJ1wK75-v8ACT0mVvkbzfXImrXWoCnxFlw&dbm_d=AKAmf-C7umcfaHVAfJOMPtQ8gPjYlQ88a5iP_W5in48BM461JrOEq8MalWMskWBe8ZUAT6XxZ3C3TkGbPPpRqyXrBQ2B7TYWfkgQsOwexAotWYQYXTIgRAQLvg8BKElyeLnpirVyrL0H811guxeLs-pIbUbT9tOW8k1-KjFgUWsPpCPwdpDZRcL_chWL8T32J85B0vQBj_0RQdiu5qKTCoYa4B6sC92xsTUTrjtVkcATjwiEYNFNJ2ZRiJlSuLP2WUll9HVFrPjp6RQcL3KMDq4r9uPKByKB7lR5TjYgfOgeavccNfxioUDofsC0gOPu1VGOoNCIRBuzGKLHdLAxy43dGvSG1F6InrcsR1m_r-nAwDir6tVTx_Slm43YIC0VQHxwvgfyM1-Xm4-zbH8frVz2BOMkYwtfks0qm5xG-4_fKLN4cc_HqdIm7xAfVP-yrO-EgFXf4cFsLljoT8-gpL0swFW44Y9jQZELAf16fksI89O5qYonLQYQdo_yxoYvWQCgGQTIXQQXYiX075DdvxSzEMcMR_3JjYLm_QXPehc7ph0Nq1C66Cw3tPsEu85usUptHFhGn3DZQFaE9pZaBCLJx52-d2HCR1P29uHM6OqcPjy_2Q0s-taCEkKwj8hJbYF2OM9957BmBIlvep6LbhulISQInAs0WJNEOWoUqREy-jQaqTz-tFe8RnpupUBzj0fSS0WBAYQoEi8-6Hs6GqzvQ_c1B4E0FK9Uty3mThXFTqoYc09Bg71L1jxQl2rLY_8q3_RyHpc8I2XkZPrhU8baRc6YgZ3I3nMMsqyznra4XAwc2eID1bEyLg-vAf44zJL8zVQrDMZMShqTZ6ONVgVF-C-PD9wdbxm8TB5yD7fs_dJZQDDJUfCeiW6zk90ROh93T-XWhwlsqz46rcbUBAVVZ-tsycWa0FIRSSHVmfIF6DexhRINTVe0o3VUbpCYpoQlK7afmkQyN85aQMYxmewe7XmHNPimieFdN8-iJMc-R6umYa-z4uazsB5MaUbn-fZZSO0B4a6qotdhnXRP9W8h_d-YOna2MhUP0O72gtuHHyM4FPccwjdicfv5nrultKLyvsEHNpuZKpEGG2lFK3cy2pqS3UxOPXLwJ-2FE8NAXLTZHESZWNEPL7oAYM8b2VwW7_aVTkWdZ3FXC6garBC_ZxfA_mHWVwLQl7uE8Xy2Cem82eAUXShSQZDOBmg-alAnuy58qBNHsc9swv6KokP10Ee5MBh5HnVhWvi3X-8xyF2NCIhNYQEWZS_aEiqllO1ATS7XlrzSKZhJcrc-kpXy_cQsoO528y9Vk0C4gj-C6QlqNmXL2wCUXFyCnxxRty1r2jyDir35EGhN3-I6oJPes2nDLsPhDvn0u4d_s1E4LKKYGdXqzjWkGSxXVGFu77Sblveg7CLoPhzC3G6AGr930fvmr5bfpwVxLECuS5LOQiiX8Qj9iVl3dIt-hkjD2bvnb35cBPGBUbWMMT8D2lTpWjTBZVquzprLpQTq_y8fcWxLuEat0PyjVuhsxhBCA_6yhcmDySWDYUuFdkLt-mskCdYbSSp5rz_cecuNabjQxp7weLtMaAxv3wXhvbsov4tXiArDcJCbe8Z95ktUX2AwIYauqF56xsxmAR3Wq7kw1o_K0BPr0LYb9ItN8h2LWLLu-7MInNk4bDStNWTQxjLbsAzHMWYtBaSU7rwBOaYunj0cqG8g2fJ3lAmxi4PMmoGKvA33KnmhgXOMdXX0r-xjFoPrmihams3-H3zkh9qEpkT457Ca9B2GxjAY4BPZm3KJorbWPh7Hafnv5nFmlr53XBetDZ5EiA9XNsLQUWxpocNBEJ4me0BjvqnC3ousxUjQ-aZbgoGCyD0iR37sHUTR1MNnktAS4KsiIfiErktJHLrKTVs4zz-AsfT8rh0YwshcRAp3PjcJdJZxHWOUpPUurSW59Ub4mAZHKQhK6_EBSojoBtPcloEF2cNjnRt2wrjC1WWLrcEfkVaBcSaDYosn6RScf6xMzpprZfN_PraOjGOJnUnOpc2c7hP67bF_tvswwzQh3NlOSsb1DExsvK9VwE5FDqqfthEKy6erjgIzCiEYQ79h-S3PQgJnx6_KEf7HnMtnSXdovGclhx0LwBRkRx_LUgz0GpcLOWu_FtiAMXaos3bKECCJkepQLqBpISBPfVpW9Unb_cDFCv0GbIUIUovcOLb8dRn-nuc2rcNcaIVW-DafvFTNfhgY036vONW0NFgBeWsuZgybb_surYANV9oxWTRA9-HjE6OplIBKvCgaIWWHjRqMUU3MtPByHNCIUg3QHIiTLLHW8a2aQlV5n5Tsmwg33MVM-b47pNcSSRjQ8co9xgmIV3cTglETy13wOaCOTBFfOcnrJJIZm0O6k__LI17HaQbtl2e5l1aMHbOC-o6iYWyQY2heur4QBTFWHCiH5WJ9iQe9BvNQ6CDHPMFc6A715UK3ag_jO9vsnaIwFDf4VEbt4RZXr5Q-pJlbsQnLhzQWri8UcSM27goeTO7SOMWdYj_5n5srAMPIpLW-c9p9og1rOcgY5SxHPYhoo7EEGf1C2-dpHOHr7ELRjy9yENhOfA0pbIhwslc077CwYsn86-XYL8aW4SbHYSLL_0xp3S2_m3YNf9f4En1NdvuNlBs9-fl3jUztvnDk7WUKO5JFDLquss2-burRxpsfjQb9PR1u5gqW3aTODP41grWjEYMT3Sl2XMkEaewkamD2q0ijvVuUn56yJaT3WwEFyWHx2nkfCX5DjB8MxGb5aPsxcHRCS7n6xwTc33A_wusnCEGjE6WXzoYWr8Yhp2T7k1Zmry3JK7RQeuVPEZJAEjRdi-FK5dyQuX4TdVb70xNL5cFSCqd5c5ZZqFQV7SZkzPq4LQfT7dFdzQMYRqfZtR0El_W6jdNIjCQvaHDcHgA9OYtxlB_2qf-NZ-jU5-DJclCIDxge_7iXYfzLmrQDb9GYppTkou5UStxRRPhlnsa4vLSfa4wN0SeBKSb_3wMGPUZAUSe_D4YOmBZTvXnEN5N_RjiTmorRSM8Imj5kR4LeYDPy6vnHAqe6BT2KmKKEvlYHluIQ53KX3iQdryNzLfx17wsfszQJvcO_vjzIHkGZcEdE49aLxiedMt4vA8MOuiv2u4sihgN0vVVxQK98MoLVoiGPN0MJnOARe5XpjyWkZtNq0qJVRmaz-MHgIXMy0ueFFne32Vk6qD-P4TZBhLpciOI3vNgMwNOrE661SzQNojzK4eN4bqRfo5uD5kL7mZdQuNsIiP3v6plC4LeSE2FxzpWK2lq34EeBsuk8kOlCgYP2MlTK7Vo7CYTTrTHDn0f033v1kTo-NhVtfyVseOwZHa5eEWwSkLpHq0LPzMG_aGd7FY0MLkzblMHLNnSmKxU5Z0oGMhNTs-cs3LnQbvHXUpWjXfmuaVgPubCmQtNb4jHwOOWmNpyoquRQ9M_6zVCGgiKwqhXfQCIwEsGvIdAhnWPhOvPiFbF1wMlO9tN2mu4JhHOEjvYKTIcj8WaXZld5ySEF0RQAwAgsFlvFdlWwXmnO1oOE_Yf_oCFt5bmx3d5DZQdHQIHkg91fyXSxQE31HdnQxyLf77Fvc_vJ9DZ18E_s_weLEhBpcsdUdh5IzJto3wGYK1ksBfoe9NbVYJitNLxmSwKGTPrpcCQCHvUctMk8H9So9a5sa6J-bqK9QC03OQbhhDTRAEbWSUj4CVT3xcnLR0utm1MnwbHZD04Znz8OkmADEDYjtCdT1BFsdw0O73gOs8zz9VhavMpyXL0lpA4oWxZxTNvUnXCCVdy-J9F11YMPKZ131pvAtEj7esSJL3lK2My8iXurP9FKzMUfAR3ntus7zgIYXNKnMScmg8mQBYmR_c-KFCX0Up2KIGtYbs9ziXy1O9ldTiJHXYsM3RTBsgO4ecCcrkbvraDLvlwMB8kASz4doll9CoaplXyeBtY_ok9WEb6qH3_XpB2WG0xNKRgbYp4QYjAhewNkmh2LsnyYo5HhcXMR2KNh0KHdB3xKJ4UVRandkYRbd1SGjBmifhs-MxxZikf6H_wVcQI3wuY8A-173mYn3yIZ_x-wSuONGhQJHQutAFtKkOXMjPGTmnnBN_L4_5TjQwKicvwmZuXLfJTTVQd1amdk6WuyvQG9H4BKwgQ_omdAKElNm2zFRN-Km-Dmoupu0W9BGa_NCvXX10cO7yVvbAG23WAwmbxLuAPEje7sJpmwV55W7cJWGJhnAFRT8xUr9pfAar5FQY12C4VSzEcbDL-jGOALAsH0EUCpjXZw7Iqzt3UyH5Sy17ZKaFLAhl1dXtr8lMtfT8zwXc9br5267ecGjK0W7OtJhIKuMMErMLnHshnoLGVcydvM4XckpR_P6JsXEfuYAk_ZPzTA1bja--j771B3jI4&cid=CAASEuRoqLboDHRMlMoc1C2_P_2yAw&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjstXBl6YbzrK0dPyWCXtE-7yAv8lcA1_7RvCCY4IewhJ3W5NuFloZNrnKIYgYhz3Z9D4_o2pZffmpcFshLc6lpTgPQJCyOUHw-g-zKgVz4suZRUkVhjdWe722LOe7YRuJU23Bvjb3HI0UQjQtZ4EPN0al1VHN0-YwUTixCbj5PhXUQNmvj9am9MOX263uKur-7Ap-vK9RfcYpHbLmMV20K6iiRSypF0N18OP1GnZp2Z4lSBlYKEivfTa76gYNIcpTOo80xDoI8xe8xM1Y1QCsQbexHEfn6gEIDo8XHx2vR0ZMhXdLcQW-GvSDk_ZuYYxDZ7e2aB1STvv-dhkAbE%26sig%3DCg0ArKJSzGfCE-_kXZv_EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

bef7e561e79fa98d7f1cf8d3e1fdb781e51c88aa1a9a0533731d58912bced150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25375
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B999 42 B
63 B 52ms
50ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DN5j-r8TIE1lqvGRlw3KsHewxygE8AfqR1PHpnqk-PqGAJGWgIcsX82LobMNaXNhHkfkLgj8UXd_hv4Di_or61fj1CsLsL6Ia5SgjGq--R5syKpSc

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame B999 3 KB
1 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B999 122 KB
37 KB 60ms
19ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame B999 13 KB
6 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:20 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E1F9 640 B
316 B 41ms
40ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNX_5q8sfDy7uhxyjdmKxmvwFms1WjedXeYPbekouhu2-eXFIFAnleBL6Ngun7pOkz1qZ8lGZJBBBpxfEKCDBQ3oUPZIFDe801l9kuDTVqWkh7uF4nfb8eCE0UyS3bu8d8k1C499H8VaeLn8Q0tw7ZoO5ZQEQA4_vMNAUR333JXrQpPcoYM

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNX_5q8sfDy7uhxyjdmKxmvwFms1WjedXeYPbekouhu2-eXFIFAnleBL6Ngun7pOkz1qZ8lGZJBBBpxfEKCDBQ3oUPZIFDe801l9kuDTVqWkh7uF4nfb8eCE0UyS3bu8d8k1C499H8VaeLn8Q0tw7ZoO5ZQEQA4_vMNAUR333JXrQpPcoYM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmDyB5mnLxUGuOFtHYHZpmMzhEKJo_vZ4lAVLDu-eF-VHVRxl3WvZ_hXEa8Jh0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Jun 2021 11:18:58 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1CD5 61 KB
25 KB 48ms
48ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCWzzomN6R0sq7GC-qL82RzTE7BZH9Ekkz53AGnUjCbt9sO2GG9B9yhMGiMuS-lV-WtQjpHN2dqnnjLaPcyGnRil78lHmL2B5U1dvSJVb6F_QhN9_53G15pCTDfkwBnliYqJYnTHxvyUHjttzPy43dJDWesA&dbm_d=AKAmf-DFpVdlSWB65736kKMho9ZUzF_Wy-vVHvBat8RE106UT4GLZGRd61Po7tpubNgWd41F3rU7TnCdpp9Op7-c0OTEInNMIN0LIQC06YkGiVXqE_50DGBQb0njGktbJvW_Ba2_gtdTi_q2UaTrDJsazIZXh7MCF-HbyfGiLI7PPwP48RBqac8HEgQ2jrrM7BFry-1Tn6uWJxUycTyq1InDOzHWwjuCtCV7wrQ8G3GsvETO8v-sN1Nb6cEzGPdDqVu4s4gDQqqTrmwo8WLrZHuFqxBhzeQvhlrRSB5MLitapMl3TIQJnJC-ZNutSdvR_I-PXWXKw_x-8d7b6lFoyjbbNBao0QmtvvptQ9rID9a5Hsgd_9UrQoHmCh5Bi1vTJWVAA4Ocr1DGWnYMZBqVs2MnYGLy7L3P4HFa050CZTewnCO_6iMssAjz-edQaPxYlQVu0Las330HQADey1OY1TjUtqxdn0pfX3ofb0Hl8J9ZYcYCWqNMjMh98IWaRA5As7DPnpe0nOPpy6ufkkSyuZNdSrvuA-G_Gn4Ap53tM411DDHYWWwm4wfRKgBUxvp5Jhs4PRt1LCYunIBhVFnCy4mguTO2LSW9mHj0LgaYmde5m0fiLmrMMUYQgTeqadOHORO-GpUs7XoMp-Q6QKm1mryRvbB-nZDjl6Eqhb7dJ0A-58Pxpe7I1oDvx1EGzLc-E32n2oWej-G8I_L1fbYdV0BJyd3O-SOJjYISdVaoq17O3hWxwljlK1NyBCfS-FZj9GTvC23qyTx_m8MU99hG3zEZDUsmAfVbl1FvJuobsk1HHLcXIGzmQPl0ZEHa8MZPZvJ-ZNGIDYTmFHlnqNBLyvUSVlrx4Vxp2WBak2ugoaISNi5wUl7ILlHvRrZR2KBzg-jKp8DpJEZ9tAb9OXhjNYx84sF4bZUAZxM-11k0l-OZvoBTxROXPcIOzOCyri0-jFy6iZsZN8GfQaGGO5h5UC1pxqRYgyh9vsPkwYVEr-ucbXWFy_0yH21vZquGHWiJ3IRcPC_rER1UslIDkeNarkQF_cO6WNYcv9O89vX4u6XjnRc80Ejxh5xSUs6Ybwie2iEe5k4DvJUxqu4UhjJdCFLHta30OF5C56nwHT8kvkbiRT3SLGrVhbqacxP6-NixEnEZwVmZIAnUt0bRpavtqXaoO-ypQkk5-8yDxYy4JtGU7TOer0j9iUAKnBlm-ncIATCem7yDv-0ARPjUEZU0D9jMgnxYqTpZaM9eGgFTvG1GocOj0wOfXHUSOBtLatjwl1G5C9zF3AwPrMTcHou3kIqH_oLFrelTWQnibxc7Ra5jnvOYkf2ppHXx_wdY4p_qI6ELwlxP5eV4dEsxb3g7RAq9wHuXCUcBj4JFpLNzEh1fXcAWfidXKVkDaM-U-CU2sQ8JFMF_S32QXbP0YOdwaBYItq-DvH1NWgJQ5DFZbDi9i-CVlytgO3dCA6ahkl6IyN33lLpnfAMkSDbRMfVooqZVLQDGIXMpp8itBAt6j_PB5GrqA0zinrMndnkeL-eko7JooAxWaVkZ0shO7PTW0ZlUxG-RSxgnNbfRk3sa87gy_Fln10LAaZYp5zBHqfksJymNkNzkNlQ9amXyqDneqiXMuy3zBTymuIaZZs69o4ONahaqIlt6i7xpSRI-eUPxIl74YidcPO-4ZhWIGi2gPUFCxl_IcndaFm-hX8V4Qg-a8P1jpC-yptO9m_7mceoIY2XEgj8Ez7NXZs_aTbjvZpS4J219KFmWKKlKa_9fwYhRu4uIvHypgNb9eQHtI8BWL9vhgxuEdC-WENSSM9y9qN2GPPAvPHg9-flQZOlhfF_TCEoN8r1gnH3Pmeq1gcNOaid7mteY-C4Oj4XDsRmAxOUH6YZQHuqONG6urgLstJA-Jm3AVRePMVpTBlFQyb8HuvGfyR-ODnxEdaob4fTrLzb4pUEDu75zHfont7Hcx3jPhYIP7XF_t_oo4Winwjws_WAmeAHT1X3AOJo9k3kt_n6vfrZapcSrdA7OdBQrVufQu3szbJaX6LQcaYF7T2havYPiVzPwIiJF4nwArzChfn17IoQm2_nSwTReWpu8JoIT8gAh7x3Ka18XAo5X0drn5YxWYK5OBeNOXkstPQ8cGAQ1EpHfnAVvoEpzQgGK53qJdC7btFDImOmJhDfHjYsJhyiGoy97z5NU-V5wASM2_9_eZD4ZMRWNll30wFYzzS7oYWhy-rbLUsmLCZBpRjTf0Mj7koVp--e1bgu5gUwMdYNt_20Ne040iDr7vT8YjyeduTj7rz4N0aFkRbXXtJXhnAOTh09rZAXkuCr80Luy4RlQsTw5pRcph7aaQr7Ct5AuNaQknEVyimzYOmsyFlBIRFJDoEcF8J-JA28xornVTBaSVEAo4MQeH8cCZpcjKPvL2aqZW2LG_X-t6_xUOIPrBBxyHOc8bjNfnx5M08ZSQhK3iSU2bNaWCWrkYEQChMwWpsw6_hj840na7Z1_Lu2Zq2MtfSEd0LO4b0sESzDX_bei5jJpFeenvzKskFhUtYEF8ztPNWmiSDyfr3PCCyc94QUK1KtoHuFGiWXCQ6DGQJNkfSdDe4SMh1kExjGYps-ywQOS3lHaCe7TlT6Nw8DFL0qdsd3t8IDJUHt2e5QzRw9vNPljjxkUCr4TnsyWEwKBjGHGfdS4xgsRwvZIdWacOXnCBtI9od57WBWckR2hcw_MqiIk-LylaxnB_VaP4_FW0TW2MBpFNhCcrqSFtyT1G4w--g6TuHMsOOZLCRmKWGwFAM7B8qibYpaFaSzPTk_-rtsb7wTYv6QaMrOZqdmDzbNYsOjf07VfWIOTg5ACcHx0mYPoy2ltnbk0AZNFUc7aOOKwMVDCcLeOCQFinUhwpPzzQxOpYF7YpvEnQgaD_EwBQUC08VA4gYXhs3r9uCPDXkJclWZdQS7V9g1J29gQuScgjTAKElCPA18aJXe_56eKRjRHEcjtBvqsM1d19qK-yoo4oWu9yrf5sTtOou-heT726KRxS-cNmRTu9LoVI6RWPEAxXXHEVL2qdA7mvdMdVHBJXsiNzZhFJWZ8M2xTVlJpNiJhDDq7KmTaWZJTqECLOLiIFL79sIgqznESORxWVgTEcuVA2OkroiBoQAPqJM465zfGwjdbty-Hvm-Pfjahr9vVCRNnHvSLVQRgmWE7RM-IxaHCelaFjUmy0cIubgg2kaqSwda52NtuoB9CkHdLMccfEmKP-VEDumbVi1CtShr-Rljrl2CvHy-sYzGz17ksU7aUtY6iC-TToOemKw_sbr0eww4gLRSoWe4gDm4G8eaZC3XTDsmPbPudHnKx69h6Jlat6adzs4X8VHsymu5NSGlB53AU3jFBAF1JeCInogC0ppiTKVD4zrCyWUPHGEOcjwWywMdao5uD75Ojmid1ItBW6V24djn9k1-EyXjVWH_PWNoVCBvVIh9Uk9jXGmPZH6HkN69FSY5xv7rKOLndnQVAekS0yJClGbMx714J1XkFNmRNBW_UrtJK8Xj8CMxTGuUXTD34stAMiwdyI7ejbhJWfPOhcdC7GbeVPY8AlEDvigfeL7M-gF3zD-_Y-LJAPNi52SMurgE1sLzYYg9A6VDfYe3IdVxqRt6-RuvDpEK-uYl-XAPxV0SOBB-_801w1n92jLMqb2K8XZQ_7XC0A74X-IPP4gOkTKNS_J2NXj3z_h0mYfEvlWQCo2d5nA_9XEvC4BFK2aJ7wh8fleJWSM7RmuY_agn_F7AKkcteJBcipb_FpVOAX5USsjIA021G8axi95wP490IWbfjwXcyOdZZmnd7xSZAmPb1cPat4JcURWPAjdZlb8B57L-4UZPhZnoQJV08wLWEcK_RwX4jBar4j9h0z283JuWCP7mLCFt0lLnTOppWxEWUaiEOTgtGPCsonTERukor8JlD4Rl_3IvYWeXvhsd9jZUX2l6l-zPDua2IgVx137_FvE4BNRx_WFP04nS7nlSqyltfubHua-qSV-7hTlGKVFi9Jck0opo3X3r-x4LIAyg3NHUenuwcOJkgS7U6Hq2bCns3HsvjjhITm4vXhtUw6LPtcsygZHlMpYwB6nU7mSTAZoa0rCSadbv36joskSnpY2tRoz-_Mk3QjF469Pxu1-1KBpmoSGL0MMwezr_EKGKooICp8d-8LTH4zthyzEJNbQGmdFpfSxff67bwqZ8PIXZ3AG0nRjnDJMiOSoc5gND4LIUZ481RZm7VHr_7eH5pPJvCMkPwD2yTA9gRvCslMnYu3yJAt4pClb487WpbEVFYB3hIz84jCNffhABQioGpuNk_LF1zJLyzCpnb_0RtdU6PGKXxlQhaEqe2uruz2mIVynC3xr1fLEK5ne5FH_rlGz4GKQrxR1Lx1UqI1wRKfyjYHxZeN5TJt884HAs&cid=CAASEuRoBSRNuobT8aZYPZJF0dDSOw&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjssjsmOvxlH1snwwWahYv8rNqduiTMw9wNZkv3_yHFAnBmxSrmluS1QKbIw0-osY7u0Dvm3LHyZWAGj97Hn4J8nxQDIF2vGSEjvfSskZZBf83HHQ5q7Jcjfy6dWzlOlyoad5Hn62wlDYcVKQfxT-dCxsyFFMmoJD6DvKzTCI7PA1eyX3oysVMCKCtquQZX3ixPmhIoGpg2E-eq0vtDyJt74EBLZtbn1xPlbddtu9ynq12oWEgKYndXL5hxR-8hGONHYqOGqVWQo4tA0PB9TnhDLxhT681RJc0ZFz1F8t2kpgS2-u93L_oICRlnE2nlcsWJ0E7dcixllwgnjIrtE%26sig%3DCg0ArKJSzCRPj6OFlVA6EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

fd6532c4263ed3258c1e1bf414a579efa07fbd236533aaf7700e51b35d0a39c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1CD5 42 B
63 B 51ms
50ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDIFqFNp63FN9F632hFAyZbigjLosleSJbmanPgb2OPUoOYl7ZBQ7eFkSC_vGoZTSRKz-WVE1wPGou6I6IAwDVb9SpF-NlZBntSPmY-neG6a5QyrM

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 1CD5 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1CD5 122 KB
37 KB 62ms
24ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 1CD5 13 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:20 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1CD5 0
0 42ms
41ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQeNfKV5UAyMPYkBnip8Elm6SZx2u2g_nE71GYx0laJRSHOJ5b7AMrPn0b1B4Tj_YXlo7iBjaNDkICTVEX0c1rThZ_BA
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 75A7 499 B
334 B 32ms
19ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNWbr52GxX59ZfolpNn7qDqjTjb7ECCVFVHBmmSm4MDyif3rXH3IspXvtCUp47Fa8-hvK78g0o-AUaOecjc9UvXziE-rMVo6sifMINOLFk_l9jiNpaSXcxjigHTbyst2bb49UfgkZzy2f5iXwnZNsI066er758x_5otgShjs1GE2Asm36lM

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNWbr52GxX59ZfolpNn7qDqjTjb7ECCVFVHBmmSm4MDyif3rXH3IspXvtCUp47Fa8-hvK78g0o-AUaOecjc9UvXziE-rMVo6sifMINOLFk_l9jiNpaSXcxjigHTbyst2bb49UfgkZzy2f5iXwnZNsI066er758x_5otgShjs1GE2Asm36lM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmDyB5mnLxUGuOFtHYHZpmMzhEKJo_vZ4lAVLDu-eF-VHVRxl3WvZ_hXEa8Jh0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Jun 2021 11:18:58 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0263 61 KB
24 KB 66ms
48ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNYaxd2iqMTo0iwHL3WAQXaotLT1NBJMUdErotRuHHQRcBvgPzF_n2VrHYOQ6owgJWnmYz9Y8BKSE3WH9vWzUkWImSxOCDjxuxx8PNYMVpXRc-LMpZDh8vRD96izxsSSursYJel5ikc4lKvLjB9uMA0lISVw&dbm_d=AKAmf-CDgldu91C5fC_75uy4EPZdCXnzBUeGOAYSldES7ZpX_u_oabihoK_nfTumMjHHW8T8QXfk9RZbBBp1ZiHFnDQFKFBTukBO4qHkZf0WFtKvAxtPorQ626YsbJCFiiYj3JMq2ap2tAPEgRXlpSsAA4TUUUk4scPBY57jBSmpz43B0_k6e-ILOYDYxPDOSpXn9tocg96sVGvCn3cUQTSFH2VNJJt31xMaUl_93hcL7qQm2lxx0JCDZpDIyEmg0qPZhAT4lSMkgcAjstdpycWlMMK2v58II0FTqjGYjRE_uOaN2ZYwgZlpdpIolueOjZsBAChKy1epScvcI3tRgOR5TtWU5-I1PRrwDD2DoQTrAAfCuz4Fo37hkjFZWaRzvBcJU-BNjCvBABeYQ03WlL289zR_ve0qk3tPu9gl48UO25jnZtgKHNe1rnMh6rJaOs26h1Zn4enl9zmcfQAsfoInBPeZrHLH0kXWtc__umQ_OTL1WnSAWyuZ4EtseqGr9Y9fP8kdp2rhOz7bMOeixJiSni-89Fy7Th8rnsZ5HTkzQLeYsh3PAaWEfdgk1WXFNTGSp3QRlEchEbZQnaKsUUqYnjl2uCuYNHw9qJlTMvkMt_7XrYSemVJy4Xvrn9xcoFJkIunseYM54q0EUFosouiomRDN8db92OvXaEki3YRt3ohbmCjBpSD5Q28IymrQYgyxFhfiLupGa4cCbnWo7kEx-CipOyWZng4iPyCNVZ7D6yGmYXL5_tz7Y6TdGrU5V15B3InsymdfzxtduZx6HqT5qnBW4p0ggFy3hdz9A3VzgQq0xbIdNJt3K2b26S7YMz2O140U9KANSyx_fkoXRa0f7BAcnOuHKnP-04H0cqGUIivDsZOwwXFrSY1kn8Lf3z3gF6n6qjoF_3eTbmdi0uFcQ296BMgVvimL2krCxElszlKjWDACjkBV5Czk5J0-oGFH_j8XB-G_gxii-lnr1R1zWsGnNME3OytngeLbvv7Geltrq6iy7QxfEgjDmDlmhYKuDQo1_6OXSPP6k4lvMm0DORd7G-uf9vvKzc_RxmAEg416tIPXtGyvvzFLhbDc_MT5UsOM6Sec_qiqFcgJ1Vh6uJ9LQbQYiiyO1wxix3dppp0qf9YYSXNpX8iE_Q9bTCmlcmwqqNUzcPUV-uSbQJt8hXMWWPx4Js3tlJlPRShpaiWXXdkWyzNwzpLiRyXKo4w_GF5VFmrbE-a9te4TyYezxm47TsCX04rJn0hUH4cO-exz6H2fEPx4NfePBXNaTGfU45Glr8xCfcmfMok4OvnRLERVOLMtmmaNc9yPauepC7ra2hCOWFQIp4ae-gJGeifTb3JoKFhIDCrxV7DW56mvScWPnMSEnOvxKrud8NOClbQZt8NAfCmH2WMANS596r7ieRO3YR-v1sbrBE1uFY07OtBW9yqvvhIKr6pQJBpXuF9oCSlm3Z1CkfnSgRyiaPs69-sdIm_ufKZ7gBeuNU2imeynixFVZpCqsVclUn9bgkyFa6sSoalOtzHV5WjkcgX6i0k24dYCkoHzv5pvv64E4OfHffCZV3zdJix4PThLwlwxsdoh-9uQwIkAtGHurBqJB0W5vc9ciF9wd8SVo02KEC0mfO0nQvpqBLB5qUP1F6b-rXEvcQqZUZ-EG-A4kOHdAR1cTZP5XQT97xRG5F05n7i3pDCe64MRXYyUvvb8OwBl3_6aCd6d2jp5uNr8oyPQgww0Ul0nLtcH5S-n06RpWrr6lSFqxN8zjOPtT0e-IBMRQ5Hc0rmqfTZDkqeER2M90URHBopTAV5y6y3ramAwuqC27sDoPjeNILVWYwPhPvW-g5AeB9YdKOlRTMi1z_SShXaKwwlt7-CsyAuSbn8uh1z64wPlFR1nLNbpq-KALIrkprVUDMVsIjkxDp1sldmrf58qtfX-lFyJnemE3vVIfSt6jGUPzlP7JweJA0NTujJWEc0sURq7jqWHkRWH5VlHKNzoS2iRMhDEXNrhaNEc0gO8SLfRXgH3Tc6gU5oIpZNmO_pmhGjtidiP2Z5VOR9u1dTf0xnYVwNkIhsd8rh9oDkDk4hPtBwNKkSuJKe0siM5QvL_b6NPR2eoJJziPMgHzuy0eE1AguKuJSsiZBv2YOUV82fDUSLvVcKX-hFM-87Ii1ko3Yf3YaH7afh6S0O8YcWcQuK-ck7H5j23Qu8uMdsYRVkHbzPtiARki8Nfnu0lL-wAkUGZho7ZBq6_-dgzkNMzfv7aWnu7q3IswOWWy6GPqFRL2HDIa5wGWsnx5bRyem4M5sRuIl7NdNferYhjskR3tLFZsJgCfrTZRL46xkF2QYx5PqkUXwZTFt44zWJfNNGP35qX1zmMxnGZCudGuunSd1yP_OaL3pGQ6Qr4jRBkpJSqUKU9hhjtDKUl4wSd5UHl8nGwoXp5JP2Uf3LGkmMOgDl3I1eYPMwF5soNg7626ydahQVYZrrGdUa3fxr32b9YMju5Qqgy8vrIfXW5ATFZUaDShWFYpQWhWhec9O1LaZzPLTVUa_IRzuj5YdWzfIbgwDHEGZvRHBjD3oIRiAL6zA8JtzBBns6JEGkbSfH6kHYLWiFGfHVl9xynnbPsyLSg-CNaAGBDbkx5vBJiXKVweVtk3VNdcOwZL0peQDk55h_Uen4brNsEy7IJ-sC3ThpKYWzCCCQhkbbZYC-8IPuP67T-yv7pldJ3Io9BxAINiOsuYqz4QgbkJpg5u6ShfHGOd4ZIRtVqTGVk8yzy8rNIfLaAHVIO81k9M8SZuBKfunucjkYKatGrmIt7oICbWKYemYiUC8vUWQrJ0aU784O1dxAgtrsh7ChZxQpytJrZqWBmGZ7RQ1PgeXgLVdhf0tTXHSfyf4Usdjya8J4LTiw39-XMXxmSFp12Jnylmp3DCGlLO8onwXC643iRnXY2YJ70OyqFNBm7L8yIhNAKqwgJw9GvfMxckxuQF4LgGZos8CeUv_T1u500cfbJFO0nAsrO7yXoABil2d7QtrYtbVGlrGvr8x35a7uy55er28nZvGORAQ4-t6PbsgevhiBIiQeTZ93rxZNz6xtPGsbXM3hkrD6RIIKW_6nAW1LZe3zm62ms0iAyzFk7eS3gEwhqQJEmBq1eXP45HuLOAvq7qymMabZUpWrH_SztgMIRX5kM1Cj-AHiI-O3ImlJ_MafbTWht6NgyRwRwJSD7sszuqmIy9NNRp6HXSR-ZQnDyxGPOKZfUyqRzRYamDQAg5JEVMstFOr8SOQ3zFutefIKUK6fm1JJQvfgWNPblKN2cMlqQvlxKXYVEc3kmI_15adZMbm-arcmgcaQbOQowm4YHJwo_tr5kLhfrOxkNG-4jfFlfRK4o0hOLbkaptU5I9jiOmCGCuaA14eaytrMx6Ev5B0PgZS2NbECzVfAExFnixOWPNJRF5XlKq29gt0WTq9sMCrDh_akLZ7EvZ25sND4thKBO-OYHxa2CCB6kQzOMm9vKoXZBennF9afmC4Kg4V2XnwM-zxmcZNqqGAYwyq2fi79dymmbLh2A7syzQL_7YiN1yEVbXHx7XSNIH9DHLNKO-PmZkOTcS4WROYvXTg0dX5l2WvHSvqcaRkjU6YJoa889VMTkFXBTjjK9EZio1KVCmlDpYASUO0PE4JjTaA6vS9R5sUwFFiQLhp8tNxteTtUhj4dmIZuWmB10F-l9db3rOWrgI83X9pjgmmwAi_R7OhCObsJdNVMqFVTGqbdwIhFMBpL6fAiR5r3Gn6JDiwHRv-GEFUr2cKAP4MIg9PBSsjBY3CIHx3-PGDWkgfwG8Zkm2aFGT3PqjDcTC4Lh4dL7147NWrNCMfMwSNM8LLE5vzp8nTFXvb5ZMGsW6tIikviN7xsKkrqlUvskU1Frq9dC4EvVMbNs3VQIcMew7G_7UAI4TQx8kU5eYTwdh84pMxyyNJnJpV-SlFSydU_UihF59xkD0fS7QAxoVDPvF3V1BZhXawVr4tET4P3LjeBIlx3hjtAZr4FwqGAFwRejn0YkrZ-limLF7iuYO5OqJ0ip7oQJrOwm1wgxIonRkStNS_OltSfPU9nRdsP-5ipG7vfrINZf8mVd0JKNIbuEQlL3kYD4bBl6FGPH0WOfzZrjRHzT36AXzAJkceM1GqCS3TKsLaOfgZclkhBkg9oUUVtXhg5zjusVqRmn8AocoFDOOBj_awVwwroO-KRJs316V5qhUCBkv61HawF12izRm9XFU0wwda4TqnKoyyvT0T8Y9Xb4fE3QX5aknvB1XpOvjqgwTaoXiEBDRznSZQqDlayg5dqNJ2TIvkq-WcmqegH4A-nmj3nTX9EYS6_RLbWZn5_j3ShS0Al3-QLjZPvfMZ2sgopefu3HOJ-JZ8aXa9msOfk3ObTh1TXqd6xKXPg-T63cxRgCtEs&cid=CAASEuRoL7LaypUra0zYXIEONPqxug&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjsucQ9RC3Z_tumgx7LefPMEuHL5dutjXlTHsPQE6Ln7OjcnDkMqlL6b6nJoYDH5AepM1hZUquFaHnQD2HLUazn2o_v_2rznRS-QfE6sbTAL2nFTd2Xd_Gzpz5zgZNoQKEERxMziE56iZJdUOwrnufRX5wMR0gHjGPJMaUULz_BSq4mMw3emMMg8Zn9_sob7DhRSuEHf3tuvp63Zx2y5X4RIDCKpG4mUA73aap3GNAMO_wkgIXUdsHkI9vZL1UzG80UF9alE__jD0_R_QqesnvTD_DwKptKp8Lg6Rxf4akfiT_EUDvcuzTCOXk3xdf1TUfUf6LXow_0ZBzdRDydc%26sig%3DCg0ArKJSzBrqAbxUHsKbEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

798fd497fbd16c26e7c04c4974205af4bfaa3ddbbbf5d50c08c60c6076a90c8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24956
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0263 42 B
63 B 63ms
47ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CSeojPkDgGd7uXZMF0Lvwn-SVNkXMkI1mXttNY_8F_sByslo6AeD9TqC9OxJzo5-uhQj-qimJl0hTBBWRSdD7pk1ctdJ0wVPDlRQEi20578AS0NTY

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 0263 3 KB
1 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0263 122 KB
37 KB 31ms
23ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 0263 13 KB
6 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:20 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 0263 0
0 29ms
13ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRfFIKtXHwAh5DIAd7UwzBuV28MmzV7pSpc7tXKC3cIkFdEyd8hNgyUzgSFcQERnEu4PQ_dlDErXKILmHwjFr7dRZTISg
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 95CE 499 B
334 B 31ms
22ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNUZ1Gu4NNV8dv4UcDbXYJhd8ZL9G9D8jgg5yaiSeot0FFUOF-3Py93Yy-R9npub6H9y_KN-smMJ4cRocQLL7l4vATxqxEi07lJcB9zYSTvUTra-yFBL-4DMVAsc8qtVM58vltMIf-rdCuGcNZZhtRPs8pXy2t7OSchrcp48mJoEScoO_GA

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNUZ1Gu4NNV8dv4UcDbXYJhd8ZL9G9D8jgg5yaiSeot0FFUOF-3Py93Yy-R9npub6H9y_KN-smMJ4cRocQLL7l4vATxqxEi07lJcB9zYSTvUTra-yFBL-4DMVAsc8qtVM58vltMIf-rdCuGcNZZhtRPs8pXy2t7OSchrcp48mJoEScoO_GA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmDyB5mnLxUGuOFtHYHZpmMzhEKJo_vZ4lAVLDu-eF-VHVRxl3WvZ_hXEa8Jh0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Jun 2021 11:18:58 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame A517 17 KB
7 KB 24ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite_fy2019.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7072
x-xss-protection: 0
server: cafe
etag: 14457676323939599074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:10:13 GMT

GET
H3-29 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/ Frame A517 6 KB
3 KB 21ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2661
x-xss-protection: 0
server: cafe
etag: 7752240862628680351
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:10:29 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A517 0
592 B 97ms
57ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstxFrQTF44dzugajGwgxkRF_ZznLwjP_iD44JpuyStJ_IV9JQ0O6Zvc7rWPPLifDWYvMyA4jevCfmy4m9dIDpFT8kNAwrgHeAL1_o01UZuVX7-_ZcHMhMpoGFYOQafh92MrBhWbcb4FvOVCH-yFZ8nRNbLLsTl5rgv07qlcTPoF21hM8XLEoXldAxU2ITa8UrkBHNeGZAe2meaJ_LgodlmKEtygQP9-f7VIK5LtYUNQCaPsuoMj9gKlGb5wsgI7TTSwtW9l2Zqp78o_kjJ-B2k0KibeEuPMnQMyOvhtcnCMholEnr9l0VcaVj10J0kzbXqRdLcEvHIsW2OAQ6AIWfI9RLXQJBKsbacZjkKSoipoxHC0n8SYDjI-sCju1w3EjnrC7c35n-PhmklQwTOmmICra7gxPs1ZzdMBM4CeAaGfE5TAOotyTR62fsAZMnh6vcd3T1SZhxHMKZQ74HdnBvVa3B50PIGz-yr5SnKK4jpyE-vxiPIwr3TgtAibFjkm3Hvov-GV87XTUsPp5juQ4VDSmJWIls27anvWrohzSq961RzN0QGMj4I3H_JRHZfSdaiGZe78Ytn3na_9658MV7ggd0rPk-98p29bRjrZSo8OJGKllxZAsHRWivCc53n5ArXgpyFsve6OUncJf1TKIPG_5-3P0Sl2C143ox54hdgsjK6SWEPiBgm3015h1k71NAYaSgS1QMlsUYIxclIHyMXFDD7aOjfv2WZpw16ZISAuSSJSkPtRY3Plk9O51l3R3mcYoAhGGSdX13sQKURy6YHvFmphaqS-PUZ-FUS4JFcbqUpL7YMudhB_wxidHItvG-y0R4kFDagA2kPefcjeDDxbjE6zdCiybq31xhXrwFAGLmew0lf8FGstH-Krlo8itWWGt17yXBSmnemiYYTNHOQIocfqLjzcgNQUCNbr8_G4BEZseaYLSbr5_zDJwfrOhYVuBmRrq2sQIecFvkflqAQAt3kZ1YVUf8HHfpxQiIsUzrnCHmQLi130g0tVYogVWatVkVtHJWh9j31OpbsEcSTrzm3q0DtBy2X7Y5qmX_QRcRf9gkMaidibc7ziCY4EQ786QOWuXj7U-bfKFFMF6iGB19juyFh2OZiWhjXYSoxO4aP-Od9xHuwkzrFhwUnqOMzGRW7Vld-2lFTJ7mYmIt-INChtca3eqgpVR0EA1XIkVi_tvaNCl5n4ek1CwQvSTuAaDIvo79yBRA1Uwg&sai=AMfl-YRWkT4FqFbPJFxZwuP2dRNys5OEyj6hpktztKZIgJiiP4lbua2WPfdvco3lDiSptdq0gAZhzEPiYUAhOXTh8ryfBuMgHZuGU0sPZDi9d4WqfqG6wk14_KMIxTndPHALEXcbuEHfF9g-lYXg53dp8Gt4uV6dL5mA6y6CiPLWbJClP3YYaXb7pbZ7BCkus01UJZD0yGUzeoYuFJJCzI-qs5ME3GwFQ18h0DS5ic82Wfr_3V7n650I6BrqRjLBHyaE2Ia3A9rGhlgwY9JIWyPhhYLcQw&sig=Cg0ArKJSzCegIsCk1rwwEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210616.55844&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Jun 2021 11:18:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A517 41 KB
15 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 02:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 02:29:46 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A517 42 B
63 B 53ms
47ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DkdMFA7O91b6SLH7pTclx8At4YyAdFJTXIP2zaak-VKrJA5_h6kcD2r1RVf58dB1kGRhfPJ-KZ0MbM5dBnwYo8n1CA_deA5ND_uNUkOn_p2VnEBRA

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame A517 3 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A517 122 KB
37 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame A517 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:20 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A517 0
0 18ms
13ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaScDLsIyFlllb6U4aBnsHdq80RMSj7QUpeK4rk5rHHAm1D95i5y_gE8PiyDC7DnnUbPyoZp9dO3DRPtsA37ZE90sZehgw
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 1039490007285965533
s0.2mdn.net/simgad/ Frame A517 86 KB
86 KB 27ms
10ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1039490007285965533

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6530271d4d8b9614c7561b8ca15af450460b8c8c443ae4898b7ee400056817c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 01:26:09 GMT
x-content-type-options: nosniff
age: 294769
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88220
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 05:34:12 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jun 2022 01:26:09 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5A39 363 B
227 B 19ms
18ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNX1qgZOcLHQ8snkEUwHrj3q9oxneOpRfKWqICxO_0hVfhDD0sJZrATv8n_AYRNAP6zHeOsDjf_HP0vcwzokr_EIkc1Hk0SzvAC8LsP7a0HJSuA3Kvpe8BHeVSzRXsS2gH9n9IzBISY57dZ_o1bYp45viYlLHE9Jpn4fB9e7IjltyA838fE

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNX1qgZOcLHQ8snkEUwHrj3q9oxneOpRfKWqICxO_0hVfhDD0sJZrATv8n_AYRNAP6zHeOsDjf_HP0vcwzokr_EIkc1Hk0SzvAC8LsP7a0HJSuA3Kvpe8BHeVSzRXsS2gH9n9IzBISY57dZ_o1bYp45viYlLHE9Jpn4fB9e7IjltyA838fE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmDyB5mnLxUGuOFtHYHZpmMzhEKJo_vZ4lAVLDu-eF-VHVRxl3WvZ_hXEa8Jh0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Jun 2021 11:18:58 GMT
server: cafe
cache-control: private
content-length: 206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1039490007285965533
s0.2mdn.net/simgad/ Frame 1EE7 86 KB
86 KB 22ms
8ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1039490007285965533

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6530271d4d8b9614c7561b8ca15af450460b8c8c443ae4898b7ee400056817c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 01:26:09 GMT
x-content-type-options: nosniff
age: 294769
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88220
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 05:34:12 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jun 2022 01:26:09 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 1EE7 17 KB
7 KB 17ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite_fy2019.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7072
x-xss-protection: 0
server: cafe
etag: 14457676323939599074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:10:13 GMT

GET
H3-29 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/ Frame 1EE7 6 KB
3 KB 17ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2661
x-xss-protection: 0
server: cafe
etag: 7752240862628680351
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:10:29 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1EE7 0
61 B 89ms
58ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstI0x55y40CClPF6GJe0Uwz4In_FmqtvFiPBm5ukqSJwPsIA9we8RV9FdM4Vub2tshttN-Ok_cTfnGg60a6feIyD1_wKSQBZwdVBciQt4uiZi29e_xt5uQ6ItbvDi2RiZfo3uPeKRhxBpHNdVHAl2jS7sYAaziFOj4xJRA_dUTK25Qi62T77IH2CB11t1GpTKYHYpVupvHGw6xZ0t9ni79-xIi3IhpVab2sY2NKTjuTxWUbbzfpv00jXIDKRaWLu5KJk5MB2wG4cUQo19Gad3LsLgo1Kz_nyuv2rw6QPvk-T4C659tsZYgQuuQMl0iBobfd7nC01YqP0rWuOmwT2uQkVrIQPcNteDkX58rymSici05O68e521-4rBA5RFPMjSUvjRbjM-k4SfMCZxqNkOZjT_lQbr-ijWiCn-1lL9Az0ncHHpl4S_g_kuTM8hgVLAxeBj1j7SELxvumnN_1iernwALHkk0f4tsIAz8UT9GaEsgglyUiKClBiassjYytqCVk5RA_NuHVnu04fBq8LenxWgxNr5tq4DDi7IfH01JoeHuC7sxq3mRxY8SLEGQhrXCXGX4sPA0jy7nnWiCTyCLWGZU3MadpI2khHnGfYDUqjgs1orBLot8FAyUrC4-maCI7w-NbzpknM1sRfzdxZltQdmVn08uz041ODSmOiOUGAMEdQr_MSmY2lInpAR2QuV0xhaf1hseLLzqUcuv1_7oMyU0jPFBVNExvONTMNXssM_Ume8IH18dydZJTkrs5OQvk8TGV6zqrn8ysOKfVAe1WztB4eO5LdpGDeDx4HwQPhHKIm_5O-oxf-N16mlL4JOEXEIjgKzpU-vIBoJhfd-LE4FRRo_1pvhjkliF-opo8knNGtfBK52b_OUTR7qNzSok14NWuwZzh5Bx8jDXViObN0XxLF7nTCeUUYN2MmHzu4jVPyjygJ1A2NoQ97fdAfr3_YFdxJXlzFjqrih2hLKJYI37m3vpRRsoZ5LcNdvXqQBcVu2GkpyXrUHuXP7GjRxJNJk1tOgwgSGtVYZesq3YTBOCp01ZKjy3qmARzpGym9nw8iHF_yf4GdQsQbm5hw2_A7rBZAndf5zvUk_YleVEZFDDwGfHAQa9VcnJrGDAoZRx76VwEgfh2d6QkDvPaR7p5CkTzhISzKfUBWsv906JDjhw3MQ2rqDoXKr4xGiJYquuf9NjlpZtqxWOlKSwZOBRR-Gw2QA1XfaXR9g&sai=AMfl-YTbMGjP_ZknBuA_CRkvKNrRJzRZ2RqF14f6g5gpGRDtUjL6i7T8n0J8zm_ySE62ucfHOmAyi-_8Xp75S76jFgP4mUB7-e5a92BsiReErJy1ZSvLQGKRqtPW86T92hiXNe616StDm5QpCICP6A_6hGMSRiX5TK3aVx8cce9GDYuFDeeOmTGdn9LrI0LtycViYzYwGvbedycnQQVfZFmGwfFSAcc6QAyBmSjSxxOMShf4NcsqCDoqtbsl4pWZIXRGfLWm2vKrQ8LPVynp4GecjQGILQ&sig=Cg0ArKJSzMTpAGcjnUNwEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210616.42191&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Jun 2021 11:18:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1EE7 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 02:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 02:29:46 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1EE7 42 B
63 B 50ms
47ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DdJSZ6u_sHI01NTrLn-MBpVAkkxwrBABmRwpq9vSwxICpACV-VhQm6kGe3d_ISLCp6XvJDgRLfn0NM9wcA-pFobiZQEWPQ6QssYSljW6_8ZEpLrjo

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 1EE7 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:13:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1EE7 122 KB
37 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:58 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 1EE7 13 KB
6 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:20 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 64CB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

41ms
40ms

Image
text/html

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame B999 176 KB
61 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/ Frame B999 8 KB
3 KB 15ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHGig_1cl-qs24uHU_llc6cgKEWVnnFUn2HrU9E35q5FHMU8KSSNGcXeyy0LkAVPMVMuG_ioXt2M0SNHWMcfgiLz1PKneA9qhaFn4L98gZxmxHn5ge-tHs4Cr0tJ1wK75-v8ACT0mVvkbzfXImrXWoCnxFlw&dbm_d=AKAmf-C7umcfaHVAfJOMPtQ8gPjYlQ88a5iP_W5in48BM461JrOEq8MalWMskWBe8ZUAT6XxZ3C3TkGbPPpRqyXrBQ2B7TYWfkgQsOwexAotWYQYXTIgRAQLvg8BKElyeLnpirVyrL0H811guxeLs-pIbUbT9tOW8k1-KjFgUWsPpCPwdpDZRcL_chWL8T32J85B0vQBj_0RQdiu5qKTCoYa4B6sC92xsTUTrjtVkcATjwiEYNFNJ2ZRiJlSuLP2WUll9HVFrPjp6RQcL3KMDq4r9uPKByKB7lR5TjYgfOgeavccNfxioUDofsC0gOPu1VGOoNCIRBuzGKLHdLAxy43dGvSG1F6InrcsR1m_r-nAwDir6tVTx_Slm43YIC0VQHxwvgfyM1-Xm4-zbH8frVz2BOMkYwtfks0qm5xG-4_fKLN4cc_HqdIm7xAfVP-yrO-EgFXf4cFsLljoT8-gpL0swFW44Y9jQZELAf16fksI89O5qYonLQYQdo_yxoYvWQCgGQTIXQQXYiX075DdvxSzEMcMR_3JjYLm_QXPehc7ph0Nq1C66Cw3tPsEu85usUptHFhGn3DZQFaE9pZaBCLJx52-d2HCR1P29uHM6OqcPjy_2Q0s-taCEkKwj8hJbYF2OM9957BmBIlvep6LbhulISQInAs0WJNEOWoUqREy-jQaqTz-tFe8RnpupUBzj0fSS0WBAYQoEi8-6Hs6GqzvQ_c1B4E0FK9Uty3mThXFTqoYc09Bg71L1jxQl2rLY_8q3_RyHpc8I2XkZPrhU8baRc6YgZ3I3nMMsqyznra4XAwc2eID1bEyLg-vAf44zJL8zVQrDMZMShqTZ6ONVgVF-C-PD9wdbxm8TB5yD7fs_dJZQDDJUfCeiW6zk90ROh93T-XWhwlsqz46rcbUBAVVZ-tsycWa0FIRSSHVmfIF6DexhRINTVe0o3VUbpCYpoQlK7afmkQyN85aQMYxmewe7XmHNPimieFdN8-iJMc-R6umYa-z4uazsB5MaUbn-fZZSO0B4a6qotdhnXRP9W8h_d-YOna2MhUP0O72gtuHHyM4FPccwjdicfv5nrultKLyvsEHNpuZKpEGG2lFK3cy2pqS3UxOPXLwJ-2FE8NAXLTZHESZWNEPL7oAYM8b2VwW7_aVTkWdZ3FXC6garBC_ZxfA_mHWVwLQl7uE8Xy2Cem82eAUXShSQZDOBmg-alAnuy58qBNHsc9swv6KokP10Ee5MBh5HnVhWvi3X-8xyF2NCIhNYQEWZS_aEiqllO1ATS7XlrzSKZhJcrc-kpXy_cQsoO528y9Vk0C4gj-C6QlqNmXL2wCUXFyCnxxRty1r2jyDir35EGhN3-I6oJPes2nDLsPhDvn0u4d_s1E4LKKYGdXqzjWkGSxXVGFu77Sblveg7CLoPhzC3G6AGr930fvmr5bfpwVxLECuS5LOQiiX8Qj9iVl3dIt-hkjD2bvnb35cBPGBUbWMMT8D2lTpWjTBZVquzprLpQTq_y8fcWxLuEat0PyjVuhsxhBCA_6yhcmDySWDYUuFdkLt-mskCdYbSSp5rz_cecuNabjQxp7weLtMaAxv3wXhvbsov4tXiArDcJCbe8Z95ktUX2AwIYauqF56xsxmAR3Wq7kw1o_K0BPr0LYb9ItN8h2LWLLu-7MInNk4bDStNWTQxjLbsAzHMWYtBaSU7rwBOaYunj0cqG8g2fJ3lAmxi4PMmoGKvA33KnmhgXOMdXX0r-xjFoPrmihams3-H3zkh9qEpkT457Ca9B2GxjAY4BPZm3KJorbWPh7Hafnv5nFmlr53XBetDZ5EiA9XNsLQUWxpocNBEJ4me0BjvqnC3ousxUjQ-aZbgoGCyD0iR37sHUTR1MNnktAS4KsiIfiErktJHLrKTVs4zz-AsfT8rh0YwshcRAp3PjcJdJZxHWOUpPUurSW59Ub4mAZHKQhK6_EBSojoBtPcloEF2cNjnRt2wrjC1WWLrcEfkVaBcSaDYosn6RScf6xMzpprZfN_PraOjGOJnUnOpc2c7hP67bF_tvswwzQh3NlOSsb1DExsvK9VwE5FDqqfthEKy6erjgIzCiEYQ79h-S3PQgJnx6_KEf7HnMtnSXdovGclhx0LwBRkRx_LUgz0GpcLOWu_FtiAMXaos3bKECCJkepQLqBpISBPfVpW9Unb_cDFCv0GbIUIUovcOLb8dRn-nuc2rcNcaIVW-DafvFTNfhgY036vONW0NFgBeWsuZgybb_surYANV9oxWTRA9-HjE6OplIBKvCgaIWWHjRqMUU3MtPByHNCIUg3QHIiTLLHW8a2aQlV5n5Tsmwg33MVM-b47pNcSSRjQ8co9xgmIV3cTglETy13wOaCOTBFfOcnrJJIZm0O6k__LI17HaQbtl2e5l1aMHbOC-o6iYWyQY2heur4QBTFWHCiH5WJ9iQe9BvNQ6CDHPMFc6A715UK3ag_jO9vsnaIwFDf4VEbt4RZXr5Q-pJlbsQnLhzQWri8UcSM27goeTO7SOMWdYj_5n5srAMPIpLW-c9p9og1rOcgY5SxHPYhoo7EEGf1C2-dpHOHr7ELRjy9yENhOfA0pbIhwslc077CwYsn86-XYL8aW4SbHYSLL_0xp3S2_m3YNf9f4En1NdvuNlBs9-fl3jUztvnDk7WUKO5JFDLquss2-burRxpsfjQb9PR1u5gqW3aTODP41grWjEYMT3Sl2XMkEaewkamD2q0ijvVuUn56yJaT3WwEFyWHx2nkfCX5DjB8MxGb5aPsxcHRCS7n6xwTc33A_wusnCEGjE6WXzoYWr8Yhp2T7k1Zmry3JK7RQeuVPEZJAEjRdi-FK5dyQuX4TdVb70xNL5cFSCqd5c5ZZqFQV7SZkzPq4LQfT7dFdzQMYRqfZtR0El_W6jdNIjCQvaHDcHgA9OYtxlB_2qf-NZ-jU5-DJclCIDxge_7iXYfzLmrQDb9GYppTkou5UStxRRPhlnsa4vLSfa4wN0SeBKSb_3wMGPUZAUSe_D4YOmBZTvXnEN5N_RjiTmorRSM8Imj5kR4LeYDPy6vnHAqe6BT2KmKKEvlYHluIQ53KX3iQdryNzLfx17wsfszQJvcO_vjzIHkGZcEdE49aLxiedMt4vA8MOuiv2u4sihgN0vVVxQK98MoLVoiGPN0MJnOARe5XpjyWkZtNq0qJVRmaz-MHgIXMy0ueFFne32Vk6qD-P4TZBhLpciOI3vNgMwNOrE661SzQNojzK4eN4bqRfo5uD5kL7mZdQuNsIiP3v6plC4LeSE2FxzpWK2lq34EeBsuk8kOlCgYP2MlTK7Vo7CYTTrTHDn0f033v1kTo-NhVtfyVseOwZHa5eEWwSkLpHq0LPzMG_aGd7FY0MLkzblMHLNnSmKxU5Z0oGMhNTs-cs3LnQbvHXUpWjXfmuaVgPubCmQtNb4jHwOOWmNpyoquRQ9M_6zVCGgiKwqhXfQCIwEsGvIdAhnWPhOvPiFbF1wMlO9tN2mu4JhHOEjvYKTIcj8WaXZld5ySEF0RQAwAgsFlvFdlWwXmnO1oOE_Yf_oCFt5bmx3d5DZQdHQIHkg91fyXSxQE31HdnQxyLf77Fvc_vJ9DZ18E_s_weLEhBpcsdUdh5IzJto3wGYK1ksBfoe9NbVYJitNLxmSwKGTPrpcCQCHvUctMk8H9So9a5sa6J-bqK9QC03OQbhhDTRAEbWSUj4CVT3xcnLR0utm1MnwbHZD04Znz8OkmADEDYjtCdT1BFsdw0O73gOs8zz9VhavMpyXL0lpA4oWxZxTNvUnXCCVdy-J9F11YMPKZ131pvAtEj7esSJL3lK2My8iXurP9FKzMUfAR3ntus7zgIYXNKnMScmg8mQBYmR_c-KFCX0Up2KIGtYbs9ziXy1O9ldTiJHXYsM3RTBsgO4ecCcrkbvraDLvlwMB8kASz4doll9CoaplXyeBtY_ok9WEb6qH3_XpB2WG0xNKRgbYp4QYjAhewNkmh2LsnyYo5HhcXMR2KNh0KHdB3xKJ4UVRandkYRbd1SGjBmifhs-MxxZikf6H_wVcQI3wuY8A-173mYn3yIZ_x-wSuONGhQJHQutAFtKkOXMjPGTmnnBN_L4_5TjQwKicvwmZuXLfJTTVQd1amdk6WuyvQG9H4BKwgQ_omdAKElNm2zFRN-Km-Dmoupu0W9BGa_NCvXX10cO7yVvbAG23WAwmbxLuAPEje7sJpmwV55W7cJWGJhnAFRT8xUr9pfAar5FQY12C4VSzEcbDL-jGOALAsH0EUCpjXZw7Iqzt3UyH5Sy17ZKaFLAhl1dXtr8lMtfT8zwXc9br5267ecGjK0W7OtJhIKuMMErMLnHshnoLGVcydvM4XckpR_P6JsXEfuYAk_ZPzTA1bja--j771B3jI4&cid=CAASEuRoqLboDHRMlMoc1C2_P_2yAw&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjstXBl6YbzrK0dPyWCXtE-7yAv8lcA1_7RvCCY4IewhJ3W5NuFloZNrnKIYgYhz3Z9D4_o2pZffmpcFshLc6lpTgPQJCyOUHw-g-zKgVz4suZRUkVhjdWe722LOe7YRuJU23Bvjb3HI0UQjQtZ4EPN0al1VHN0-YwUTixCbj5PhXUQNmvj9am9MOX263uKur-7Ap-vK9RfcYpHbLmMV20K6iiRSypF0N18OP1GnZp2Z4lSBlYKEivfTa76gYNIcpTOo80xDoI8xe8xM1Y1QCsQbexHEfn6gEIDo8XHx2vR0ZMhXdLcQW-GvSDk_ZuYYxDZ7e2aB1STvv-dhkAbE%26sig%3DCg0ArKJSzGfCE-_kXZv_EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:07:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:07:46 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame B999 22 KB
8 KB 15ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

5913491ab33dd1891820af7d900c22d50839b52cc5e6c7c8da2bfa405d2ba8b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 15675381762197352129
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:40 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 4665 176 KB
61 KB 19ms
8ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/ Frame 4665 8 KB
3 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DJIVNhG8FD8bCmR7WlQ3LQDRTQ31vg3hpVFPxQpJ9lcwJZaTAYziiYPkienomdppOb3hUe2PNjSYDcGvJsyQFG5VmXEahByioGkEZ4WJuB7KzFYt2urzKCClOIFU4YMp6HkY9ddzU2VVxnUKbO4VUkc1n3lA&dbm_d=AKAmf-CUVuGwh96dHSRCpYHNs4rmDpqv0AgBTAmTv0NkoeaK39pW9HtgkKlPEM6t2uturxicS5uBqBbH3sZi2FE5u9J2vOSkuVPQ8SVmPXV_L7STqDZfXECn0MLpYHucZSRM6RDdFeH6LLlIo850j8SgSLVYru_XyzYmwUXVsq-AIF9RDrdwfD0LG7kmRb8cemO7NgXA2l550nD_sKS0zCptlVuGsL_bj-91E0eh4TzUbveUQkgSmlTBu_ySqvh6MNs0Rws1HLQPN5FXlmVfJ3gaZ8tXJnjgzsX2ECeGk_KJXs7x-tbZfBW3tOAIoNURZj3JtXg8DgMYQtjFwSHvm5nFCVYR-cT6FmyH6ZdVYiDXItA986bHQccHKVrSHjiFs39D2iPP3_-5jJnXrlFZub-jsoafjX7mx6wXSGljFq1WvB9xGVgmD8GQHx6pS5BwFV2IslkJofU6Roi9ylFJRL0xkdBWv6Ge5UdC4Iz7siwBXgAMwkYePfXbnKyzUdtpKIUSajoLeCgQcJLwDpKEmbh52bPVFlNnkNZ-FveVuMKNx_DbCMR9XMRXcYcQ6UDsyZrd2f83ROSxuxaOevNmGNDTVs3G6UYuNpLomnmXN2-GjTwhaLnazItG2R0-4d0S2bK03GCkWoDg5whbsA6eNmzW-YBYIWZwpoKsRIues39eRmQw4Z9FTL6cY_rALTl72wnL3d8kmQe7V_3EEGDcQdnASBMx2iXGVPe3c9RVlkTiavZptKFZwwtT9wLda5_YKB3MAuch7wvtBCONylVFp9ivjDeHXGiTlhdJqLv3FgdWazel6Il8pQjiIIjrC5EB5xqVuauUE3rSU-x-HuJBAe6y08acMEwttBNjfpLtqsid-AAxent7REJU-bRIpr6yh_p9ewPku4_ptxOWbjCa8_LczWTu3msE71SitEnhZLFnBUwrYvELGkJshvwzIPg3t4NDYpGC8UzgXPEnA3lawpur7qb7rwy6pMAunl4cm_r3aYvVGfLZqcpay904DOXg9RNTeA6pwefS3BzKjQuzAmgx8HkpPUSSBp2NnclxAwzvleXZjqzK6MD5eKYljdL1oZ4SSkhYZ6hLQmbYiX7OsxmCxabrBv5A69xZyUOpzKWyTrME2h5payEDx01nhxwHUJDZCVVUN2VJLAQxBO912xxYPf0zUGoaS7POQuGXGdWKrh_UIH1oKHC9U0o0Qw3XUEznXuhlxo5zPaLorrK7lJK5WDSooS_TZxxn0cWtonvRG2QX_28ABuj4v5oFWQJgkFNlWVhmpzosMVxMprRJMq9o44M09NT4myzq5d6MGmnI5Wy_AL2WqZFpZpfArhFVvb_FbdsTtQbeSFQsZ-NIwBVRzhIkj7mZyGQry5QRRVu0QdUWbaQr_tNQxeRE8PCvAA9nSMNbQkwT8m8IdwteWwOimmT6heNYIBCtc_5Er7XxR_6iWhBoOP-sJleMRApIMJpY3jLZgOaI6jfVq1bLXLjGwCkQsa7hZ_XJV6_U509K270LC0b1ViAjaBVDsrdIuglqkUht7fFCKrWbLU_SsjbtNoncrCpBDp79OleTCZQ_1AgOyvIu2I64Er1vJkWC4zaxYrNncaNK1uQSVzqz5K1bKNFNxDzpJgU84KYpT1qQYPJM9GE46MFwIj78TmYGPzkuv460nZvdUnZBXWT4RidnAn1eHpYM8JE4EBFECyuI8_shGUCfGzlELkpdsIqhFCqWZiWTrASg5r0Y00yFq_3ysYxnTUnvJJARk0waTGR6zDpg7ablvRhv6ujew1c4nHTL3mGrDP2AVTnSWTM34knVvMBGawMilfLVCvW50p9rdX3iqcFgiJzBB0L9c0oqhDY84RiUjeFc0fbfiOqLuVx5udnOPOwWpRSN8w3h_uQSGbnb4_wBDEFIEFWwW9jrBlOXvBOJRd3pFXC1fqav48sEc2w9SUCjDk1XzApt7j5BcWF8NBfTl-X6juTfeGrMaLHgtNSSoP3xe8G23ZDhbV7iFgK6qYVJk_iEafmsaKPQxDLhbDH3V5jTCf0Xk2yS2lu63Rj1soT9ld8ucO0wJ0nGDEA3ieGPpuMsESQkTeLWQIKgcc89cZTuLC6BT246tNbZ2ZWHyET1UtTH9JKL2bQcTMuPen_wfp3vJAPWFoGXgNGiJOCmjjiO9blAg1T_zZHUaHSHxwo1luWDsf13iNXpxwPrEMOM5SGAi12WFVWZzX5NOBw16DHoPrmUsDQ7ExuZrFuD_qtODXXR8maNfchCqxIRDk90Dz0BCOGx3xpo_1JEgXcjJ2D-DnArdSHAgo1ZHqRd9SacrsVORAijTQHPhdBsjfX3IHFxGG5Xlvu9pYUdUsd5JOHw3fkAThlFpNgAQ5rK6fCYRXbeteEJY9vTevlUkcZGhTM0rPN6DBvdB_-U2hOnpf2Cwh2SzFECNOrTar1Ss4ltmBKov24K-Dv0bRy3xT8PpgnKqVwsxtXifU5ZXMCwVw6goivju3OJVcX6USe16JlRYe2iLNgg0GuEknumdGgho8yCDytjBJ-NF-pv2sT8pXsPoj_d9Ze2gbLbGd_7pvfHOeM-M--WaA7Ln1rMY66jf_PdFrv29FzseU0-bRvAvbJxb_Do0SjriZpD_oTy5UIxpyUs3su0kFyexG2sUpkH54EV8C6pP3oTJZjZXdk0LP1cW8rz4a_aQr3ua9uXvfFVf-yT1zN6ViOXamwO3JdJW5Wvq9uo3swgcOESxvfp5lAW90fzfg1PjcF3TWniSWNpk0B5lwa3dbAyOPbfJJbO_UUBATM7K75dPEthEbvkpq8l5MXeYYcCDIotTECYmL1KDOgFTF09SKdSNTALS28beygEDZH27K8ZfFpgZxHiHxcJ1fSxyiE70LJQv6FkrrGRpFeiC3dOpZT5MMsBSLaU9vy3_8L2ZLD1LaNr9Nu0Yo0cswFL1UvRr8hH3UuAYDXaZ-zKMsD_W0aW5jPq-queiItdJgbdUvRgfdPnd0VuddUjsPL4suuoBL-ZTYeliQ7p8_tIvBQUAMglL-zdQmwkoLyzoUWVTN4PwibRtzCVYnQzWdB_ZgEtrgCPxDZJzj8AdjE7Z7uJwWZZPkhrnMgft2CMvAYKZ3VNPpKBvcXtfLys5GDAIAomCwLbvlImNSsvoKbb_tgNr5tq20KGdX9EVk6ISp5bEK-ysi-uc0p6tRKOBxPXwCjdl53aT5OCgcbaBv-4_humhN0Ol0iGznfPvt2IsSh5amBokXTxIEGjNBeTlCoxgUStruzBcy7X1Rb933Riev2crrGOTkyqzdE8i0UhkCYRoI30TmFZcSDc_bHrNgSphVsqfpCGt5np66_hrbv_Fntutus5x_zG3rQb0aVnnqvfheJvHgrv713Bl3p4QnBi1M93wGwMF7EX46cCeQVjpU92ct6In5_lP5UPNDZHfYx48lNYFyDCa8sy47Jv_fLiNvG9XgqNoK2e4YE2Xj4hexAkJkPVW4UagIbc7aQcC4i6CkbIUj8RMRh-tiu56NO7PUx6bqnsU4esBuMQYUsWitj6WrhqPF6GJpnVR68JJvx9mPpovXIboQKkwbNgC71yJMC7YT6Aw6C2HT-nze__CGJu40XX1ERQQvqtb1SS6egkd21qvJkYUr3uzbAXJHJjTw6gg3FhnXDU6M4gfXAXgQEKiGxaDf-nch01QehGQEo9JIe7CzHK5R-t781X7ZHphVR-iADJqV818EWq5p-uyBlp4TYvCRFN5Jqq4GyK-1QQzxNTCBOMHSetgd_vo21zLF_fw7aKJiqxwcKgHBOXrnlYLSqMrKvX4fA1Rdf0BkWnVEGoPD2Kz2N5wHphGsC-xasStWkQ7NMtWSHX0gmDcxia0H0bQUON0rq-JOwYQZ-BxwbkL-ISv3QSL39ErOyxxByn_cpIOL43Q86X4KbtA81MBFnoPnXrbXCs85he66pTqFKGtqQ1Jo81A4FlBndkdBfaIzGRvBhqscextGOYkgd5tHFIXoMs2aVMGnSyc5f-b4KbD6eapyQw6n5iwtEHwokL6ooIywGGaIJ72zIKx67Y5ic7bZ4ybkr3yVVKMXglLmQUMbgxIGwEBB3kPrawORNDGUJZTDMFY-bk2dEXyCIByX8vo4BbE_L6H9uD4ROTKGTWTvokoUxazISsSfFOIvbbkPVEoIr49cSuanrtd4uR6fDvxqysAg-txul4jyIOeWVvq-6bL4cIlWi2xO0vu3PBOhZK29SWvBDJk50mSiq5AwrhOvmrizCf0XLRknfJLWSmOPoLABsIn4xXLIEN8L8_e8-f_yIss2HQJwbMgJVwhxXf_lDA1ljzujdSorVl4Oe0KJaa4g3qIk4K1CHuOQburpAN5RxvtUbUPiqDGoXaJrj-2d25f-agSXI6Ef26hZeFNpkJxZQc0dA&cid=CAASEuRoz-EHRx54kXSeUgQ70GpkWw&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjsuXTSvl77hwMqs7pdyBd2zJGFh1Vf6Ayo6uQUfUmtHUo70jAVx1Z7_sMCAWs84QfkyaMv-34Ca9UydJtKN569BJn3UZ_DlQnnWeLmV8APOkZdwAcLkhBb5clD5mK2BPJUkBnySA_dT0DD7cPAEleazjNCQfnT4uN6levb86gPbOAbhbiUVdoinvtHFeDC2JXzNklaPNoAOOT2iY7vXGhztx-gz22nIyB39pCok4JLg3ox5-rJ3pW99E82-1H2R2jdSuu44sCu_syTmjOHJj9JD1SjZjADT2O2XGAWrje01NmMyNkMuQrEkprNyeMnyDg_D_jASgK1rWVrYGpjo%26sig%3DCg0ArKJSzG9pBD8_yXHBEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:07:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:07:46 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 4665 22 KB
8 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

5913491ab33dd1891820af7d900c22d50839b52cc5e6c7c8da2bfa405d2ba8b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 15675381762197352129
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:40 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame FBFF 12 KB
5 KB 11ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sat, 19 Jun 2021 10:52:49 GMT
expires: Sun, 19 Jun 2022 10:52:49 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1569
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AA54 783 B
533 B 20ms
17ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0c1b1571e3db7ac45f12a66b7b26d6d7aec244406a9c36f75d2243da5b96ed77

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HGC5XWA2xtsVZ4/J9SIwJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.techradar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.techradar.com/

Response headers

expires: Sat, 19 Jun 2021 11:18:58 GMT
date: Sat, 19 Jun 2021 11:18:58 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-HGC5XWA2xtsVZ4/J9SIwJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 1CD5 176 KB
61 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/ Frame 1CD5 8 KB
3 KB 17ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCWzzomN6R0sq7GC-qL82RzTE7BZH9Ekkz53AGnUjCbt9sO2GG9B9yhMGiMuS-lV-WtQjpHN2dqnnjLaPcyGnRil78lHmL2B5U1dvSJVb6F_QhN9_53G15pCTDfkwBnliYqJYnTHxvyUHjttzPy43dJDWesA&dbm_d=AKAmf-DFpVdlSWB65736kKMho9ZUzF_Wy-vVHvBat8RE106UT4GLZGRd61Po7tpubNgWd41F3rU7TnCdpp9Op7-c0OTEInNMIN0LIQC06YkGiVXqE_50DGBQb0njGktbJvW_Ba2_gtdTi_q2UaTrDJsazIZXh7MCF-HbyfGiLI7PPwP48RBqac8HEgQ2jrrM7BFry-1Tn6uWJxUycTyq1InDOzHWwjuCtCV7wrQ8G3GsvETO8v-sN1Nb6cEzGPdDqVu4s4gDQqqTrmwo8WLrZHuFqxBhzeQvhlrRSB5MLitapMl3TIQJnJC-ZNutSdvR_I-PXWXKw_x-8d7b6lFoyjbbNBao0QmtvvptQ9rID9a5Hsgd_9UrQoHmCh5Bi1vTJWVAA4Ocr1DGWnYMZBqVs2MnYGLy7L3P4HFa050CZTewnCO_6iMssAjz-edQaPxYlQVu0Las330HQADey1OY1TjUtqxdn0pfX3ofb0Hl8J9ZYcYCWqNMjMh98IWaRA5As7DPnpe0nOPpy6ufkkSyuZNdSrvuA-G_Gn4Ap53tM411DDHYWWwm4wfRKgBUxvp5Jhs4PRt1LCYunIBhVFnCy4mguTO2LSW9mHj0LgaYmde5m0fiLmrMMUYQgTeqadOHORO-GpUs7XoMp-Q6QKm1mryRvbB-nZDjl6Eqhb7dJ0A-58Pxpe7I1oDvx1EGzLc-E32n2oWej-G8I_L1fbYdV0BJyd3O-SOJjYISdVaoq17O3hWxwljlK1NyBCfS-FZj9GTvC23qyTx_m8MU99hG3zEZDUsmAfVbl1FvJuobsk1HHLcXIGzmQPl0ZEHa8MZPZvJ-ZNGIDYTmFHlnqNBLyvUSVlrx4Vxp2WBak2ugoaISNi5wUl7ILlHvRrZR2KBzg-jKp8DpJEZ9tAb9OXhjNYx84sF4bZUAZxM-11k0l-OZvoBTxROXPcIOzOCyri0-jFy6iZsZN8GfQaGGO5h5UC1pxqRYgyh9vsPkwYVEr-ucbXWFy_0yH21vZquGHWiJ3IRcPC_rER1UslIDkeNarkQF_cO6WNYcv9O89vX4u6XjnRc80Ejxh5xSUs6Ybwie2iEe5k4DvJUxqu4UhjJdCFLHta30OF5C56nwHT8kvkbiRT3SLGrVhbqacxP6-NixEnEZwVmZIAnUt0bRpavtqXaoO-ypQkk5-8yDxYy4JtGU7TOer0j9iUAKnBlm-ncIATCem7yDv-0ARPjUEZU0D9jMgnxYqTpZaM9eGgFTvG1GocOj0wOfXHUSOBtLatjwl1G5C9zF3AwPrMTcHou3kIqH_oLFrelTWQnibxc7Ra5jnvOYkf2ppHXx_wdY4p_qI6ELwlxP5eV4dEsxb3g7RAq9wHuXCUcBj4JFpLNzEh1fXcAWfidXKVkDaM-U-CU2sQ8JFMF_S32QXbP0YOdwaBYItq-DvH1NWgJQ5DFZbDi9i-CVlytgO3dCA6ahkl6IyN33lLpnfAMkSDbRMfVooqZVLQDGIXMpp8itBAt6j_PB5GrqA0zinrMndnkeL-eko7JooAxWaVkZ0shO7PTW0ZlUxG-RSxgnNbfRk3sa87gy_Fln10LAaZYp5zBHqfksJymNkNzkNlQ9amXyqDneqiXMuy3zBTymuIaZZs69o4ONahaqIlt6i7xpSRI-eUPxIl74YidcPO-4ZhWIGi2gPUFCxl_IcndaFm-hX8V4Qg-a8P1jpC-yptO9m_7mceoIY2XEgj8Ez7NXZs_aTbjvZpS4J219KFmWKKlKa_9fwYhRu4uIvHypgNb9eQHtI8BWL9vhgxuEdC-WENSSM9y9qN2GPPAvPHg9-flQZOlhfF_TCEoN8r1gnH3Pmeq1gcNOaid7mteY-C4Oj4XDsRmAxOUH6YZQHuqONG6urgLstJA-Jm3AVRePMVpTBlFQyb8HuvGfyR-ODnxEdaob4fTrLzb4pUEDu75zHfont7Hcx3jPhYIP7XF_t_oo4Winwjws_WAmeAHT1X3AOJo9k3kt_n6vfrZapcSrdA7OdBQrVufQu3szbJaX6LQcaYF7T2havYPiVzPwIiJF4nwArzChfn17IoQm2_nSwTReWpu8JoIT8gAh7x3Ka18XAo5X0drn5YxWYK5OBeNOXkstPQ8cGAQ1EpHfnAVvoEpzQgGK53qJdC7btFDImOmJhDfHjYsJhyiGoy97z5NU-V5wASM2_9_eZD4ZMRWNll30wFYzzS7oYWhy-rbLUsmLCZBpRjTf0Mj7koVp--e1bgu5gUwMdYNt_20Ne040iDr7vT8YjyeduTj7rz4N0aFkRbXXtJXhnAOTh09rZAXkuCr80Luy4RlQsTw5pRcph7aaQr7Ct5AuNaQknEVyimzYOmsyFlBIRFJDoEcF8J-JA28xornVTBaSVEAo4MQeH8cCZpcjKPvL2aqZW2LG_X-t6_xUOIPrBBxyHOc8bjNfnx5M08ZSQhK3iSU2bNaWCWrkYEQChMwWpsw6_hj840na7Z1_Lu2Zq2MtfSEd0LO4b0sESzDX_bei5jJpFeenvzKskFhUtYEF8ztPNWmiSDyfr3PCCyc94QUK1KtoHuFGiWXCQ6DGQJNkfSdDe4SMh1kExjGYps-ywQOS3lHaCe7TlT6Nw8DFL0qdsd3t8IDJUHt2e5QzRw9vNPljjxkUCr4TnsyWEwKBjGHGfdS4xgsRwvZIdWacOXnCBtI9od57WBWckR2hcw_MqiIk-LylaxnB_VaP4_FW0TW2MBpFNhCcrqSFtyT1G4w--g6TuHMsOOZLCRmKWGwFAM7B8qibYpaFaSzPTk_-rtsb7wTYv6QaMrOZqdmDzbNYsOjf07VfWIOTg5ACcHx0mYPoy2ltnbk0AZNFUc7aOOKwMVDCcLeOCQFinUhwpPzzQxOpYF7YpvEnQgaD_EwBQUC08VA4gYXhs3r9uCPDXkJclWZdQS7V9g1J29gQuScgjTAKElCPA18aJXe_56eKRjRHEcjtBvqsM1d19qK-yoo4oWu9yrf5sTtOou-heT726KRxS-cNmRTu9LoVI6RWPEAxXXHEVL2qdA7mvdMdVHBJXsiNzZhFJWZ8M2xTVlJpNiJhDDq7KmTaWZJTqECLOLiIFL79sIgqznESORxWVgTEcuVA2OkroiBoQAPqJM465zfGwjdbty-Hvm-Pfjahr9vVCRNnHvSLVQRgmWE7RM-IxaHCelaFjUmy0cIubgg2kaqSwda52NtuoB9CkHdLMccfEmKP-VEDumbVi1CtShr-Rljrl2CvHy-sYzGz17ksU7aUtY6iC-TToOemKw_sbr0eww4gLRSoWe4gDm4G8eaZC3XTDsmPbPudHnKx69h6Jlat6adzs4X8VHsymu5NSGlB53AU3jFBAF1JeCInogC0ppiTKVD4zrCyWUPHGEOcjwWywMdao5uD75Ojmid1ItBW6V24djn9k1-EyXjVWH_PWNoVCBvVIh9Uk9jXGmPZH6HkN69FSY5xv7rKOLndnQVAekS0yJClGbMx714J1XkFNmRNBW_UrtJK8Xj8CMxTGuUXTD34stAMiwdyI7ejbhJWfPOhcdC7GbeVPY8AlEDvigfeL7M-gF3zD-_Y-LJAPNi52SMurgE1sLzYYg9A6VDfYe3IdVxqRt6-RuvDpEK-uYl-XAPxV0SOBB-_801w1n92jLMqb2K8XZQ_7XC0A74X-IPP4gOkTKNS_J2NXj3z_h0mYfEvlWQCo2d5nA_9XEvC4BFK2aJ7wh8fleJWSM7RmuY_agn_F7AKkcteJBcipb_FpVOAX5USsjIA021G8axi95wP490IWbfjwXcyOdZZmnd7xSZAmPb1cPat4JcURWPAjdZlb8B57L-4UZPhZnoQJV08wLWEcK_RwX4jBar4j9h0z283JuWCP7mLCFt0lLnTOppWxEWUaiEOTgtGPCsonTERukor8JlD4Rl_3IvYWeXvhsd9jZUX2l6l-zPDua2IgVx137_FvE4BNRx_WFP04nS7nlSqyltfubHua-qSV-7hTlGKVFi9Jck0opo3X3r-x4LIAyg3NHUenuwcOJkgS7U6Hq2bCns3HsvjjhITm4vXhtUw6LPtcsygZHlMpYwB6nU7mSTAZoa0rCSadbv36joskSnpY2tRoz-_Mk3QjF469Pxu1-1KBpmoSGL0MMwezr_EKGKooICp8d-8LTH4zthyzEJNbQGmdFpfSxff67bwqZ8PIXZ3AG0nRjnDJMiOSoc5gND4LIUZ481RZm7VHr_7eH5pPJvCMkPwD2yTA9gRvCslMnYu3yJAt4pClb487WpbEVFYB3hIz84jCNffhABQioGpuNk_LF1zJLyzCpnb_0RtdU6PGKXxlQhaEqe2uruz2mIVynC3xr1fLEK5ne5FH_rlGz4GKQrxR1Lx1UqI1wRKfyjYHxZeN5TJt884HAs&cid=CAASEuRoBSRNuobT8aZYPZJF0dDSOw&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjssjsmOvxlH1snwwWahYv8rNqduiTMw9wNZkv3_yHFAnBmxSrmluS1QKbIw0-osY7u0Dvm3LHyZWAGj97Hn4J8nxQDIF2vGSEjvfSskZZBf83HHQ5q7Jcjfy6dWzlOlyoad5Hn62wlDYcVKQfxT-dCxsyFFMmoJD6DvKzTCI7PA1eyX3oysVMCKCtquQZX3ixPmhIoGpg2E-eq0vtDyJt74EBLZtbn1xPlbddtu9ynq12oWEgKYndXL5hxR-8hGONHYqOGqVWQo4tA0PB9TnhDLxhT681RJc0ZFz1F8t2kpgS2-u93L_oICRlnE2nlcsWJ0E7dcixllwgnjIrtE%26sig%3DCg0ArKJSzCRPj6OFlVA6EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:07:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:07:46 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 1CD5 22 KB
8 KB 17ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

5913491ab33dd1891820af7d900c22d50839b52cc5e6c7c8da2bfa405d2ba8b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 15675381762197352129
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:40 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 0263 176 KB
61 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/ Frame 0263 8 KB
3 KB 15ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNYaxd2iqMTo0iwHL3WAQXaotLT1NBJMUdErotRuHHQRcBvgPzF_n2VrHYOQ6owgJWnmYz9Y8BKSE3WH9vWzUkWImSxOCDjxuxx8PNYMVpXRc-LMpZDh8vRD96izxsSSursYJel5ikc4lKvLjB9uMA0lISVw&dbm_d=AKAmf-CDgldu91C5fC_75uy4EPZdCXnzBUeGOAYSldES7ZpX_u_oabihoK_nfTumMjHHW8T8QXfk9RZbBBp1ZiHFnDQFKFBTukBO4qHkZf0WFtKvAxtPorQ626YsbJCFiiYj3JMq2ap2tAPEgRXlpSsAA4TUUUk4scPBY57jBSmpz43B0_k6e-ILOYDYxPDOSpXn9tocg96sVGvCn3cUQTSFH2VNJJt31xMaUl_93hcL7qQm2lxx0JCDZpDIyEmg0qPZhAT4lSMkgcAjstdpycWlMMK2v58II0FTqjGYjRE_uOaN2ZYwgZlpdpIolueOjZsBAChKy1epScvcI3tRgOR5TtWU5-I1PRrwDD2DoQTrAAfCuz4Fo37hkjFZWaRzvBcJU-BNjCvBABeYQ03WlL289zR_ve0qk3tPu9gl48UO25jnZtgKHNe1rnMh6rJaOs26h1Zn4enl9zmcfQAsfoInBPeZrHLH0kXWtc__umQ_OTL1WnSAWyuZ4EtseqGr9Y9fP8kdp2rhOz7bMOeixJiSni-89Fy7Th8rnsZ5HTkzQLeYsh3PAaWEfdgk1WXFNTGSp3QRlEchEbZQnaKsUUqYnjl2uCuYNHw9qJlTMvkMt_7XrYSemVJy4Xvrn9xcoFJkIunseYM54q0EUFosouiomRDN8db92OvXaEki3YRt3ohbmCjBpSD5Q28IymrQYgyxFhfiLupGa4cCbnWo7kEx-CipOyWZng4iPyCNVZ7D6yGmYXL5_tz7Y6TdGrU5V15B3InsymdfzxtduZx6HqT5qnBW4p0ggFy3hdz9A3VzgQq0xbIdNJt3K2b26S7YMz2O140U9KANSyx_fkoXRa0f7BAcnOuHKnP-04H0cqGUIivDsZOwwXFrSY1kn8Lf3z3gF6n6qjoF_3eTbmdi0uFcQ296BMgVvimL2krCxElszlKjWDACjkBV5Czk5J0-oGFH_j8XB-G_gxii-lnr1R1zWsGnNME3OytngeLbvv7Geltrq6iy7QxfEgjDmDlmhYKuDQo1_6OXSPP6k4lvMm0DORd7G-uf9vvKzc_RxmAEg416tIPXtGyvvzFLhbDc_MT5UsOM6Sec_qiqFcgJ1Vh6uJ9LQbQYiiyO1wxix3dppp0qf9YYSXNpX8iE_Q9bTCmlcmwqqNUzcPUV-uSbQJt8hXMWWPx4Js3tlJlPRShpaiWXXdkWyzNwzpLiRyXKo4w_GF5VFmrbE-a9te4TyYezxm47TsCX04rJn0hUH4cO-exz6H2fEPx4NfePBXNaTGfU45Glr8xCfcmfMok4OvnRLERVOLMtmmaNc9yPauepC7ra2hCOWFQIp4ae-gJGeifTb3JoKFhIDCrxV7DW56mvScWPnMSEnOvxKrud8NOClbQZt8NAfCmH2WMANS596r7ieRO3YR-v1sbrBE1uFY07OtBW9yqvvhIKr6pQJBpXuF9oCSlm3Z1CkfnSgRyiaPs69-sdIm_ufKZ7gBeuNU2imeynixFVZpCqsVclUn9bgkyFa6sSoalOtzHV5WjkcgX6i0k24dYCkoHzv5pvv64E4OfHffCZV3zdJix4PThLwlwxsdoh-9uQwIkAtGHurBqJB0W5vc9ciF9wd8SVo02KEC0mfO0nQvpqBLB5qUP1F6b-rXEvcQqZUZ-EG-A4kOHdAR1cTZP5XQT97xRG5F05n7i3pDCe64MRXYyUvvb8OwBl3_6aCd6d2jp5uNr8oyPQgww0Ul0nLtcH5S-n06RpWrr6lSFqxN8zjOPtT0e-IBMRQ5Hc0rmqfTZDkqeER2M90URHBopTAV5y6y3ramAwuqC27sDoPjeNILVWYwPhPvW-g5AeB9YdKOlRTMi1z_SShXaKwwlt7-CsyAuSbn8uh1z64wPlFR1nLNbpq-KALIrkprVUDMVsIjkxDp1sldmrf58qtfX-lFyJnemE3vVIfSt6jGUPzlP7JweJA0NTujJWEc0sURq7jqWHkRWH5VlHKNzoS2iRMhDEXNrhaNEc0gO8SLfRXgH3Tc6gU5oIpZNmO_pmhGjtidiP2Z5VOR9u1dTf0xnYVwNkIhsd8rh9oDkDk4hPtBwNKkSuJKe0siM5QvL_b6NPR2eoJJziPMgHzuy0eE1AguKuJSsiZBv2YOUV82fDUSLvVcKX-hFM-87Ii1ko3Yf3YaH7afh6S0O8YcWcQuK-ck7H5j23Qu8uMdsYRVkHbzPtiARki8Nfnu0lL-wAkUGZho7ZBq6_-dgzkNMzfv7aWnu7q3IswOWWy6GPqFRL2HDIa5wGWsnx5bRyem4M5sRuIl7NdNferYhjskR3tLFZsJgCfrTZRL46xkF2QYx5PqkUXwZTFt44zWJfNNGP35qX1zmMxnGZCudGuunSd1yP_OaL3pGQ6Qr4jRBkpJSqUKU9hhjtDKUl4wSd5UHl8nGwoXp5JP2Uf3LGkmMOgDl3I1eYPMwF5soNg7626ydahQVYZrrGdUa3fxr32b9YMju5Qqgy8vrIfXW5ATFZUaDShWFYpQWhWhec9O1LaZzPLTVUa_IRzuj5YdWzfIbgwDHEGZvRHBjD3oIRiAL6zA8JtzBBns6JEGkbSfH6kHYLWiFGfHVl9xynnbPsyLSg-CNaAGBDbkx5vBJiXKVweVtk3VNdcOwZL0peQDk55h_Uen4brNsEy7IJ-sC3ThpKYWzCCCQhkbbZYC-8IPuP67T-yv7pldJ3Io9BxAINiOsuYqz4QgbkJpg5u6ShfHGOd4ZIRtVqTGVk8yzy8rNIfLaAHVIO81k9M8SZuBKfunucjkYKatGrmIt7oICbWKYemYiUC8vUWQrJ0aU784O1dxAgtrsh7ChZxQpytJrZqWBmGZ7RQ1PgeXgLVdhf0tTXHSfyf4Usdjya8J4LTiw39-XMXxmSFp12Jnylmp3DCGlLO8onwXC643iRnXY2YJ70OyqFNBm7L8yIhNAKqwgJw9GvfMxckxuQF4LgGZos8CeUv_T1u500cfbJFO0nAsrO7yXoABil2d7QtrYtbVGlrGvr8x35a7uy55er28nZvGORAQ4-t6PbsgevhiBIiQeTZ93rxZNz6xtPGsbXM3hkrD6RIIKW_6nAW1LZe3zm62ms0iAyzFk7eS3gEwhqQJEmBq1eXP45HuLOAvq7qymMabZUpWrH_SztgMIRX5kM1Cj-AHiI-O3ImlJ_MafbTWht6NgyRwRwJSD7sszuqmIy9NNRp6HXSR-ZQnDyxGPOKZfUyqRzRYamDQAg5JEVMstFOr8SOQ3zFutefIKUK6fm1JJQvfgWNPblKN2cMlqQvlxKXYVEc3kmI_15adZMbm-arcmgcaQbOQowm4YHJwo_tr5kLhfrOxkNG-4jfFlfRK4o0hOLbkaptU5I9jiOmCGCuaA14eaytrMx6Ev5B0PgZS2NbECzVfAExFnixOWPNJRF5XlKq29gt0WTq9sMCrDh_akLZ7EvZ25sND4thKBO-OYHxa2CCB6kQzOMm9vKoXZBennF9afmC4Kg4V2XnwM-zxmcZNqqGAYwyq2fi79dymmbLh2A7syzQL_7YiN1yEVbXHx7XSNIH9DHLNKO-PmZkOTcS4WROYvXTg0dX5l2WvHSvqcaRkjU6YJoa889VMTkFXBTjjK9EZio1KVCmlDpYASUO0PE4JjTaA6vS9R5sUwFFiQLhp8tNxteTtUhj4dmIZuWmB10F-l9db3rOWrgI83X9pjgmmwAi_R7OhCObsJdNVMqFVTGqbdwIhFMBpL6fAiR5r3Gn6JDiwHRv-GEFUr2cKAP4MIg9PBSsjBY3CIHx3-PGDWkgfwG8Zkm2aFGT3PqjDcTC4Lh4dL7147NWrNCMfMwSNM8LLE5vzp8nTFXvb5ZMGsW6tIikviN7xsKkrqlUvskU1Frq9dC4EvVMbNs3VQIcMew7G_7UAI4TQx8kU5eYTwdh84pMxyyNJnJpV-SlFSydU_UihF59xkD0fS7QAxoVDPvF3V1BZhXawVr4tET4P3LjeBIlx3hjtAZr4FwqGAFwRejn0YkrZ-limLF7iuYO5OqJ0ip7oQJrOwm1wgxIonRkStNS_OltSfPU9nRdsP-5ipG7vfrINZf8mVd0JKNIbuEQlL3kYD4bBl6FGPH0WOfzZrjRHzT36AXzAJkceM1GqCS3TKsLaOfgZclkhBkg9oUUVtXhg5zjusVqRmn8AocoFDOOBj_awVwwroO-KRJs316V5qhUCBkv61HawF12izRm9XFU0wwda4TqnKoyyvT0T8Y9Xb4fE3QX5aknvB1XpOvjqgwTaoXiEBDRznSZQqDlayg5dqNJ2TIvkq-WcmqegH4A-nmj3nTX9EYS6_RLbWZn5_j3ShS0Al3-QLjZPvfMZ2sgopefu3HOJ-JZ8aXa9msOfk3ObTh1TXqd6xKXPg-T63cxRgCtEs&cid=CAASEuRoL7LaypUra0zYXIEONPqxug&xfc=https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjsucQ9RC3Z_tumgx7LefPMEuHL5dutjXlTHsPQE6Ln7OjcnDkMqlL6b6nJoYDH5AepM1hZUquFaHnQD2HLUazn2o_v_2rznRS-QfE6sbTAL2nFTd2Xd_Gzpz5zgZNoQKEERxMziE56iZJdUOwrnufRX5wMR0gHjGPJMaUULz_BSq4mMw3emMMg8Zn9_sob7DhRSuEHf3tuvp63Zx2y5X4RIDCKpG4mUA73aap3GNAMO_wkgIXUdsHkI9vZL1UzG80UF9alE__jD0_R_QqesnvTD_DwKptKp8Lg6Rxf4akfiT_EUDvcuzTCOXk3xdf1TUfUf6LXow_0ZBzdRDydc%26sig%3DCg0ArKJSzBrqAbxUHsKbEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&rfl=1%2Chttps%253A%252F%252Fwww.techradar.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:07:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:07:46 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 0263 22 KB
8 KB 16ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

5913491ab33dd1891820af7d900c22d50839b52cc5e6c7c8da2bfa405d2ba8b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:16:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8638
x-xss-protection: 0
server: cafe
etag: 15675381762197352129
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Jul 2021 11:16:40 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 930F 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Jun 2021 11:12:13 GMT
expires: Sat, 18 Jun 2022 11:12:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86805
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4750 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Jun 2021 11:12:13 GMT
expires: Sat, 18 Jun 2022 11:12:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86805
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1EE7 0
23 B 75ms
52ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A517 0
23 B 60ms
52ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 06B5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1

43 B
1014 B

45ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhikz8SrATAB&v=APEucNUPeZ7sY74KBN6QuT6zjFFv80dbg2v65GOy9fpmlsQ6YB-DNM3gYtycmFvBktDgX9DJXd-A7RV8yHEvb7hOmLn5_m0mp9Bwc_5ntm2QPGUdI1KSrcCL118c4EgqXgYpTg197Me0XZXfGtB8U2rbxemeRCsGCgCpWwyofWobEtBP9LQz8tg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 19 Jun 2021 11:18:59 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 06B5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YM3So.RXxROUWiLWGfuY5wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1&google_hm=2

43 B
894 B

16ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhikz8SrATAB&v=APEucNUPeZ7sY74KBN6QuT6zjFFv80dbg2v65GOy9fpmlsQ6YB-DNM3gYtycmFvBktDgX9DJXd-A7RV8yHEvb7hOmLn5_m0mp9Bwc_5ntm2QPGUdI1KSrcCL118c4EgqXgYpTg197Me0XZXfGtB8U2rbxemeRCsGCgCpWwyofWobEtBP9LQz8tg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 19 Jun 2021 11:18:59 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIDFsUvzrvygEfh7DWmg0Eo&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 06B5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKpNGpkvcuflU10NPfYrksg&google_cver=1

43 B
1 KB

41ms
14ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKpNGpkvcuflU10NPfYrksg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhikz8SrATAB&v=APEucNUPeZ7sY74KBN6QuT6zjFFv80dbg2v65GOy9fpmlsQ6YB-DNM3gYtycmFvBktDgX9DJXd-A7RV8yHEvb7hOmLn5_m0mp9Bwc_5ntm2QPGUdI1KSrcCL118c4EgqXgYpTg197Me0XZXfGtB8U2rbxemeRCsGCgCpWwyofWobEtBP9LQz8tg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:59 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.86:80
AN-X-Request-Uuid: e5966eb9-110b-40ba-a791-57e2e1f829ce
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKpNGpkvcuflU10NPfYrksg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 06B5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkzMzYwMjgzNjE5MjMxNjk2Mg%3D%3D

170 B
188 B

25ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkzMzYwMjgzNjE5MjMxNjk2Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:59 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.73:80
AN-X-Request-Uuid: e2e03eca-08fa-455d-8ebc-aa990e3141cb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkzMzYwMjgzNjE5MjMxNjk2Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D842
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1

43 B
180 B

24ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNVU1IAEN_cTCzg3zu864BAVsP-F1ihDqcKpuoPsNzQm8V24ADhCUtIQn9qDyzJ2pJAvB9f5A0pCSxkNDwbex7igDD2kkTjXbIC41kDxNuun_togX0SFnc41w0_QAwT3ZTvT3Vj8568tg199m7_3DhTETSH3ivWvUXi28sRAN7X_CzmJXT4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D842
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNVU1IAEN_cTCzg3zu864BAVsP-F1ihDqcKpuoPsNzQm8V24ADhCUtIQn9qDyzJ2pJAvB9f5A0pCSxkNDwbex7igDD2kkTjXbIC41kDxNuun_togX0SFnc41w0_QAwT3ZTvT3Vj8568tg199m7_3DhTETSH3ivWvUXi28sRAN7X_CzmJXT4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
server: OXGW/16.209.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame D842
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1

23 B
172 B

56ms
56ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNVU1IAEN_cTCzg3zu864BAVsP-F1ihDqcKpuoPsNzQm8V24ADhCUtIQn9qDyzJ2pJAvB9f5A0pCSxkNDwbex7igDD2kkTjXbIC41kDxNuun_togX0SFnc41w0_QAwT3ZTvT3Vj8568tg199m7_3DhTETSH3ivWvUXi28sRAN7X_CzmJXT4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 19 Jun 2021 11:18:59 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D842
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==
cache-control: max-age=0, no-cache, no-store
content-length: 197
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E1F9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1

43 B
106 B

24ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNX_5q8sfDy7uhxyjdmKxmvwFms1WjedXeYPbekouhu2-eXFIFAnleBL6Ngun7pOkz1qZ8lGZJBBBpxfEKCDBQ3oUPZIFDe801l9kuDTVqWkh7uF4nfb8eCE0UyS3bu8d8k1C499H8VaeLn8Q0tw7ZoO5ZQEQA4_vMNAUR333JXrQpPcoYM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIsOkTUr-TiaK93DO-MjeRs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E1F9
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1

170 B
188 B

41ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNX_5q8sfDy7uhxyjdmKxmvwFms1WjedXeYPbekouhu2-eXFIFAnleBL6Ngun7pOkz1qZ8lGZJBBBpxfEKCDBQ3oUPZIFDe801l9kuDTVqWkh7uF4nfb8eCE0UyS3bu8d8k1C499H8VaeLn8Q0tw7ZoO5ZQEQA4_vMNAUR333JXrQpPcoYM

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
server: OXGW/16.209.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg5ZTZmNDItM2Q3OC0yNzA2LWQ5OGEtNDBkN2MyMmE2YjM1
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame E1F9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1

23 B
172 B

47ms
46ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNX_5q8sfDy7uhxyjdmKxmvwFms1WjedXeYPbekouhu2-eXFIFAnleBL6Ngun7pOkz1qZ8lGZJBBBpxfEKCDBQ3oUPZIFDe801l9kuDTVqWkh7uF4nfb8eCE0UyS3bu8d8k1C499H8VaeLn8Q0tw7ZoO5ZQEQA4_vMNAUR333JXrQpPcoYM
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 19 Jun 2021 11:18:59 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESENxJYsppFcDBzKWEuXHv0CI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E1F9
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZTgwMDhmMzA3MmRlZmY0YWZmMzA0M2I4MjQ0YTBhM2UzZWU5OWNkYQ==
cache-control: max-age=0, no-cache, no-store
content-length: 197
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H2 200 main.gr.19.8.206.js Show response
static.adsafeprotected.com/ Frame 78D2 183 KB
58 KB 107ms
30ms Script
application/javascript 52.213.246.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.206.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=923193&campId=600x350&pubId=175633129&chanId=21792298605&placementId=5650696253&pubCreative=138344316664&pubOrder=2828023179&cb=120509958&adsafe_par&impId=&custom=&custom2=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.246.12 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: b176de534428b3b8d36fb821412c5075cc426bfb3fe282571bcd9f00f2c0b152

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 22:03:45 GMT
server: nginx/1.16.1
etag: W/"f4d80fb2c423b91d55077116728f6247"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 75A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1

43 B
548 B

41ms
17ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNWbr52GxX59ZfolpNn7qDqjTjb7ECCVFVHBmmSm4MDyif3rXH3IspXvtCUp47Fa8-hvK78g0o-AUaOecjc9UvXziE-rMVo6sifMINOLFk_l9jiNpaSXcxjigHTbyst2bb49UfgkZzy2f5iXwnZNsI066er758x_5otgShjs1GE2Asm36lM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 56
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 75A7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2

170 B
188 B

40ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMeYigEQu8ShAhjDra-sATAB&v=APEucNWbr52GxX59ZfolpNn7qDqjTjb7ECCVFVHBmmSm4MDyif3rXH3IspXvtCUp47Fa8-hvK78g0o-AUaOecjc9UvXziE-rMVo6sifMINOLFk_l9jiNpaSXcxjigHTbyst2bb49UfgkZzy2f5iXwnZNsI066er758x_5otgShjs1GE2Asm36lM

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 74
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 75A7 0
447 B 27ms
6ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:58 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4AE6 1 KB
749 B 17ms
16ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 18 Jun 2021 11:20:29 GMT
expires: Sat, 19 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 86309
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A517 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e131feeb38c4f82f2aefa729d8d9bc04eec12df163182a4ba854805daa80cd88

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3D8F 1 KB
749 B 16ms
14ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 18 Jun 2021 11:20:29 GMT
expires: Sat, 19 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 86310
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1EE7 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cb2e0e04c3dd1a8cf41139a13fd64aaf807208375a7b3f624efe99f141eee7f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 95CE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1

43 B
548 B

17ms
16ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNUZ1Gu4NNV8dv4UcDbXYJhd8ZL9G9D8jgg5yaiSeot0FFUOF-3Py93Yy-R9npub6H9y_KN-smMJ4cRocQLL7l4vATxqxEi07lJcB9zYSTvUTra-yFBL-4DMVAsc8qtVM58vltMIf-rdCuGcNZZhtRPs8pXy2t7OSchrcp48mJoEScoO_GA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 36
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEOGRTq3CO2TvOnL8VKtqOCA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 95CE
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNUZ1Gu4NNV8dv4UcDbXYJhd8ZL9G9D8jgg5yaiSeot0FFUOF-3Py93Yy-R9npub6H9y_KN-smMJ4cRocQLL7l4vATxqxEi07lJcB9zYSTvUTra-yFBL-4DMVAsc8qtVM58vltMIf-rdCuGcNZZhtRPs8pXy2t7OSchrcp48mJoEScoO_GA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjRhNzY2OTgtZDBmMC0xMWViLTg0Y2YtMTZhZTgyZDMwNDA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 5
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 95CE 0
293 B 8ms
6ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55946/ Frame 5A39
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEOaqyvg5cpWmrjPzpRLlPjw&_origin=1&google_cver=1
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEOaqyvg5cpWmrjPzpRLlPjw&_origin=1&google_cver=1&apid=UP24a6c645-d0f0-11eb-a177-06ee5e2b51a2

0
1 KB

11ms
11ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEOaqyvg5cpWmrjPzpRLlPjw&_origin=1&google_cver=1&apid=UP24a6c645-d0f0-11eb-a177-06ee5e2b51a2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIMDEMHR18ICGPrM9KwBMAE&v=APEucNX1qgZOcLHQ8snkEUwHrj3q9oxneOpRfKWqICxO_0hVfhDD0sJZrATv8n_AYRNAP6zHeOsDjf_HP0vcwzokr_EIkc1Hk0SzvAC8LsP7a0HJSuA3Kvpe8BHeVSzRXsS2gH9n9IzBISY57dZ_o1bYp45viYlLHE9Jpn4fB9e7IjltyA838fE

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.128 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: ATS/7.1.2.128
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEOaqyvg5cpWmrjPzpRLlPjw&_origin=1&google_cver=1&apid=UP24a6c645-d0f0-11eb-a177-06ee5e2b51a2
date: Sat, 19 Jun 2021 11:18:59 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A39
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP24a6c645-d0f0-11eb-a177-06ee5e2b51a2
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAyNGE2YzY0NS1kMGYwLTExZWItYTE3Ny0wNmVlNWUyYjUxYTI%3D

170 B
188 B

27ms
26ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAyNGE2YzY0NS1kMGYwLTExZWItYTE3Ny0wNmVlNWUyYjUxYTI%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAyNGE2YzY0NS1kMGYwLTExZWItYTE3Ny0wNmVlNWUyYjUxYTI%3D
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5A39
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1mYXk4c3A5RTJ1RzlacWNkN2UzeTJ0ZW8xYUhkLjFZYn5B

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1mYXk4c3A5RTJ1RzlacWNkN2UzeTJ0ZW8xYUhkLjFZYn5B

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1mYXk4c3A5RTJ1RzlacWNkN2UzeTJ0ZW8xYUhkLjFZYn5B
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 index.html Show response
s0.2mdn.net/9435156/1622642475895/ Frame 478A 16 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72766bdcbc667afaa318b08a68c4438a077a626f0f5e4906c26dcdfb4a5159f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 5481
date: Sat, 19 Jun 2021 11:18:59 GMT
expires: Sun, 20 Jun 2021 11:18:59 GMT
cache-control: public, max-age=86400
last-modified: Wed, 02 Jun 2021 14:01:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame B999 0
24 B 54ms
53ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFG-Pdc6nk-LNB4QtDp4Td-JiwZMTp1LqRCi0xg37zxr5pVa9nAT2SeBq5nOBWFEWxgEEQgg0LPI4f6MdsqPZGdMFGQ74rAZQ3N017VYsJXg_EkMblTIK5IDo9KFIzSTu6Vg7NGMQr2k-q8Hi06knVC6vr0oiprhfv2KZ1WfUCPw7I4afTATagQR_IOyi3MLwhvLb57K0qRfiALH5LVydXU1TBiGeSgXzNq6TumBhnzZ9LguDSrMVWaByGcQ6jy_O915N5VW8uiNJUc47cI7cpGRY2Uab0cGH9GGgmOEe_2RXeBcXRnrEdZkwp1kg5dPcE8imwhMHSMRLO-uubRHwcVEOQg12-XmiJS9XD8pnNhB3RHB0ekrO52RXxb9OA6DlP396SIx5Sc9Ch6YI1P_0luTeEL2OL6oV8ppcBBBdh9Lpm_OHZ9kFxNCF5eclmZjIEBdTd9f_mqLHTGDAd4OdpWo_Ah7tQESzaaio-pXsJb32FUF1xjb52-4VHx3IYdUNYIRBXWCY5el9bEOD76O_ZLDfiAwunS4uevsTctp8Pig4ANgcQW4OQR_xIctwQ9OrkGTztqaMrcF1o5iBGWj_MVGfM2fXdyR6Fjr47tB_ii_8E40tnuq7viDLAhUNEVanG1YPB4r95ZpaGQfSSESSul9ZZCYCbp1nScaqhJxgXJEXgCh0c8IPzhejPENESiFanFEetjSDbGLAIADpL8FlWeHCRsAvelSiAj7LsUIuRnTW8H_tlCTc4hRjOwztbm-CFwlvZ364vUK0-buCHcO8V1shQFO5uig-ztbv9Oy2voVpP6LMO-aPfpzYTkfUAFczNCG4TFIpxTL_Tl0m6INoAqKD6ztM96chWJ1_-YpGZ5MvAghUVeUpAVNWHpCT9Ww6qyy7r2CStd1AwRpEI1duVV72-TB0WhMsZZMnhWmbLZC5SnU2XU_VgUfuWyVxb0g_7wLsycFgIw94Yg048xamYZsw5UTCcCLqSWFOIIvx66G0eixdAw8zuYm6Sv-be3feUxOOO2NVDGrCR76f_vp9NNi0Un7SLnJ8l410wiH_APVyNMHWEw78pP8qCYKIni5ZRVUED1x52_NbvRqT_JSwekMql9uhzH1Fpj122kmTUBhH9fotA5n4vl3gdbvmq1ppxWIZ8yUZSv86FNswpJsolXNaS2JYFI6CsOdnlTs_mMo7cfgRq2wM0wJ8gJf9fkRnv78ykPORAdblhoy9GbFfOopL2g3hhYEPsZ4OhXCP50LUc6o4TZyT5ipv5ZFOAPW1a6nOhLc6yc_rMR7Rx3fH6hwgcX8UKF4K2481pCIYQFUOqcYVTSFKF2gewXiNXwMxLqs4gsbhQRY1xzK3MxxQuForeBi2ZZbuGqPjHsuvsVq-4S1oSmgtqi1lpZgRx6du0kiv29Qp-C0ziDG5iEfAUiRCdNxeAq4YuTLcmy1yhleqxV8P5vryWUlnvRLFP2gxEMHOrfRn4Cu0-FOWZ2kGi7154Y46HXiDyDYQSDjWTdOCujhxI3JlNMAkxzVeJ6cTKmFw5WhyqXIk4M6nGHr6bgGkF-ccC&sai=AMfl-YQ6J7Jz82uyVxNtnb_cd0fcDp7soNuAmJFpfxq-6uA6XbUL-jzYfI470DtOkHW_ALz9RfVO2yOrRqiIT91xu1p0fbKMaQzg2MAhurN4ldOw9Rx62WQXSCaMHG9JbNz-dryEzyGIUjYW8zWmpk8Vkk4PgMDHayimq2OamCpKB-ghEG3qdOwM4bnOtRKwhQq-qbE0CWzIC81jpEDjLfYkAiqNShfBYS0yEBiDkpklNcT9yaDOuwbHOrzEE7mV55RxB8nuP5hnJ3NpL5eB8OIYEUtVi9y94Km-&sig=Cg0ArKJSzP9Zecww2G71EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=189&cbvp=1&cstd=183&cisv=r20210616.83952&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Jun 2021 11:18:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/9435156/1622642574673/ Frame FCD4 16 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a7b2074a4f6e9742910ffa5e1ed7bffe31770ec68f8b9a1cb4d5b2dba06d197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 5503
date: Sat, 19 Jun 2021 11:18:59 GMT
expires: Sun, 20 Jun 2021 11:18:59 GMT
cache-control: public, max-age=86400
last-modified: Wed, 02 Jun 2021 14:02:54 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4665 0
24 B 53ms
53ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst6E2SLVDhrddGBE0IS-UuN75qqW6h9EwXNYtjAcoomgwYA3v20tU6v0SgkXMLQRgdqDzvdwwN-cyPyu_jvb1HDEOs5NgTybo-Bio3Q2J3jGPjYT-X3dlu3GtqWZwUPQybKyFkEpnOhUhVzInzT_kWv4rZwb0X3Fo9iAAY1m9gOVAI4rXX1lAnf-CzKZ9eC2maAHUbnDOclATsVAz0vK-7vVLrJ1DNl1kFZIHSQG9ctH7UjR2N39milKcmKmJBWkXTG1WG5ayGrxuHLtR3z4NdBXSNj2E0gXB3KLyW50MqDv8gwXpL5nUHn-tC8W1mNaExVONz2z20yjZ24f8oGs3kgc8x00wUvts57ZI8HOagroTnLS4oAjpBsIb1aiwImGi-sG1n-z7sn4Eoxfz0VyyFfVNOdaC04FSp2RaHx3hIgQDUMxPvk49xMgI5VTCCYXmYQ2EbCVsXe2tUQpsRQjjamAj8etrXn3n0d9NGKdFgiUfeZOkSKTyzI3JhzUyvmhXR7wPF8MUoRwCz6RsnuWNCf40YoZf-kGump7CcoeuoWEvDTnQonIFoZ1UeY8BxQ8Q0hr7OsOO0ZozPCGrpOceP0XTfsw_iWlahqp86oOsSIbVVmQW0b2SqSIZbu0NCV_x7ukpQ4GSefkY1udHtFDEGzA7DarftcAJulOYdBWZwn4so6VOT5vNE38Qlhv2ePem0c_1eyiJH19a68kDq2QZwaeT_g-D60x4rc6UuCBY5ar6sCjLziwUwLMAOYNQXP2QxxOdisCcuMl-UwFOF7tjw-_uo0Iw9PGj3bcxlSYlMRwUapnbPsI67G7uzv7IC4rqief4KoAwLP5-rbyV26Xo6VvpqwAY4hH5r36IG0GtRw6VWY2ubK9-M9lVby8grl3y_Z1jQb2poENCr-8YDnZM4T-k4bBAJBZA40Yd2X8__1X4BEn1gEuIGmN8iSUu6lACBE_p-qp3x1bWkH_DlcHHEf57lXmPeZ9wQcPUozNUK5qaF6MKicg4DzGKtiwRc46Q_Ogv7cxYKXhOenS_MsSaeExpZmYq20Y-suz9NkxUxJrg-FWaqcL_v-r_JMC7qgPmVukfK_LIyLUb_YnFQoorTM7apoD48_cZDgH_iJ9rBc6BFd0v0HI0m3pofcp8zqoLKPjmpnjXo2OT5VIGDPn9w9dAvF1AERmqW7rgxIyRGE6hME6xl0R7qo_fDfcK1VerVUkmK8Nfu-oHw9NW-QFGw0vsEjVEcEdfvMV-j6yxdEsFLMJMKP5g0_9hEqTMyUTGO-ulEDlQLtrMRpgBH6hyemVm-U-EvBPz-li7FMSXSoKfsONXs03cBGgzvDO_lK35iT0TeEEPVB6ec6QtsUYaEt2ztWPD-I-07sn9CBI-qTdNggE7mBQhZEixVglowVIKPjmer5Pes-xDmBlDJgxmdHPWhWHgZzqs5TejiADOok7bdc01I-qHXjmsEyIhitUK1OsDLsnkzBj6z-q0DS6gmgDIJkRvs7QYHBSOVkUNnOlxGVrYfLAsY__7keVXiDmf8uN3UiE5NHeEh_WAqBKNPtVDK4YJjS&sai=AMfl-YTwIX0BIuPMeDwwIA8EcaIz-Xjx5Yz9UfjFYUzkFZ7gQs9GOtl-_GWOQk-Xl0iIdA4v3toWQ5lm8oTHCCUIxP7XkWs3OC_fh5Od5QzZ_Jxll1CYuGhwAbX1WwkvFI_6vXs6Y2sQvMSeCt-1n6wzWTSCYhENdL7MqCduGlIK5ai7c6pOnxlTAGvHHg-S-LUTRJ64ncL0UAnEV0oZpba8kiZy9R87UPqitHJEHUzEYazlrS6Q3oJtfQpnY6LEt1DJKcbweW3XslwUJOuKCkRo96b1qLlJWYgQ&sig=Cg0ArKJSzDPfMpDWmlLOEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=192&cbvp=1&cstd=188&cisv=r20210616.33308&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Jun 2021 11:18:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/9435156/1622642475895/ Frame 3041 16 KB
5 KB 14ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72766bdcbc667afaa318b08a68c4438a077a626f0f5e4906c26dcdfb4a5159f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 5481
date: Sat, 19 Jun 2021 11:18:59 GMT
expires: Sun, 20 Jun 2021 11:18:59 GMT
cache-control: public, max-age=86400
last-modified: Wed, 02 Jun 2021 14:01:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1CD5 0
24 B 55ms
54ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJ-LAn3k7QPHA3TNl0fToYYo4qATAouzidX3yv5xIVf5BiLDv6F-FKuBH_NTA4HjTaAja1Izb2VBuxSVrXwbiAVewfa8SvR5sno-GGxCH1GIUUgyJ4d2ERWnu2RJU7QKaZuMcfWmZ0zeWPhSz07nXWICB2RqN-9v9hfGL3oTz8LNZIqVQhFEAoT9_G1Vivbf5sZT85IvsxXaA7rr7CVT5HATPiBUDOVpS9nRvH4KVLzkfY0Vf028eM_1ZwBWS32DV6iauFOySEJRfcj8OxRPP3j51uD_of9C-BiuZrhGgIQNtjRTuqun6TSt5lNG-YKQKLGjo3uNrdYlSu1RCTDc1E7IQwhM43nLAMFc_DKLpI5vadImZKr3eyFBXlrv0uW_1azR10fLCiyHtCqLgzD3nTGavvVHhvIbUIIrmRYvZXJJAEx_wDvVVTt9hZbdv2UMvIHuHfr035ELte4WwyZxuHQTv8Z7AbDbcU0py00Twy4sWP3kI5wgxMOx3M-fE-fK9WY-PMomsx7nsRTpCmQjVBbyd92dDpYMAy9DYrc9f18gD9VHj0obKkNp6bznN_QrICC8Bef_mwfrZ9yGtfMoGDY_lHP3dVvSM_hs-OaFmejqlL4Eq6fs522Y2lZDELlGu1MCzuf0DHu1K2fEdzN8JeQY-DAvTloyigHIXAn4GcrZd_bIJVTIuWclK6btaFFcBCshSqiRFK8bLeyvJjUTE59dVlsNP8n-CaFS7Hi0ujXMP9bBG396gg18d6sJBhx8fkef7nLCQzk9m8v5fYxgRVGFl8bGCU3sy2tYI2YNfhzUG-d5tzP38i5GHa0PvP4W5HgyeLuaUN_oYTU3xeN6I4SiUj-wTMbsXJ3pj7ZhUlM32H-JSdrPCNf2DLtYnWqy_dSYsPLIJ_EP9_zv1h1p9mHY1zQduwiv8ZiY3JPRqObVBHGEadDz9z6qWlcAFs_ALGyk5K34u_YYjtl3h_QJRPjo-EZK7p3HAqP05A1Z-q5fIIWXIkFrri_foOHyIjFiaOr9H6IAy5xJHhr-RYZnQw0eK12lU8mRoKuoPQh_UTJJ7JMI8fszLyD6XxmM3y0J3scUA0GyyEOmFIsLNFtc_vWPSW7TqT1pd8aN67gLT6Z5wX00BVHIHMpc6PXrlM09DBP-QRYDRClLp9khbByhq1xiSWFP9riYFEz6DGZX1d5sQMG8gl7SBCbpalqCDRWeZYdk01Dq1h98x0Gi4J0UGRU19vLhlYhhi-K_6Ib1hdd_YDpqilc6bYWHfWUJjsbnbvoIHALUBf4vLcr_tbT1Pz3cr2Wg26KE6ahqbTGh9PJ3MFTB-g79C4vOL_kPpn393A-w9zTat3QkNpIxTA-cwVlwXod7iv06YcTHl0e1Si4YBVQJOZXge3_YbwR-bG8shWu82ahp8t1YkIH99pHFziRFmEJgaGI8T_2qcxHQen4HiSx5VNp3qVhtcLUWL13ghHKMoBERteLxgi8fGLO3DSL3OMrdHf0zYqMC-2roHC8ToQgwNq66RIBMJz5Gugbjm_eVsxrp3AkSNtjffAS6xHRg&sai=AMfl-YS_ZZxXLPsL2wAXbG9HzKjSoenTi1DWECi6aEYdX_BOGMx4IgOaof_t9_gjqYpJFJAQAm4LJzM95rbBBA5UN4DD0fzXPjsv5sfRZI9msXp7skotwjUt5oC1-jyv_z-zZGUO5Dqx0GpvN7vEPOdP0PI-k3whVy5BDztWwgkBN7kRbaPuqaEguw9aL1nNzVtFPVlyLhF-oGFmRaHnU41tMPx9D2fxXPJUH7pua9MskEr12KoeHZGvlwopMba4MN3pFHPKKWvn6R4qjqULGxIiFTNX8LkecFZN&sig=Cg0ArKJSzAwWKJo1fs4ZEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=207&cbvp=1&cstd=203&cisv=r20210616.18304&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Jun 2021 11:18:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B999 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 02:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 02:29:46 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 10FA 1 KB
749 B 15ms
14ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 18 Jun 2021 11:20:29 GMT
expires: Sat, 19 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 86310
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame B999 0
0 42ms
41ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQS27abAF3igHMC9yphTLCcjjxb1LjohC7G5GhACUHnkx0bLeD54S0GRhq4S3fG2-eTkjTezwomcGOPzJdVLN0wI5rMYpilPrg5BsHRbsYHEmlm5OelZEf99cXPOLTEwknrU9FgsDuQA35IV1tv6OBpquNM9ciHooa-PERW6UgOMG1TRgSGHQXuBB4VEaOYwixPXfRIF99zFg-RjnitkQxhzw0b0cW7cqD1TlOED-ohSzAVo4UFJV1cpGyWS8PofMCrdJavQPnVu_m8Ip5rDqKuRqwYcRMQMxHYVuDSYxo8WcomwuyP4Fju63n566yLuR0tDSNvSCjwcpgZcDScdhNtA&sig=Cg0ArKJSzCCCMG9-un62EAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
DATA 200
OK truncated
/ Frame B999 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7ff1f3f68d442cbfed7a7078d0f273b1d79e5bd5c38ded3d1ea29fee847f7e0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4665 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 02:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 02:29:46 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5B10 1 KB
749 B 15ms
14ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 18 Jun 2021 11:20:29 GMT
expires: Sat, 19 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 86310
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4665 0
0 56ms
56ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss3AbsUOT7eHaKsWYOp3RCH-badkK7ibWCKmXmPvFc4l4WfOkZcr5jP3ROrqrYaEX7bpLXX_NIBx8YYgR2efhDSN-V7RtpBMMDH97OEwmA021_5V6J7rRrbkGZhJt8jVQJ0YRJ9xWlT5Cnov8Qe7BuEPPl2nP1KTRe09itHKR2W9KDCv-fAkRjtJ66u_zIV1A45QFeLWkzflDUVDvmnykcUTJm-VusM0AxzBAfwvPpW3L5bjNnrknVFSK7Eg6OSmhfY2thcjyLZYjQ47zp0M_mJR5AugE5D8fL37Uga7SqD_Y1D97t9ygbtYoRmqsgQyv658egm0rG7zMEugEALtxn3uA&sig=Cg0ArKJSzDNhcU9lqQuOEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
DATA 200
OK truncated
/ Frame 4665 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a90aaae188d09a4332ae42195cf1ae89071f0d8f65d72fb5db5dfff6e85e2162

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/9435156/1622642475895/ Frame 1216 16 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72766bdcbc667afaa318b08a68c4438a077a626f0f5e4906c26dcdfb4a5159f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 5481
date: Sat, 19 Jun 2021 11:18:59 GMT
expires: Sun, 20 Jun 2021 11:18:59 GMT
cache-control: public, max-age=86400
last-modified: Wed, 02 Jun 2021 14:01:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0263 0
24 B 54ms
54ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstMs0Yn5iu3__4JK7MWXRy6L8dsef_Icrh7q9r8HcPQ0VJbZhYUz-tR53MgSc-K49YLSJa-IS2zW2vwKKdtUAG3FGXJtlyCB5pbOCjhkPEhG7lP9TyKuy-S5QAqxak230hPuX8JegOmGV4U_pZuyZsDYxG27Hi26JRJEWALuZxR6bTHdHdHmFnkIc6x4tHjTwMnAS3UE7VVsOmRn8nPT1OL_0pXlB6YzC5xqgg6TpWjUR7F8kMV06av4ZtoiQtRTMxd7kreGoaQIpRlKRK_6chSD9HnFJXlJ7RkGAo0v-HxxL-6d6xfnP72I6piV4u-b1_1KQVClte8xTKa9Cc0v2R3PD-ltlfWUJw8vnzvhqmxYTs-lUOnh6lW_u3Lb5EoNA9sDSz9mAQFMwKfkiqDcnjuJVCqlWXgkqSOv22jHSkj27blhLuIr13fS0zADNA-PkVUU-oIRTblZ66OCuTG_9qgFTx8YMm61_vzSzvi6YMfbX_pqwtHxlaMvuYCJqcfZcjPp9RzRp7ksL4hGRHLBHh5xhTasOy4Wc6eNDCtfkd2t9xBWMEDr9oRbaC1ouwWfh4brBYIcfRqbu7rQEfzt2WdqGDgfy943lh1ntPLcc2S32a6T77yhzNr6CIRujBZ8t1JaZAJj-WEJzgpZ-2yCzUCz9qqMhDeLzSNChSQQv_44pA_vZJaAMv_6G5VMx42vbEZU4xrgNRgRrhygOJ7SYA6drFGRw5Rzrq8FI1_hCQ4m3D8pJ7pOsvzAtltO7QnJBCVcBmzybUv_msXJ4mofEuVVMC7wf55s1LFnVwxjZFwUCP7ewBCdf9NHk1UzQ6IVMsKQvSM87BPx5Bp1CS2F7n-dnspUMCSD5JriGPevfZN0NmIWV3Yc7E8l4HErjBLWDNWVgdVL7ie1UObT0bn0SWFz4Spct6upPu1kyEEZdW6hFNHXpjxL30yZxtL6NMTI0awmtNf-TszX_TSbfvs-48LooURfFfE_hjyauzcOsryWxA9r2Hc2xKT1kgyQVgPduginIp8wh9ks9WyX0g-qdSxEvtr1cXySKq9G6vfg3uc1wZqviwxEYGewvKnvUg4zFnGu-bnWq8y6J6CHSLAscBLrNlgttjVuLVD55ZvEEdKMSSYf3rMOmPundsh6DAhqlhQ8KQPiqB1M4l0tbh7KwjnmOCnhILHx35ozR9r79GhS31hUHsdpWjMLWtrrOGLjl9MM2d3EdMixGhcL_M5J5jJkU1IOHHyD1O8RveWBtU66vNDYfv0NejU31Ed1QXGJtERGAOzRMOY0BSKorD1DIvjfSDIRljAXQGRO7V4a8szuzL90FiMwTtrq9hFW4kg0bQMlGPj5vql7FEyg4NVarMzlk2KKCUMedltHdmMXH_4GTlBsY2h3DxcYu98I7MacBoyWDjc1qfkNs4xf_YtXXtvGHOJOKHb-RpCcSO3dKmmoH_xCq6TwUTJpl-HlGzONj7GoG6fVNlhowuLxS-p-D1n3ZW4Y_wSketNjoQxdyYYY0QTibVNNJNKPjT1i5PG_E9Ac351W7zgSjSPYcRQyKrrzA&sai=AMfl-YTWbQvFtnN1pPoHeE_rWOuEBAnvD2r9Pf5UYWl5yxxpE2p7Vnx4-ZOpyRodwDXigOfy0uCrRSM4qSZNbJcDiBvjxfaWY5kZ88v0cc98EUJy0cevNmn0uU2mmBBU4uUT8bxkr2a3jgQtCRCVm1o7H1jJZ-D-noXn2NWB5J8Ix3of7m_0NepCaPFnT_tTqA5cgRz-mkEhn6BfPtAMLDzk5qF_S3vBJO_oVSH6_T8Gj88IFMlSTC3-EC0tMASKKVX8xRFHOGKSaMZnr-Kb3OkiyNG5_JXvjc6A&sig=Cg0ArKJSzAwFTce8o8kbEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=230&cbvp=1&cstd=226&cisv=r20210616.34495&adurl=

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Jun 2021 11:18:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1CD5 41 KB
15 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 02:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 02:29:46 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CBEE 1 KB
749 B 28ms
28ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 18 Jun 2021 11:20:29 GMT
expires: Sat, 19 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 86310
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1CD5 0
0 47ms
43ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssV1KRZZXXjmyrNbEckj-748uB2x210a5-Kxye5o69We1eqBzmPzlHK09LVr79GquUWJVcbJDDBmK_3woKKs0CFEnVVU3JKoL2abyx0_nQxY4OCCAJdA5CFoGp5fZcM87Lue54KhWAX3RlShBllVq871bkbUwGas4I1KiQu-04t-fvUDQ-3DSjbhm15vE7RvlkIdpgdfxpZfDxmcOLBVvvGOHo4GVDPBo-6z8FdU8kcC_ZXwHVE0J4p2ASmHY7I_KzIQrSZYJo0Tt2VdhczMqmHt_sbCcBTkZR1fmux__-v5WqJadQfleOD_QW8pH_EcjcgtYUi0MkFrFCln9w1ZH4HGw&sig=Cg0ArKJSzMM_bTlZ_HCEEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
DATA 200
OK truncated
/ Frame 1CD5 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9ea51e6a1e73d647d660816accb37152b01f7aa01236c442021693ed79a64e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0263 41 KB
15 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 02:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31753
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 02:29:46 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A089 1 KB
749 B 15ms
14ms Document
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 18 Jun 2021 11:20:29 GMT
expires: Sat, 19 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 86310
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0263 0
0 46ms
45ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuKy2Lb4QoQNwq0ij8wiu2-GCinFNrmDlc6ICnp2YxUyfSn5V4hvpLhahGk8uiuZiOxUOcr4XozzXsBrDc7SmJX-fvnBG4lInv2GdFDeHgR4n3b5UdnV942awc37x19b4WdaeUte7AaZ_bbuqCrVcxmrGRLWG0hn1VoV9Vj0ck3vbapK6HobKK6cGCREOvexGTnG2sUIC6_CQDxrVrbZj_JVjbozNsUhnUDJTxbI-lEwU6ZbPgZ_dLavVBYdDMwICMQm3sL1jhaPWqmLUifmdVkt5XKRZjSJ5YonLSEaSkwRtWDrUZmTpRj7N-eGToieigYvufBY_kXYRuH8YjYERcUug&sig=Cg0ArKJSzIoPjsV0TPIIEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
DATA 200
OK truncated
/ Frame 0263 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d4887cf9b1f61cd538c45a6c3a7706d3c540d40c881ea1e12b3a52ceb4e270c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 61E1 22 KB
8 KB 9ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Jun 2021 11:12:13 GMT
expires: Sat, 18 Jun 2022 11:12:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F18D 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Jun 2021 11:12:13 GMT
expires: Sat, 18 Jun 2022 11:12:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 18F0 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Jun 2021 11:12:13 GMT
expires: Sat, 18 Jun 2022 11:12:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 _preloader.gif
s0.2mdn.net/9435156/1622642475895/ Frame 478A 8 KB
8 KB 9ms
8ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642475895/_preloader.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7be1cbac7f3e77c7aaf3be35723f1c1d0b328b464fbc7ec33d0fec1ba693616c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 15:34:56 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
age: 71043
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7745
x-xss-protection: 0
expires: Sat, 19 Jun 2021 15:34:56 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 478A 110 KB
38 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 478A 105 KB
35 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 478A 236 KB
63 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/9435156/1622642475895/ Frame 478A 147 KB
23 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642475895/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85da858da197bc034ddd6a90ba04a4e1b9d61392aa8dd4ae322d26b02107b53d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 17:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65304
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23657
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 19 Jun 2021 17:10:35 GMT

GET
H3-29 200 _preloader.gif
s0.2mdn.net/9435156/1622642574673/ Frame FCD4 8 KB
8 KB 35ms
14ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642574673/_preloader.gif?1621442087588

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7be1cbac7f3e77c7aaf3be35723f1c1d0b328b464fbc7ec33d0fec1ba693616c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:43:18 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:02:54 GMT
server: sffe
age: 74141
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7745
x-xss-protection: 0
expires: Sat, 19 Jun 2021 14:43:18 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame FCD4 110 KB
38 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame FCD4 105 KB
35 KB 20ms
16ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame FCD4 236 KB
63 KB 22ms
18ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/9435156/1622642574673/ Frame FCD4 150 KB
23 KB 18ms
8ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642574673/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b527f4bc5d184c82877a9ec68c04dfd8bf60588733ada0b669d9711ca11b23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 12:25:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82391
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23895
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 14:02:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 19 Jun 2021 12:25:48 GMT

GET
H3-29 200 _preloader.gif
s0.2mdn.net/9435156/1622642475895/ Frame 3041 8 KB
8 KB 14ms
10ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642475895/_preloader.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7be1cbac7f3e77c7aaf3be35723f1c1d0b328b464fbc7ec33d0fec1ba693616c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 15:34:56 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
age: 71043
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7745
x-xss-protection: 0
expires: Sat, 19 Jun 2021 15:34:56 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 3041 110 KB
38 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3041 105 KB
35 KB 24ms
19ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3041 236 KB
63 KB 27ms
22ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/9435156/1622642475895/ Frame 3041 147 KB
23 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642475895/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85da858da197bc034ddd6a90ba04a4e1b9d61392aa8dd4ae322d26b02107b53d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 17:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65304
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23657
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 19 Jun 2021 17:10:35 GMT

GET
H3-29 200 RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js Show response
pagead2.googlesyndication.com/bg/ Frame 930F 14 KB
6 KB 32ms
15ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 01:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5759
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 01:41:45 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 78B0 22 KB
8 KB 16ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Jun 2021 11:12:13 GMT
expires: Sat, 18 Jun 2022 11:12:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 86806
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js Show response
pagead2.googlesyndication.com/bg/ Frame 4750 14 KB
6 KB 31ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 01:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5759
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 01:41:45 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AE6
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJAlpP_hthf1_NMaQQSOZF5dBj-gfth9uNpXSJ1ZcQH0Xh1VEzpKW...

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJAlpP_hthf1_NMaQQSOZF5dBj-gfth9uNpXSJ1ZcQH0Xh1VEzpKWg-zM_mUloE9CXbJxCx5eMIaovKX9tuS2jgYvmZM-k

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1624101539.380282,VS0,VE97
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJAlpP_hthf1_NMaQQSOZF5dBj-gfth9uNpXSJ1ZcQH0Xh1VEzpKWg-zM_mUloE9CXbJxCx5eMIaovKX9tuS2jgYvmZM-k
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AE6
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEdpkNsiYfDOTjEpZKsCG4Q&google_cver=1&google_push=AYg5qPLDoqeDN1Z_oGl0A_1gYGlpLBIz6WXmlnVknIdxt8NpTrixT40QzJyy_xt-y6F8OOpRwUUYKs-GTsV...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLDoqeDN1Z_oGl0A_1gYGlpLBIz6WXmlnVknIdxt8NpTrixT40QzJyy_xt-y6F8OOpRwUUYKs-GTsV1TqJfI7rD2YN5q1g&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk

170 B
188 B

27ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLDoqeDN1Z_oGl0A_1gYGlpLBIz6WXmlnVknIdxt8NpTrixT40QzJyy_xt-y6F8OOpRwUUYKs-GTsV1TqJfI7rD2YN5q1g&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLDoqeDN1Z_oGl0A_1gYGlpLBIz6WXmlnVknIdxt8NpTrixT40QzJyy_xt-y6F8OOpRwUUYKs-GTsV1TqJfI7rD2YN5q1g&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AE6
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEO_RsQoaPr47IpjcEQvZ4LM&google_cver=1&google_push=AYg5qPKWi6Le97ioFLybQOEErtTPdNYzH3XcwliPKJ78qKaZk4nQxHYvVumM5_MZnfEdU18ofALVKOaJsiUoJGHg...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=cUaN8SMeSWaAM96O8hivIQ2&google_push=AYg5qPKWi6Le97ioFLybQOEErtTPdNYzH3XcwliPKJ78qKaZk4nQxHYvVumM5_MZnfEdU18ofALVKOaJsiUoJGHgOOeyOw6JNqE

170 B
188 B

26ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=cUaN8SMeSWaAM96O8hivIQ2&google_push=AYg5qPKWi6Le97ioFLybQOEErtTPdNYzH3XcwliPKJ78qKaZk4nQxHYvVumM5_MZnfEdU18ofALVKOaJsiUoJGHgOOeyOw6JNqE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=cUaN8SMeSWaAM96O8hivIQ2&google_push=AYg5qPKWi6Le97ioFLybQOEErtTPdNYzH3XcwliPKJ78qKaZk4nQxHYvVumM5_MZnfEdU18ofALVKOaJsiUoJGHgOOeyOw6JNqE
x-host: tde-deliveryengine-production-84b97f78fc-xcl46
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AE6
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIvGYVRgugJ0PUll5KiVzmM&google_cver=1&google_push=AYg5qPInYcpLT5uq1WGCk5vgd6nAh36FcHLCPTAs8AJxlPKAU5XAYmXqHJHIaL8LyZmHii6lZXabWbbB1s1n7zblaunN83ffh_E
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPInYcpLT5uq1WGCk5vgd6nAh36FcHLCPTAs8AJxlPKAU5XAYmXqHJHIaL8LyZmHii6lZXabWbbB1s1n7zblaunN83ffh_E&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPInYcpLT5uq1WGCk5vgd6nAh36FcHLCPTAs8AJxlPKAU5XAYmXqHJHIaL8LyZmHii6lZXabWbbB1s1n7zblaunN83ffh_E&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPInYcpLT5uq1WGCk5vgd6nAh36FcHLCPTAs8AJxlPKAU5XAYmXqHJHIaL8LyZmHii6lZXabWbbB1s1n7zblaunN83ffh_E&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 3i82nt68ab45damslh5n1vhqjflori3p

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AE6
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLVL77stMCv_RUIbbT19oUVwom7RUlU3ssORjfKRhmsHzLzUVGJQ33Iu6UWvl2lbwjwS9te_Q8Db44fwdbIFAbJe7yhrk4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLVL77stMCv_RUIbbT19oUVwom7RUlU3ssORjfKRhmsHzLzUVGJQ33Iu6UWvl2lbwjwS9te_Q8Db44fwdbIFAbJe7yhrk4
date: Sat, 19 Jun 2021 11:18:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4AE6
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELbYp0N-U9WnZSjM3Vw23Ac&google_cver=1&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFW...

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPLcpd0vi2eskUXYQJoRd9gw0XRZQ-gkDl99OTrwDqTAn6fmzPXOODFWrIsX6VUXZDNAsq5R6qHcwRfEcZqpZayWwk1kE_4
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 4AE6 43 B
63 B 28ms
14ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEGhtGFUzeHCrhj4yvIVBRss&google_cver=1&google_push=AYg5qPLmMxF6AV7TnF1NGNTvIF_Q9ZFMSDsCrjEW2iUgiA4c4X8zgeqkRvIvKv4uOafgo-V9siw4ktySAmlNSe8vNt-SDbOmoycF

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 20 Jun 2021 11:18:59 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 4AE6 0
14 B 40ms
22ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LQJbQ_e-9A78WdPLww10JiYHUIQA9-a_2heQq96JIWrzei9vtKnBskC5H8tIfapoW1iKB-dA

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 _preloader.gif
s0.2mdn.net/9435156/1622642475895/ Frame 1216 8 KB
8 KB 19ms
14ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642475895/_preloader.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7be1cbac7f3e77c7aaf3be35723f1c1d0b328b464fbc7ec33d0fec1ba693616c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 15:34:56 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
age: 71043
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7745
x-xss-protection: 0
expires: Sat, 19 Jun 2021 15:34:56 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 1216 110 KB
38 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 14:57:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 14:57:32 GMT

GET
H3-29 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1216 105 KB
35 KB 20ms
16ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1216 236 KB
63 KB 22ms
18ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 index.js Show response
s0.2mdn.net/9435156/1622642475895/ Frame 1216 147 KB
23 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9435156/1622642475895/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85da858da197bc034ddd6a90ba04a4e1b9d61392aa8dd4ae322d26b02107b53d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 17:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65304
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23657
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 19 Jun 2021 17:10:35 GMT

GET
H2 200 sca.17.5.5.js Show response
static.adsafeprotected.com/ Frame 7213 82 KB
21 KB 32ms
31ms Script
application/javascript 52.213.246.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.5.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.246.12 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 15:29:23 GMT
server: nginx/1.16.1
age: 1033698
etag: W/"5356fa8b6073c3eb408487be61ef7d77"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
215 B 34ms
34ms Image
image/gif 52.212.39.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=923193&campId=600x350&pubId=175633129&chanId=21792298605&placementId=5650696253&pubCreative=138344316664&pubOrder=2828023179&cb=120509958&adsafe_par&impId=&custom=&custom2=&adsafe_url=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&adsafe_type=abdq&adsafe_url=https%3A%2F%2Fwww.techradar.com%2F&adsafe_type=f&adsafe_jsinfo=,id:f676a00c-4cd4-8015-daf6-08f1281220e1,c:fZaRSB,sl:outOfView,em:true,fr:true,mn:app06ie,pt:1-5-15,wc:0.0.1600.1200,ac:340.1530.600.350,am:i,cc:340.1530.600.350,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,fm:sAMkxOe+11%7C12%7C13%7C14%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C164%7C171%7C172%7C173%7C174%7C181%7C182%7C183%7C184%7C19%7C1a*.923193%7C1a1%7C1b%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1d3%7C1e%7C1f%7C1g,idMap:1a*,pl:,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:416,oid:247ef33b-d0f0-11eb-85bb-0a6d0b536c42,v:19.8.206,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.39.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 3D8F 0
104 B 61ms
32ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEECRhELJa3M_hEqZlUOgNU8&google_cver=1&google_push=AYg5qPJf0HXq88IGiqwyx9j0X62FhTSA3qcBCLF6tIB7yw7JDxIqTewaNQQPftkdWqTNudYx0kf_7hHx9MW7O1BX_MPg3Z77XT_FpA
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3D8F
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEDVazbNiwX_jA3l_oBpznCI&google_cver=1&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEDVazbNiwX_jA3l_oBpznCI&google_cver=1&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=wGihybAeDrZSNiMYksfd7Q&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8bnnc7qzKVYi_42ZMmh8-...

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=wGihybAeDrZSNiMYksfd7Q&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8bnnc7qzKVYi_42ZMmh8-a_vc5ObSr3A4aCBvFmsJw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=wGihybAeDrZSNiMYksfd7Q&google_push=AYg5qPLxb2114fC9EqaOoyjz7biNppX6SMmaaksuOBbHeDDNB8UQyc89oLSb8bnnc7qzKVYi_42ZMmh8-a_vc5ObSr3A4aCBvFmsJw
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 240

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3D8F
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIvGYVRgugJ0PUll5KiVzmM&google_cver=1&google_push=AYg5qPIrf4jXhDl_IxUJuXd7cHBipUUMrJ0X89_VQn02Z64wPwOdpEZpvhdpvIGn3y5RGK8T6R24gmWzGwkQkVBuGuoZQLhf4asNtQ
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIrf4jXhDl_IxUJuXd7cHBipUUMrJ0X89_VQn02Z64wPwOdpEZpvhdpvIGn3y5RGK8T6R24gmWzGwkQkVBuGuoZQLhf4asNtQ&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIrf4jXhDl_IxUJuXd7cHBipUUMrJ0X89_VQn02Z64wPwOdpEZpvhdpvIGn3y5RGK8T6R24gmWzGwkQkVBuGuoZQLhf4asNtQ&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIrf4jXhDl_IxUJuXd7cHBipUUMrJ0X89_VQn02Z64wPwOdpEZpvhdpvIGn3y5RGK8T6R24gmWzGwkQkVBuGuoZQLhf4asNtQ&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: teka5tdkrccio2qvcpcvuco7mf4g033e

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3D8F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
25ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLFskTU1w67MYd-p-PRpk0jR1GLaqtv9dFMtmwDfpK3SP6wq2fANXw8YSfw1FvGuLXhlYNroidS8oSg9i4Vo744p_3fWqpDGg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DKFLzeoFRAu8kGlCfplFOg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLFskTU1w67MYd-p-PRpk0jR1GLaqtv9dFMtmwDfpK3SP6wq2fANXw8YSfw1FvGuLXhlYNroidS8oSg9i4Vo744p_3fWqpDGg
date: Sat, 19 Jun 2021 11:18:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 3D8F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0Ss...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3D8F
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPdxK-VfQ289YfLQEmOyS-c&google_cver=1&google_push=AYg5qPJgsX_AiPtan3epbBRK1vsdsafstilVYtWp2FR5V9dmcpKadZSb3R6qKaCHIm3WSrwP_wh2fgJayviaStUs...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJgsX_AiPtan3epbBRK1vsdsafstilVYtWp2FR5V9dmcpKadZSb3R6qKaCHIm3WSrwP_wh2fgJayviaStUszusGoqxUQQ-ZmQ

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJgsX_AiPtan3epbBRK1vsdsafstilVYtWp2FR5V9dmcpKadZSb3R6qKaCHIm3WSrwP_wh2fgJayviaStUszusGoqxUQQ-ZmQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJgsX_AiPtan3epbBRK1vsdsafstilVYtWp2FR5V9dmcpKadZSb3R6qKaCHIm3WSrwP_wh2fgJayviaStUszusGoqxUQQ-ZmQ
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 0Xl8EyTcpDJ-1609aKZnJcGXpApJ_toYTMPhi16T2ZV1vYciWIMjzw==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3D8F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL3kuy39TZhOVOoi4uGSBBc&google_cver=1&google_push=AYg5qPJ8-IkXXfMS8vabcYpMChpQbeIgMPrmKMgwRLh-Ch9f2eMWmxy0TZxYvCPPaEqEdnoXOA...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1TbFVUNUhwRTJ1SEN3RnVQT05IQXdYWFVnWkZ0a1FKY35B&google_push=AYg5qPJ8-IkXXfMS8vabcYpMChpQbeIgMPrmKMgwRLh-Ch9f2eMWmxy0T...

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1TbFVUNUhwRTJ1SEN3RnVQT05IQXdYWFVnWkZ0a1FKY35B&google_push=AYg5qPJ8-IkXXfMS8vabcYpMChpQbeIgMPrmKMgwRLh-Ch9f2eMWmxy0TZxYvCPPaEqEdnoXOApAPvEQvPX6Maw0QHIJJz7d0yj1nw

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1TbFVUNUhwRTJ1SEN3RnVQT05IQXdYWFVnWkZ0a1FKY35B&google_push=AYg5qPJ8-IkXXfMS8vabcYpMChpQbeIgMPrmKMgwRLh-Ch9f2eMWmxy0TZxYvCPPaEqEdnoXOApAPvEQvPX6Maw0QHIJJz7d0yj1nw
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 3D8F 0
14 B 24ms
23ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K5DZr0fsQFwpg8ViRTj9BoH6XVns0S8DSAXSym3e5ulVDstbc895B-ae0dYtXQQLHcPIoiUg

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js Show response
pagead2.googlesyndication.com/bg/ Frame FBFF 14 KB
6 KB 15ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

f781adfea30c3876a3540cbe92d910804408a1926b4140345f13f5ece75dc1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 10:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1869
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5750
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 10:47:50 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 10FA 35 B
463 B 28ms
8ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGnZDKdFMfBoZf5-y8-cJ20&google_cver=1&google_push=AYg5qPI3IVAspsBG9f3e-wOcdyE_f0LUJN1Xh_prHrCOp7VNWDqaGs8-YQduvUMgLRn_a0GTMVrAlppB3uZJjMpK3ahhu3kYNes

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 10FA
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEGqglBkA7caWCMYAFU2dSEE&google_cver=1&google_push=AYg5qPKoNTF5pe1HSIAMHnVgrXhT4GDzINnMbeBeEoD9IoUSDuibTee-q5ut4OG2c9tF66bNH9zjPGGwqNqHSNsb9Fk2IceMdL8R
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=15F4EA4765494EB7A3C6B28DE3A0C774&google_push=AYg5qPKoNTF5pe1HSIAMHnVgrXhT4GDzINnMbeBeEoD9IoUSDuibTee-q5ut4OG2c9tF66bNH9zjPGGwqNqHSNs...

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=15F4EA4765494EB7A3C6B28DE3A0C774&google_push=AYg5qPKoNTF5pe1HSIAMHnVgrXhT4GDzINnMbeBeEoD9IoUSDuibTee-q5ut4OG2c9tF66bNH9zjPGGwqNqHSNsb9Fk2IceMdL8R

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=15F4EA4765494EB7A3C6B28DE3A0C774&google_push=AYg5qPKoNTF5pe1HSIAMHnVgrXhT4GDzINnMbeBeEoD9IoUSDuibTee-q5ut4OG2c9tF66bNH9zjPGGwqNqHSNsb9Fk2IceMdL8R
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Fri, 18 Jun 2021 11:18:59 GMT

GET match
um.wbtrk.net/doubleclick/user/ Frame 10FA 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 10FA
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIvGYVRgugJ0PUll5KiVzmM&google_cver=1&google_push=AYg5qPI8TValsdBpGeoklW5o-3mhvfbBUZbjPtSiZmja0FSvuots7zdNudsAW3adM1O8vCpFheFjiz6zY4kvZkrMR9CCanM6je24
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI8TValsdBpGeoklW5o-3mhvfbBUZbjPtSiZmja0FSvuots7zdNudsAW3adM1O8vCpFheFjiz6zY4kvZkrMR9CCanM6je24&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI8TValsdBpGeoklW5o-3mhvfbBUZbjPtSiZmja0FSvuots7zdNudsAW3adM1O8vCpFheFjiz6zY4kvZkrMR9CCanM6je24&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI8TValsdBpGeoklW5o-3mhvfbBUZbjPtSiZmja0FSvuots7zdNudsAW3adM1O8vCpFheFjiz6zY4kvZkrMR9CCanM6je24&google_hm=i6c2tF2JwIwqHlbZ29Gf7w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: pkaubi7krkmksijihdmdnpqoq6a8l3jq

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 10FA
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJPFmvRsyeh8FDs1i7qKZUY&google_cver=1&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJPFmvRsyeh8FDs1i7qKZUY&google_cver=1&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90Zc4W16zKSi_&google_hm=0683dc14e86522b954ed3c12

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90Zc4W16zKSi_&google_hm=0683dc14e86522b954ed3c12

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLxgtDhd9Hg_DyRhplbH208HumcN1LDEPAhR7loUSTNzl39PtrmmSO_EYIElSutPNHHh94bkq_H2970T9M90Zc4W16zKSi_&google_hm=0683dc14e86522b954ed3c12
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 10FA
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPdxK-VfQ289YfLQEmOyS-c&google_cver=1&google_push=AYg5qPKW1nfjKc51bPl1tkf6j-HmVy3ArUqIAQVV0-ZNkidW86aAjNLTjnFgt3ZqnxWzE6vZE681X_XblJE4OuBV...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKW1nfjKc51bPl1tkf6j-HmVy3ArUqIAQVV0-ZNkidW86aAjNLTjnFgt3ZqnxWzE6vZE681X_XblJE4OuBVsk3lk0TEG5ya

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKW1nfjKc51bPl1tkf6j-HmVy3ArUqIAQVV0-ZNkidW86aAjNLTjnFgt3ZqnxWzE6vZE681X_XblJE4OuBVsk3lk0TEG5ya

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKW1nfjKc51bPl1tkf6j-HmVy3ArUqIAQVV0-ZNkidW86aAjNLTjnFgt3ZqnxWzE6vZE681X_XblJE4OuBVsk3lk0TEG5ya
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: uuwUeuwucUDvU5QAFNZEVSzBZhx1l1056SpFa09bbHtdhcjMKTZ8yw==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 10FA
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELbYp0N-U9WnZSjM3Vw23Ac&google_cver=1&google_push=AYg5qPJSiGHwNHVrmQaaMTB4wzBLzdxYyUscD7YXt4nrKGqdE2h6eACrQTPZ9pKlxY1s7HjYx0fA5LTD74Ud-inTZNq7uFCuAbXf
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPJSiGHwNHVrmQaaMTB4wzBLzdxYyUscD7YXt4nrKGqdE2h6eACrQTPZ...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPJSiGHwNHVrmQaaMTB4wzBLzdxYyUscD7YXt4nrKGqdE2h6eACrQTPZ9pKlxY1s7HjYx0fA5LTD74Ud-inTZNq7uFCuAbXf

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTQ0MzMzMjUxNzQ1MTA2MTYxMw%3D%3D&google_push=AYg5qPJSiGHwNHVrmQaaMTB4wzBLzdxYyUscD7YXt4nrKGqdE2h6eACrQTPZ9pKlxY1s7HjYx0fA5LTD74Ud-inTZNq7uFCuAbXf
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 10FA 0
14 B 24ms
22ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K0NbbHb7oOh1YMmkbSA__YHvzkyAo66dvB9oz07IYYhOCF9r_Uupk9L-CGVio_wffMXF8P

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5B10 35 B
462 B 22ms
10ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGnZDKdFMfBoZf5-y8-cJ20&google_cver=1&google_push=AYg5qPILFgvK-U8jbVpXaL-Lrid2RxpaGfxZCBX40aSCIq-3feJwKZCE9ASGKlKAt2B_2ORXpSuP_YTDZwCn3vLDzYJQmmGpvg

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 5B10 0
103 B 26ms
22ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEECRhELJa3M_hEqZlUOgNU8&google_cver=1&google_push=AYg5qPLBAm2bbdjT4J4bT8qrKYDXCqE6ISWrV1zyuu6PWCFxO8zMLIM-S65nSk2hx-D1M5XWt6UpceT5AKiNyabK6G1w4glK-BM
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5B10
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESELpTlWk_U7y74Tcs65kcU2w&google_cver=1&google_push=AYg5qPLvsJvP0bW_KVTskksU5TmQB9ci32nKqSfSTY2lPZ-H-gk0H5oHJyxxt0ydoAy1gXzzJuOFYufDJ87ClGrP...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLvsJvP0bW_KVTskksU5TmQB9ci32nKqSfSTY2lPZ-H-gk0H5oHJyxxt0ydoAy1gXzzJuOFYufDJ87ClGrPc5unWsXW4vA

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLvsJvP0bW_KVTskksU5TmQB9ci32nKqSfSTY2lPZ-H-gk0H5oHJyxxt0ydoAy1gXzzJuOFYufDJ87ClGrPc5unWsXW4vA

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Jun 2021 11:19:03 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x10
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLvsJvP0bW_KVTskksU5TmQB9ci32nKqSfSTY2lPZ-H-gk0H5oHJyxxt0ydoAy1gXzzJuOFYufDJ87ClGrPc5unWsXW4vA
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 19 Jun 2021 11:19:02 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5B10
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJIW5dVIFaudJdVovNqUDEQZ_xxkjkI7Fh7W7yHxGtu3TGkavnQJu...

170 B
188 B

25ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJIW5dVIFaudJdVovNqUDEQZ_xxkjkI7Fh7W7yHxGtu3TGkavnQJuntus3g0TpGrNJI0fpCEeJspL2FV-iutTG2f5GaZfo

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1624101539.443839,VS0,VE94
x-served-by: cache-fra19126-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1EAj2P_F7O0JfRBxnTpZs&google_push=AYg5qPJIW5dVIFaudJdVovNqUDEQZ_xxkjkI7Fh7W7yHxGtu3TGkavnQJuntus3g0TpGrNJI0fpCEeJspL2FV-iutTG2f5GaZfo
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5B10
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEEdpkNsiYfDOTjEpZKsCG4Q&google_cver=1&google_push=AYg5qPKvEWZGk9mjsCRf6Dzik8EmGEfS8BlweIKudp7HuN7I_jIwWu3wjJcN48XE4xkJ6jF0-tOniowa_yp...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKvEWZGk9mjsCRf6Dzik8EmGEfS8BlweIKudp7HuN7I_jIwWu3wjJcN48XE4xkJ6jF0-tOniowa_ypEWg0YXH7iBlmxdoQ&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKvEWZGk9mjsCRf6Dzik8EmGEfS8BlweIKudp7HuN7I_jIwWu3wjJcN48XE4xkJ6jF0-tOniowa_ypEWg0YXH7iBlmxdoQ&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:58 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKvEWZGk9mjsCRf6Dzik8EmGEfS8BlweIKudp7HuN7I_jIwWu3wjJcN48XE4xkJ6jF0-tOniowa_ypEWg0YXH7iBlmxdoQ&google_hm=aap6GGF6Sp-L2YAs8z2h6Vk
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5B10
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEJTWdZUHi-vbuDw0Sw8RVV0&google_cver=1&google_push=AYg5qPLb5npsxAypbmiprFJ2PdRjDuxpWNrhraO6y9CPljnt6vlZw4-eNhCpGk0JoYJpBJEkrTMesy0JgQNXUM...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPLb5npsxAypbmiprFJ2PdRjDuxpWNrhraO6y9CPljnt6vlZw4-eNhCpGk0JoYJpBJEkrTMesy0JgQNXUMWbtT...

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPLb5npsxAypbmiprFJ2PdRjDuxpWNrhraO6y9CPljnt6vlZw4-eNhCpGk0JoYJpBJEkrTMesy0JgQNXUMWbtTEDqtR3TcM

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPLb5npsxAypbmiprFJ2PdRjDuxpWNrhraO6y9CPljnt6vlZw4-eNhCpGk0JoYJpBJEkrTMesy0JgQNXUMWbtTEDqtR3TcM
Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5B10
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHIMifz-G09W5cTDuOIUPkM&google_cver=1&google_push=AYg5qPJhS-psQqn_0L3krSQax_Xtv4tlWd8IMkXBVfCnbC1xjUkCnnodlfnJFVqE8hUJ5HRSYuAJObmlE9cwV9JtBWIzJPCosg
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJhS-psQqn_0L3krSQax_Xtv4tlWd8IMkXBVfCnbC1xjUkCnnodlfnJFVqE8hUJ5HRSYuAJObmlE9cwV9JtBWIzJPCosg&google_hm=ODQ4MjI3NDY0NDkzNjc4NjEx...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJhS-psQqn_0L3krSQax_Xtv4tlWd8IMkXBVfCnbC1xjUkCnnodlfnJFVqE8hUJ5HRSYuAJObmlE9cwV9JtBWIzJPCosg&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJhS-psQqn_0L3krSQax_Xtv4tlWd8IMkXBVfCnbC1xjUkCnnodlfnJFVqE8hUJ5HRSYuAJObmlE9cwV9JtBWIzJPCosg&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5B10 0
14 B 24ms
22ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KuDTjhY_TZZohK6zLI3IIAO2PFSNDkPgLEOONUBtLFXEHvkdgmFr7BW1GLyMWf-hGbArcU

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame CBEE
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1&google_push=AYg5qPIFR6-CmxSqL7yjbSg_snJ9kh_u-npUaYBt3bjVgXA2Dpf9uSHr_cDHnfU3bsgx3Km9506m4JgBNaTpuxpQBeqbFcEQ4DPzOg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzkxODUwNTY3MjA5MTU0NTczOA==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1

43 B
407 B

15ms
13ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame CBEE 0
103 B 17ms
14ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEECRhELJa3M_hEqZlUOgNU8&google_cver=1&google_push=AYg5qPKTlA6g4cvQG5rYur0ivsOcGU7bLrYS9kvtPRPWBUhjjTPizjf_q9cISzxXTluiGgeFsrfPDuxyCKM7T5vVajo2OUq8u6oC
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame CBEE
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXk2NFVka0sxTFV6MDc1&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cver=1&google_push=AYg5qPIMUBSXBgDQZ9xgoQTpKDHWSyZS4e0ZDeZqhisY-bd...

170 B
195 B

30ms
29ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXk2NFVka0sxTFV6MDc1&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cver=1&google_push=AYg5qPIMUBSXBgDQZ9xgoQTpKDHWSyZS4e0ZDeZqhisY-bdVsik450nReAkl5VyDdYbGY7iLFK4JvLdD2XZy4YKK96SxfN40eObixg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: PingMatch/v2.0.30-655-g6f0fff2#rel-ec2-master i-00d497958362b52d3@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=YXk2NFVka0sxTFV6MDc1&google_gid=CAESEKjQbhw2rBVo7Mz81kjiL1c&google_cver=1&google_push=AYg5qPIMUBSXBgDQZ9xgoQTpKDHWSyZS4e0ZDeZqhisY-bdVsik450nReAkl5VyDdYbGY7iLFK4JvLdD2XZy4YKK96SxfN40eObixg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CBEE
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEMHSshRX-AAQz4XHN_2X-ec&google_cver=1&google_push=AYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMHSshRX-AAQz4XHN_2X-ec&google_cver=1&google_push=AYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPB...

43 B
442 B

168ms
167ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMHSshRX-AAQz4XHN_2X-ec&google_cver=1&google_push=AYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 661c5c1efd41e003-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43
cf-request-id: 0ac597e7560000e00317a47000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 191
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 661c5c1dab2de003-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMHSshRX-AAQz4XHN_2X-ec&google_cver=1&google_push=AYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPI1HXroL2xfMzP8I8_oJuH5SfvywkL4JvGd8p0chu-Nc6_12taSTZPGLEUcDDNzmqhORg80aL0AYRi6cSxdSq24D1usxPBi%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac597e68b0000e00317a37000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame CBEE
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHIMifz-G09W5cTDuOIUPkM&google_cver=1&google_push=AYg5qPJnG3q0MhB20Odtz2gV0my94c-BTGMfQCzp7PnfqZIasLesRaqBv0EqlbYYSvWtK_XjLtAbb0wuQx9Iz5hSzA_Q3KP...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJnG3q0MhB20Odtz2gV0my94c-BTGMfQCzp7PnfqZIasLesRaqBv0EqlbYYSvWtK_XjLtAbb0wuQx9Iz5hSzA_Q3KPByLvz&google_hm=ODQ4MjI3NDY0NDkzNjc4Nj...

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJnG3q0MhB20Odtz2gV0my94c-BTGMfQCzp7PnfqZIasLesRaqBv0EqlbYYSvWtK_XjLtAbb0wuQx9Iz5hSzA_Q3KPByLvz&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJnG3q0MhB20Odtz2gV0my94c-BTGMfQCzp7PnfqZIasLesRaqBv0EqlbYYSvWtK_XjLtAbb0wuQx9Iz5hSzA_Q3KPByLvz&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame CBEE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8d...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame CBEE
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEP35YbrAllXgVW44Xzk4aME&google_cver=1&google_push=AYg5qPL4fCn0HkHI4NyUsBkw42IJduDZyBKpb7kQhPUQ9S_m0f9-mpoBZFXGZfs-0t1fBiQZ-9ei67...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPL4fCn0HkHI4NyUsBkw42IJduDZyBKpb7kQhPUQ9S_m0f9-mpoBZFXGZfs-0t1fBiQZ-9ei67iHA-NlEL2cAfnBbSaxUvksKA&google_hm=NzA3NzYx...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPL4fCn0HkHI4NyUsBkw42IJduDZyBKpb7kQhPUQ9S_m0f9-mpoBZFXGZfs-0t1fBiQZ-9ei67iHA-NlEL2cAfnBbSaxUvksKA&google_hm=NzA3NzYxNTc4MTk0ODk1MDI0MQ%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPL4fCn0HkHI4NyUsBkw42IJduDZyBKpb7kQhPUQ9S_m0f9-mpoBZFXGZfs-0t1fBiQZ-9ei67iHA-NlEL2cAfnBbSaxUvksKA&google_hm=NzA3NzYxNTc4MTk0ODk1MDI0MQ%3D%3D
date: Sat, 19 Jun 2021 11:18:59 GMT
content-length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame CBEE 0
14 B 23ms
21ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iikw2CDJvmEFCXCRYnx7ybjLDYeD-ZHatik52Keixv8H0vYhMIivhDO2CvFwNRTbgF69r2

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame B999 0
23 B 54ms
52ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4665 0
23 B 51ms
50ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1CD5 0
23 B 51ms
50ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0263 0
23 B 50ms
49ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
301 B 271ms
92ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=923193&asId=f676a00c-4cd4-8015-daf6-08f1281220e1&tv=%7Bc:fZaRUI,pingTime:-2,time:546,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:283,beZ:284,mfA:669,cmA:670,inA:671,inZ:675,prA:675,prZ:691,si:699,poA:700,poZ:710,cmZ:710,mfZ:710,loA:748,loZ:750,ltA:829,ltZ:829%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:600.350,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:true,gcd2:%7Bappl:1,cnst:na%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:l,w:600,h:350,t:415%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:546,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:415,wc:0.0.1600.1200,ac:340.1530.600.350,am:i,cc:340.1530.600.350,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B157~0%5D,as:%5B157~600.350%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sAMkxOe+11%7C12%7C13%7C14%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C164%7C171%7C172%7C173%7C174%7C181%7C182%7C183%7C184%7C19%7C1a*.923193%7C1a1%7C1b%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1d3%7C1e%7C1f%7C1g,idMap:1a*,rmeas:1,rend:1,renddet:IMG.qs,slid:%5Bgoogle_ads_iframe_10518929/tech_techradar/trpro/computing_5,google_ads_iframe_10518929/tech_techradar/trpro/computing_5__container__,bordeaux-preemptive-ad-5,bordeaux-static-slot-4,in-article,article-body,main%5D,sinceFw:129,readyFired:true%7D&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:18:59 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame A089
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1&google_push=AYg5qPLQSef582q35ILV8i8Y-Hq6lBa2rOOOefgGS-3zHKVyfIn0WeuxpsMN3wkmuK9ncm83J5KD4bhV-utzVQy8QFuxGUeR4-0
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzkxODUwNTY3MjA5MTU0NTczOA==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1

43 B
407 B

13ms
13ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEJZV39StuxbFfx25T7wJpM8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame A089 0
191 B 322ms
23ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEN8Su1SkoFknQSf6onqf88A&google_cver=1&google_push=AYg5qPJtOWDvERsHyV4xPVSgO7axH8TAHK7wfierHU6v6-Kt45FxshkrQ9J1rmuBvZL9vBQMW5Knc0LtFxdqJQMC0uI2y1KmM6YI
Requested by: Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A089
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEJTWdZUHi-vbuDw0Sw8RVV0&google_cver=1&google_push=AYg5qPJNBvOeIRUUpMT1DR0eQoFSR_9aLFhW-yJstCf0E6hrpt1Q7FZTKSsMlMeZAC7QHrgktyF0LGsS7XG7lo...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPJNBvOeIRUUpMT1DR0eQoFSR_9aLFhW-yJstCf0E6hrpt1Q7FZTKSsMlMeZAC7QHrgktyF0LGsS7XG7loFhd6...

170 B
188 B

27ms
25ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPJNBvOeIRUUpMT1DR0eQoFSR_9aLFhW-yJstCf0E6hrpt1Q7FZTKSsMlMeZAC7QHrgktyF0LGsS7XG7loFhd6S62pllhuv7

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3NTQ2Mjk5NTM5ODQ5MDI2NA%3D%3D&google_push=AYg5qPJNBvOeIRUUpMT1DR0eQoFSR_9aLFhW-yJstCf0E6hrpt1Q7FZTKSsMlMeZAC7QHrgktyF0LGsS7XG7loFhd6S62pllhuv7
Date: Sat, 19 Jun 2021 11:18:59 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A089
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHIMifz-G09W5cTDuOIUPkM&google_cver=1&google_push=AYg5qPKm7Fkjw4_WF56qOXGOfLwzVfEdZsmu6ra9lvnyPdl31YH4ilG6HCwxumfwK0ifS1LeaqSzb6i3BZhIFkkADxMBPjF...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKm7Fkjw4_WF56qOXGOfLwzVfEdZsmu6ra9lvnyPdl31YH4ilG6HCwxumfwK0ifS1LeaqSzb6i3BZhIFkkADxMBPjF_bGo&google_hm=ODQ4MjI3NDY0NDkzNjc4NjE...

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKm7Fkjw4_WF56qOXGOfLwzVfEdZsmu6ra9lvnyPdl31YH4ilG6HCwxumfwK0ifS1LeaqSzb6i3BZhIFkkADxMBPjF_bGo&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Jun 2021 11:18:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKm7Fkjw4_WF56qOXGOfLwzVfEdZsmu6ra9lvnyPdl31YH4ilG6HCwxumfwK0ifS1LeaqSzb6i3BZhIFkkADxMBPjF_bGo&google_hm=ODQ4MjI3NDY0NDkzNjc4NjExNA%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame A089
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A089
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEP35YbrAllXgVW44Xzk4aME&google_cver=1&google_push=AYg5qPJ6bk3jDXhbb2V5xv1IhD7gJn828Wz_GzCBTF1rHvCaOclAaWJB7xV9un3HCyttHbVgh-vmTI...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJ6bk3jDXhbb2V5xv1IhD7gJn828Wz_GzCBTF1rHvCaOclAaWJB7xV9un3HCyttHbVgh-vmTIPK9uHX05Rs7XvFwjX8xDR4&google_hm=NzA3NzYxNT...

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJ6bk3jDXhbb2V5xv1IhD7gJn828Wz_GzCBTF1rHvCaOclAaWJB7xV9un3HCyttHbVgh-vmTIPK9uHX05Rs7XvFwjX8xDR4&google_hm=NzA3NzYxNTc4MTk0ODk1MDI0MQ%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJ6bk3jDXhbb2V5xv1IhD7gJn828Wz_GzCBTF1rHvCaOclAaWJB7xV9un3HCyttHbVgh-vmTIPK9uHX05Rs7XvFwjX8xDR4&google_hm=NzA3NzYxNTc4MTk0ODk1MDI0MQ%3D%3D
date: Sat, 19 Jun 2021 11:18:59 GMT
content-length: 0

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame A089 43 B
63 B 15ms
14ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEGhtGFUzeHCrhj4yvIVBRss&google_cver=1&google_push=AYg5qPLbGokMLpfN4zN9dcf0_oXuPdilfTrfkjX03h-kh3ELBj6Oie8dUgLBzauINZMrHPYImmuLPG07NI92Ps5ISvN3Am11phWfSQ

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 20 Jun 2021 11:18:59 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame A089 0
14 B 22ms
21ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LVdgPxRuiq-DWzY0PYdM558AUfmeT2RIsDNvpNtXx9BZ6NoEY8zqCsS6keoBu4gc3BXl3oqg

Requested by

Host: a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
URL: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 478A 5 KB
4 KB 29ms
15ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23b7aa657b062d1d82e2d3c61184adc01688c613fa3d5098fcf1905fe9fae16c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4292
x-xss-protection: 0

GET
H3-29 200 index_atlas_1.jpg
s0.2mdn.net/9435156/1622642475895/ Frame 478A 112 KB
112 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642475895/index_atlas_1.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34a01a90180d01eac132d910689ea582fa9ea91fe9d70c41c414db245c1a2be6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=Q6tzQHprLH&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 12:48:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
age: 81051
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114913
x-xss-protection: 0
expires: Sat, 19 Jun 2021 12:48:08 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FCD4 6 KB
4 KB 23ms
16ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6d96318f7877c187bdf3878e8399b8b35560529f2cdfe561f3b4208998a81a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4319
x-xss-protection: 0

GET
H3-29 200 index_atlas_1.jpg
s0.2mdn.net/9435156/1622642574673/ Frame FCD4 118 KB
118 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642574673/index_atlas_1.jpg?1621442087379

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb119772d56823f206a68f49c240df40fc4d53d670272fb6b2174083bf386448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642574673/index.html?e=69&leftOffset=0&topOffset=0&c=6vTFI0T9uJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:44:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:02:54 GMT
server: sffe
age: 77690
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121072
x-xss-protection: 0
expires: Sat, 19 Jun 2021 13:44:09 GMT

GET
H3-29 200 index_atlas_1.jpg
s0.2mdn.net/9435156/1622642475895/ Frame 1216 112 KB
112 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642475895/index_atlas_1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34a01a90180d01eac132d910689ea582fa9ea91fe9d70c41c414db245c1a2be6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=miWbZLBac9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 12:48:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
age: 81051
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114913
x-xss-protection: 0
expires: Sat, 19 Jun 2021 12:48:08 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1216 5 KB
4 KB 15ms
15ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f75046fd5a2476a7900590faf1640a3b1b8786c778c5b77e83ac89228b5cb50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4217
x-xss-protection: 0

GET
H3-29 200 index_atlas_1.jpg
s0.2mdn.net/9435156/1622642475895/ Frame 3041 112 KB
112 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9435156/1622642475895/index_atlas_1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34a01a90180d01eac132d910689ea582fa9ea91fe9d70c41c414db245c1a2be6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9435156/1622642475895/index.html?e=69&leftOffset=0&topOffset=0&c=lBjZ8bthUU&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 12:48:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Jun 2021 14:01:16 GMT
server: sffe
age: 81051
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114913
x-xss-protection: 0
expires: Sat, 19 Jun 2021 12:48:08 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3041 5 KB
4 KB 15ms
15ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80a9802565210d90b27dbbeebb8cec9a910dcbe2777e207af4baf1a69145f116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4282
x-xss-protection: 0

GET
H3-29 200 RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js Show response
pagead2.googlesyndication.com/bg/ Frame 61E1 14 KB
6 KB 15ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 01:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5759
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 01:41:45 GMT

GET
H3-29 200 RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js Show response
pagead2.googlesyndication.com/bg/ Frame F18D 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 01:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5759
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 01:41:45 GMT

GET
H3-29 200 RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js Show response
pagead2.googlesyndication.com/bg/ Frame 18F0 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 01:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5759
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 01:41:45 GMT

GET
H3-29 200 RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js Show response
pagead2.googlesyndication.com/bg/ Frame 78B0 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RQzY8ISKOV3RwOMp_k9UROWM_VdhYjEqMNdKCV1xNfI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 01:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5759
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 01:41:45 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 478A 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FCD4 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1216 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3041 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 19 Jun 2021 11:18:59 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
301 B 88ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=923193&asId=f676a00c-4cd4-8015-daf6-08f1281220e1&tv=%7Bc:fZaS3g,pingTime:-10,time:1076,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.5v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS41djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS41dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxMnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1624101540033%7C%7Cac6da4a86d2c643629a571e365105d7e%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C1900d8bb13fc76890a6a25192448abe3%7C%7C84e27140d19a5739320718c4a45c4847%7C%7Cac884ea312cb09bd97210cde396f7561%7C%7C36d9047e8fc24b3d987e7de3f4cb0302%7C%7C968f825a721c868dac38411bb1f26dc3%7C%7C1619710151,ch:eyJiIjpbXSwibSI6ZmFsc2UsImgiOnsiYXJjaGl0ZWN0dXJlIjoiIiwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsInVhRnVsbFZlcnNpb24iOiIifX0-%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Jun 2021 11:19:00 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 64CB 42 B
73 B 54ms
54ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5b-mZrKRRbJCwCAW_wdY5-Qwe5t4V8inTKE0fMYGQgjb6jFJJGlnCZu5zT1GjvY5riXUcrgZRgMed3VjEpdAC77FC92Sscy-DsjOEbtmMlMoYNB3KvQ341aD-eA&sai=AMfl-YTZFLh2ej9XSIJwM-hKFKx066Pg1NJ3rQWrqbz3symPvmU9BrjRlp0xpyzY6lX2vhRohM8xZUbFb6rKPRN1Ii5OEYu2YcADwKLju8PLwvOmJiY0zBlBfiPFNMA&sig=Cg0ArKJSzEhHOshZIPr0EAE&cid=CAASEuRoDGbkfk506Dou7osBnBjG7A&id=ampim&o=436,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1128&mtos=0,0,1128,1128,1128&tos=0,0,1128,0,0&tfs=193&tls=1321&g=100&h=100&tt=1321&r=v&avms=ampa&adk=2333350355

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js Show response
pagead2.googlesyndication.com/bg/ Frame 4F14 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

f781adfea30c3876a3540cbe92d910804408a1926b4140345f13f5ece75dc1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 10:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5750
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 10:47:50 GMT

GET
H3-29 200 94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js Show response
pagead2.googlesyndication.com/bg/ Frame CFD5 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

f781adfea30c3876a3540cbe92d910804408a1926b4140345f13f5ece75dc1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 10:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5750
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 10:47:50 GMT

GET
H3-29 200 94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js Show response
pagead2.googlesyndication.com/bg/ Frame 53C1 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

f781adfea30c3876a3540cbe92d910804408a1926b4140345f13f5ece75dc1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 10:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5750
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 10:47:50 GMT

GET
H3-29 200 94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js Show response
pagead2.googlesyndication.com/bg/ Frame F1A9 14 KB
6 KB 14ms
14ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94Gt_qMMOHajVAy-ktkQgEQIoZJrQUA0XxP17Oddwac.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

f781adfea30c3876a3540cbe92d910804408a1926b4140345f13f5ece75dc1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 10:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5750
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Jun 2022 10:47:50 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A517 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsud1xoTjE6zqnLGUvCYBFV5DSUDSHkFsDrR8cvTNxpZYteI2P_VHZnXokBbHrKtxWZe4sNAh7lW4ga5vdVdMlUBSISKMmEi_cEnBp3WuwMU3TRZB39A4TXkHtonOg&sai=AMfl-YTSDzAqx-fsOazswJzjJ1HWpskbajbiYqTQJL7SHLaQKtF8koj3tBvR2BJbPvxvUCVXNh88kOuMQHWrUTKmkalwBNfLTMLSQEhCeE06KpymyiQMvIqrOQZUW_0&sig=Cg0ArKJSzC89Ap4P_1KmEAE&cid=CAASEuRoEr2uwVenPBWC6WKTOY9taw&id=lidar2&mcvt=1136&p=365,115,969,275&asp=365,115,969,275&mtos=0,1136,1136,1136,1136&tos=0,1136,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=1346052358&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624101538585&dlt=29&rpt=399&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1EE7 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsukX8-8FY28x5JnJYPL48RVpLXURK7OrsD4NuEtuvhjvNsJcZ1lGbpcxF_3I178HXpZleKsdpdAnpL-znXVWizYzFfTQzzLpk1h7URsFy71ctqauYrcIdTIut5Uyw&sai=AMfl-YQ1gror6Qv7uFuOUxPPAJoEHHemwU3DS_xEwXri1RxD5VPXRHWLjHsBXEvPvRXgY5DV3SyHjGwSR6KurpYb63gv5UtSYA67XJxI--KVj3FNiuR6BXTT3vlyzHI&sig=Cg0ArKJSzBBbvu-IFk4UEAE&cid=CAASEuRojGVgKfHkviug6xhGiIMcrA&id=lidar2&mcvt=1089&p=365,1325,969,1485&asp=365,1325,969,1485&mtos=0,1089,1089,1089,1089&tos=0,1089,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=1346052359&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624101538591&dlt=33&rpt=435&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B999 42 B
64 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssysDAoRs-vonvDnU0LKyH8yzVOnP97XTV9RdCMARmIE8GJ7uZhhqopd3KzDYqxzfl2rGTnbxLUfIJ_ZTOVJHZuU4Ldkom8ROkdjSPEBPlxSCRAWywNqpuAyNLXTm1ofp9JpPLPOFWFqi830gFU68g9PztZ-eziMrYLN66XTzc8gBLKSOMVTwUC-F3EbN3OadSj_008i5xQrQ&sai=AMfl-YSqy2c7_UVHRSyuXP8fwHDcl-yysF3__LXJ8zVoTmQV7RUrL_KHxtPy7UuCxiYDiUh3wLUI5Gu3OdJHYl84zPK9oCgLO-Lh4YJcdpsePuOnLGvf5NHrfQiOoRA&sig=Cg0ArKJSzMEinO9nnEzGEAE&cid=CAASEuRoqLboDHRMlMoc1C2_P_2yAw&id=lidar2&mcvt=1019&p=543,965,1143,1265&asp=543,965,1143,1265&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1137301587&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624101538528&dlt=74&rpt=575&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4665 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstMOeVDxKTnKoBh83AombC0CaiHAMGkKbz5Ov2TMvnvIEwG2t_lYhiYodvnrCsqD55f4mLCDNeATLdsm6A8RJZPCRKII9dgX0IE1WvNx44oChID_gfL1g3_0TAa01-wqHa5h976_4TNRHrAjOf-oD6u79CrITbUQt6S0mtIS4jM_j1gymOiMfz7jKT19mS_rrA8H3AQ-nuE2Q&sai=AMfl-YRBkRpWa7L8smsDzBMHB3BPAcJb2KliC7hiJeuY_hvhitjTjxetRxPQg9lCKHiB2gIQj0VP7Ue5uXdlYr25Bpo3cG1Mf13HM6I-12m5MeFB3n46uLQwe6i0Z4g&sig=Cg0ArKJSzFjtxyyoFi7qEAE&cid=CAASEuRoz-EHRx54kXSeUgQ70GpkWw&id=lidar2&mcvt=1021&p=105,315,355,1285&asp=105,315,355,1285&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2162323382&rs=4&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624101538525&dlt=72&rpt=602&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 930F 0
28 B 52ms
52ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-4sDodLNYIq4Edn_gQeB_bGIBgAAAAA4AeAEAg&bg=!_v2l_bnNAAZktE7iZLQ7ACkAdvg8WmeyUNqWrprvYa4pZgoKiYoQ22kE8GIHKKYIKz_z1iebTls_KQIAAAHYUgAAAEloAQcKACohCdeV9eQ-EAUDnRQvdOtungnV61mJU214LpMeQpWM2XaOQ9Md4lBYwxeZAsDeEl4GtkYs24KoGJ2-9GFR-K-FWnkbHdktYUllZUKILn27Kez2Ig_avjZkYSOJ1bFCe4zyQOttz6E212nt6vtPRYRAnMaVDkmAroz0rDagm_weycOYJwGA70Y7T2BWASaGrnHiHsKG5rYGq327I2PKGSvVCc8oJO-YdE6Ty3qaw6kcuzCQV4WPtDM7eB3N2_6Sj2Kk_NebqQ69feHVBkQOAWrLWmIk-fCLLVlXUn4SdOzS4C7yElc8BGytKxizQY7fHJ_pAXu772RuN_K0rRztKU5FqaYNH9vudkydZlcNnMdQM950cRqg1wVfSTNjdugScHJzg5JewE9k8vSRGyCkQO8eiD3pSvhQ0dR_1jC2bU6dSGiFS_fkZm5tv1kPzuTt-2N59_yI_hoJNsvK0WDfSMWqHwmQMUsZ4x9bLSgCocvuufFB4n2dugdWeEdsxzJEKC11sLYVpa-D_lPJlH-CuVSJLBPeHww2q9clTN220lNVN5sEOF97MH5aJcGx_Z6JSbuItItAcXlOWzZll7WnfZeS2vBW0ah5vGuYnmBNJreT4aRQBNJRnzTCnXhopqPNg5ENg7JgoHGfROT9FaKb_jekpF-KBE9nZqYiHBpJDAQIY_Eno7wOfoJSGK6PFAcLwBZUEFq1rMnXAm-MGJQptFY3POol-FkDpak8U6Zb3lS6gzN5kMRqonN07Mf-6XZ4aBAUnsPl_V1LDu8ADUBieHkKb6r7pv0Rb27bwovHyM7ztPNI8Z83I5lspmzIPQB7Xol82CEM4Qqk_cCgLUaFzs0_T794aeMYS1pEucMMCmxQP8eJByO43uZBlwo-_E5kCmlAKMaB2BXagYrnnmzhNGdwMtNfeL3kt1-c2AP_RvKQ5Q_tcaJV-_x11raTAqgsUR6QtgKRQ-W9s8Ye-ZQCyZnplrLp7QlJKEH9dbU0Kw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
28 B 49ms
48ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gpt_2021061503&jk=351294456403875&bg=!X1ylXBjNAAZktE7iZLQ7ACkAdvg8WkBkOvig-H7ggNQk70RdwRU17o9pb1Ye9ifV487yywF8m2TkKAIAAAIzUgAAAG9oAQeZAoHAm10CGN8KDY76ewefybAgLnRunH0lphx7134Ld4aLQ-hws8WEPIeDn44wxkOps6GQg4ZH0ZN25ve6Lr0m5vNDWL3Shvoox43l8HXqaQ2WtayHTQhlt10PdABmDAEqoFmKK7U3iSdM_YtRBMiBhAAb3aLEnHpzfG5FOyy6bzzpHJQ29End5dhg1260OJV1URhpwIXwbGiqGxI9qElhqCcNB4Aeyy2IwBGWEkQwkMYlr-c5XRhuqA7u-qgWogDWZ-2iXCCboHocj5Of84DZsegHtKbcUa-imtuJdOzUizcB2UVa0ikwzfNgNFqu4AZwUxe5DcFhcix2CWbETmcCOmrEginEjIunb0km9UK5F2HCik3kYJp09Jo2n76vZ_BbiBuMq3PGDl02A5gSdepEjekSte190EAKDKVw5dXJ9q615viiwOvjUDMNE6_mXWs4zNN_GsecbClPWCRCP_3wkZZuJ5s97QN4V9EHbqIOLCoYdeg0tfmlF5JAOdaWhNoOxp03EvC_KYSr8kUez_eb3U511uQJwMD0Xg6zVZV-CdIZkWH4_8M3i5IDKqA9Kb4oEdfO4LkIzSSzzeA_1nlZiuaWGNgEWanN8YOAROGcVHVL2jX_uWySj1K9DsZincKFugFqZWz_ZO8REY-yNG4bbgjam3Km5S5OtJXoOH7Mn4lt_kNGw77QgJkFbtEYqRh3HWVZDI3Ej4C5XKtb9sc2psgFR3wgd0gtITmKGtP67wif3qT8anz6IqQ7ekiiizvu23uSbTUAdclZFLXlGZvfAc0pc57WITgM1TIp6llxJd0fC-iNBxpHeYQ8fWvOloCWdBO7dXeeYuXyyvxslgmWO7WNxQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4750 0
28 B 50ms
49ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_2n1odLNYIm4Edn_gQeB_bGIBgAAAAA4AeAEAg&bg=!nJ-ln9vNAAZktE7iZLQ7ACkAdvg8Wk6HljMy6K5CyCaOXbKh2J38GEAaVYJl0cy2uRkOXu9JRFnMcQIAAAKHUgAAAKFoAQeZArn8hB59nWCklixPiDS_7kWy25BCdUtm-pFTJcLBH26bJYMTmFuCM60s_NqyEgOhFp7HcDKgceu6eRC5yKPgM5PKNdyKksAlysFbJlvlIrTXPmjwQODTo73cF6CGkHZqoSXhnNql4hZW04TfsTjudD_F31Nv8TKodZ_B2_bDbSkxLOl6Rxz4KozZ3MsSBo8onMUiChE4DFJg7-MHbm5G2cXKrjTezaItByRil80l5i8z-qRjsb5z6zSaqJ7cVXQsq6ppP_xlGriVapW1kzDTpWIrHG5BaATKuFPC7I91qifQtDikc8T7i2151w1K5TYoCR_td9kEV13N1_YlttpSDXZvnOuaUlB88y0kWlQ-3Uel9tRyN5w1462nPxw3ZcqsC-GKdLs3z5W3hQh7Ov8TN8RGYR7KP8ihu6aZrb7rxDZ2zYlw9UCAzlFMnzsAon7Ze0u4Ld2I5DkA2sryc4BfqWJW76hCg4X9dhbhCI6GEQaXDka66Gw8VfaYEMwrzRuAeNEtSv7jC0kzzhvQZt7NzXHdHul-9o5ZRiArMg_E4ovFm5E1i2x8Y668N65N-KnjddFPJO50ZLn-xrfyysN4_MAC6pRq5u4tIGuSNCA9Nc48wyQ8jHgbT8LE9TmypqPB5VWaMkGCOR3nq9Bd0B8sCzjqfW0Z8we8tSSvjU2keZqtXApVCOmtGcwm6_59djOviUfuK_THhBVQvv30b1pZ7cieg3guJUXJAYs_deExd0HQ-A7EEiqRDtDhrrIZIbo4jHg2Ig720rn5u1w7D11JpcL2MG-kSv1XJ-Sw3415kmaVDONHuon7FhvU4A7ri4fqoccEJQXQfhM9r4cLjnUGLimCeoM9xTdTPkQ2aV3OOEWQkDyjaAGk7l8Q7qjH46Z7rio2Igr5VHEFCAtmfQej8gVdiT8jCajYG7NP

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 61E1 0
28 B 50ms
50ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVKYrotLNYMSKLfSLjuwPuaaY0A0AAAAAOAHgBAI&bg=!9_Sl9LDNAAZktE7iZLQ7ACkAdvg8WoZciDNJ77uMJbPhq_LWE8Tq_wfRujZfryn0IMzIP37YsFzeDAIAAAJiUgAAAD9oAQeZAruf05JxMXEZHRftqlqOUjFAFHm1ETe_khfxF4uTtE-gwB9tNa5erV_IQdBFMkOjAKK40OVohCiIewQ9dl_8frHzoddNNq97iYUNOHFvdoF8CiAUBevoHLmR4m8-Y6UcpO520tFaMftP2O-eio5-GW6ynitX_9IvI2pYcP4PFoFEP2PCRjy62ydjdSIaVK9IoSl-m2UWePf1QrqqFG7Phep3pp4IgiwnSQc7f4ZkS48qEfIrZ9Pu7Gi2zfA_uDbfzMflV1OGVytHfOigiCc8ZSbGAgmlxhjnzvegAFCpyP_fZ1jsfC3VpRKdmSox2OBeYmhlKDiLj4euHQUXkEPdBoVPX2nk6NqaYDxkSQ6qh0Jzjz4QqqWNv3ZZoMYdrZ0j-fmyn4TbMSjKJ8AfNjwRfABhU1ipYg6axPK55IfhXKo6xLe13I0jRAxerkIMh9Dk5JM5NnKnsKJ85GkiB49No9dH8EtG58K6m37jigCypxbhLuYKd-sz7Ee2DRZwUXO78ukXFwYbXxZt83-6k7CjqZMGHlb2UR39pg7bFuxeZCp1d2lR6jlYkOd5K8-4inPX4356OXOvVzNh0zBQHXkn2p13rQAkNzSEP8KMSRvfu_3Hw21pgplvqkJW1Ebvn5FYN2lWF4Ey1Gmv1A2zfNmfk2kG_7aJr3tXzVa7md8dOELh8eC_kb2KIdNZF76MR63-BetXYathEuK7Duma9jXGBqtM7CMnHdK87RYllZxdCwhDqLbgbK7GFTJA96SWTj4urbSgNSl65Jt3HLS94DHyelrxRKVe_mvTWMmh4sSXBCekoxGpBoQDtgGgLGweAWrER6uiFAN8ZATmQQFlW6H-6wxhuJGw1rdjTLPhYzQeTF7RtPtu3urE9xKKbFClZnVqDt_SbXwgju6_G1TJHghZpakzC_UQiJzx14650sk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F18D 0
28 B 49ms
49ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpxOLotLNYNboLKjc7_UP8veckAIAAAAAOAHgBAI&bg=!r6ylrOjNAAZktE7iZLQ7ACkAdvg8WgVe_IAUDHx9_jZn5UstJLMX7wzCB-5TCAgNdvtle05u0QOJtgIAAAJXUgAAAEFoAQcKAE6h8kmqVx0fbbYWVNmvKjL1A8d8LSh9ut_qnZQg8WGe4V_4IIEAd248Ypkqiz76OouYQ5gzWyYx8eoH-8oLXYbLh9UdyOpRNGl9jtKewx-ZAr4znTW8OmeH_aorJnx_73s_9vVoXFSU9gQwG3jnOyjD46CTniYXCIl5cnI_9XGZgUG3dxpwDkIa0SR0tw2AoDEIi67CqtSrCSmZaMCsJfPyNzV27c4YOUmYrW9woOoshjiAGfXjA8umXSqqD5JnRQFWJ2tNzIFvojh-rIhfRT6vTzrbEpYyynaTgoBmcoL6p2pflK23LVTNI74KoMu68z1x30JI8AxlbTtEqtXHAQKpjD88QwnGHIBa_q-BcWYqum5eI8ixmWDu0sZforUYCHiasevAlqiCcDwchz80871M5VnKo54N5M4qdJk18pYiBoV504dO_EKQx1aGwIqpM88QfNbatVayNNy6ZrJXMatxFrbu1C3KkxMSAW-2uDJtH2p6k1mKF3NtBHtTr273Sjv_81nmh5t_Bi1C3X5fRvXPHryRJSEsEsZKpXuJdnyxtrLVppaJmHI9y8MkJEZbomFX6zAH7_OPwGJl9POExhrG_qIrpTGV9OdzQ869TK27d8GDVkdL8QRHnyaYDYRnxaSmS5VHrK89deWMnAiJl41rCKmtBa056wZ8XDS-e8JEWqc19myYWpD5OrhkJ6MqUzcBlbJ5n-NPOECseH5gQTqN4fpCjTlpkMwmBV2u6CWUssA0o7us8hSqQcaA2jgLhqjHNzhqmbxrlM9mvV_lWq-gNatHVn8MwdCD85mwmhk2On9T99jeGRTGfgNe7UNWZOgybCleJczcLr47cHUZaSjhWrtO9M14q-iOp-IDVBxD8CSe1FCMYnp94rqICs3jdcCb4VC8XkVOt_yZW1YMJEtJzKEAfRAGn98upTRKFk3niCw7V9J7L6SyRjIC0RMlDHGuayYKZs533i9aSoWV_aZd8C5lbLcuhmC2n-_ykW7arUxVWzstaDjxBI4RFflH8T73xKgi3gTEhGWXvTPGX1Q

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 18F0 0
28 B 49ms
48ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8F_3otLNYPaoLbuDjuwPx7KziAYAAAAAOAHgBAI&bg=!Dg2lDUnNAAZktE7iZLQ7ACkAdvg8Wpftsqo5sxP0owcjcGgR5Y9t0xdz_BZJL_Cqvjm1TjhLUyfTMQIAAAJRUgAAAENoAQcKAA-PHKxl97JrSzVnIMLWsVOZAtPF4aP80mFOgzv1G4IhgsCnha_KVMm-5iXyPdvJgNk6fV-oQ0w4930mD8C4b88tK5f99HPLuzE4m8Dnz_X3sfv6fm3Ve3_o1yLo0LteQVV64b6DT74qtd4QtxHyH2f_iiNjxCOSq-4fad1ec2WycKGSCYVeXDCQsUfygHeRd-CSXpjUaJM9hhwT5yprTDJjOXGz99-tqvqRy5D6ZPHdmwtiZGgVkV3VdFdCzAEkWgjPVZlBT1F0QxyeBu6lmhEFeFbBX7I1TzV2Vw09rhoTxnIwvOM18fuB4gXa4sKVAj--DAAMdabpOcWpaTnVNJ3Si5k_WcIT9q_59pW9jfIxsprLKirMh2XtnOg0jwH3KDo6EVGeICyhmJmlVm5x_QMrVe5VDCoJbun1dFXRsiKObfBTuXQPe4FHkIOe55f4_gkXu-ljuSX9CePphZynNSOaii2pPL6MXLOv2yngGNxP7mxka-I3FEuocUK8_qSCNSsvkO3Uutt-sRXlc1NlFSMbsDerKrdROy1ZjluBuk__vfpOd3eORG6Whak6cWs4kP1JLmt1Hz-wnrgkqvSR0TMfM0mPrGvPw6VF-qW3ecv_xQ3xNBiEGVTUDzGI9DMxf6MuFWcR2ICFUYTTWeQzBFh5WFdT53r-SLeWpyzyXO2yePWEDrQBlR2-27og2xF-eS-OhIFr0IBam0y92bv4omWSF3kBlJ9QvGSZxVN6KGT-xE1dgu8waL-6FXDa9kWi9U0La7PROZKKygwhtBWCT_DQA_fBfF7RAHSbrn_tbwHyxvlA4UuytcMviPCXgCwYpyok2WM-3BhNxkdxTxYcPB-jwkd1ePooRPJZSWIdpMzgmo3QX1chzR4NgaIiR06eeURC65dcfHzjKzIzKjsxHAkTavwEPj4CTWDSXQGHvdK5Go58vNNo5OEFk9mjh2_wbTDK2e-xkp5kNDB5EgrjtneL23EXb-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 78B0 0
28 B 50ms
49ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDfVzotLNYLnNMJLA3gPZt7uwDAAAAAA4AeAEAg&bg=!h4SlhMDNAAZktE7iZLQ7ACkAdvg8Wj3dzdmKH8h9qC_HfRhbFxNuAL91lMsCPrTiU36IN1hnKlGE4wIAAAJMUgAAAEdoAQcKAMas4HRYvIG7rMAOEYQfSOqj9q93xjCXhwavha_xT_S5hfb81vXODEBNpfEwVER02lBFKxnaViOcPO77ysxaxGCmFUAG0t9Rmpew0qIIIPuG3y2Nhg37U_mqFe1LPrImY9jUMCuYlhoY3YTwwVd8flhT4OSkaKC5rg4WoiFuLjoZmU4549JYMW5o3BCSpsUSY6GS3_pw6U3NRiK21Oe3gYXbEdi1UJPnBstM2bc60XfG8LudCkADEteYePPXkPBk5pQadDJ0zaWZAsdyAD3SiYs4QBHRnqoU95bdH60NX_WGBYapFcjGIekRuJUo_BlpVw0EhpqacvQJ8R_nrfR00hnY7Ed6BAqKSmsP6JbLreD3_iM2QcUe0nQAV3dda4FEsJon-krZghup7KgJBfx57GJSS5D7hwvDrHHNrvOC_rlMr33JNOzngD0zsQXeIbftygxzVqQOKWIXORRjdtjyeFZUQmF2kHuA8gYk5g3sd8VNOff3Wh00WAFaPamMC-XO7r2W1l8yyT6FZz7n9CUn4ZEsmfJ9yCyFmThsa0qbdfALbd_o_YTW2wRUGeVy4Zsue_VWcrCmxPeWXn-CWmDr2d0iSKW5j14Si5tLwZesoUwiLTFXba1qiD4gtXl5vbvllX92z5B4GFLd1LiI_xEw9p7LGd7xnL_PkIFpBd9qIGaqBl8ZAf6xFAirKzPqj49aPPCOdi0QmkEHxZJIuvXrsp2LVqra4JT_lDp5f1S7ABh9-Z8Nn15-r_pGSiThjooQivioIxLVcA5M4YLNzCpbGZr3yqKcEQoWmDs2TfrlxAetY5-CfeKkyO7zsG-27Jqf9aEfrYnXTlkpv7JE6hEiymtelj-qRF_h1aPV3PDAkjmEGF8gv7M-UgLOeBnHOl_XK0L-j9ICOAJDze8O3R-C_JMpNcI27P5crU8rHFoQA-6ZRoqEiz7EjB1tCpR6syifvXsTTtZvvg34uM38LzuRFWpF59fp2YMucQXkJCZfEzKOOtc8wY1JjzLhNkU0AVTh53v8iZ6E0Xrb_jILwcDU9-OgXRcW4sL1Jva7m0Nzd9MgN1ppDXS-SOETPaNb2EfCSj_YWyd0dITXCbA0tPtnkj8L4oVJIOlhtosjGgv1C2QiRhdcl05dAlkAeXYXveDTHywBnL69L7KGUzvUpmY1RjUr-_o7zN4ldcA_pzb7eWCjtbp7L20pE-g2VfhJTs8uulA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Jun 2021 11:19:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/futureplc-network/ 848 KB
53 KB 23ms
7ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad340d4f58ae9631c5693ba08f4ab31c30515eec5dd15eb1f032dd7b87652fb2

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: daW0LiHeVRwOWJewU0ZxdshJT5KtyXAp
content-encoding: gzip
etag: "50a1eb905e639d5b5622c0c08f9aef94"
age: 98
x-cache: HIT
content-length: 53533
x-amz-id-2: TPiMm4oIIfsycowgdbMznHt37/XvUBsFT2zjUIm4hEimgTHvEtZ1Zn6rvnzEMyGMWwBxlHWKfB8=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:48:18 GMT
server: AmazonS3
x-timer: S1624101541.189094,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: AK9DM2CJ0VERHGBA
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 76
x-cache-hits: 2

GET
H2 200 load.js Show response
widget.perfectmarket.com/futureplc-network/ 5 KB
2 KB 25ms
7ms Script
application/javascript 151.101.13.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/futureplc-network/load.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f67b8d248a294dedff8595c60e50def75f5aeaa99aa113de31c360c06e1c2e

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: trLiVYJOSv71644h1TvPb6P4vA7J5.Ic
content-encoding: gzip
etag: "259017a2d732ec58a5574ced81155531"
age: 117
x-cache: HIT, HIT
content-length: 1517
x-amz-id-2: 2k5xY6vgCpvYRjv7OR0eDwdMHUfvKQYzxcRc+70yCMqcwjwrnvrGOMWB8dWZvI2xRWj3/P2Gz3E=
x-served-by: cache-lax10623-LGB, cache-fra19183-FRA
last-modified: Fri, 27 Nov 2020 11:37:05 GMT
server: AmazonS3
x-timer: S1624101541.282646,VS0,VE1
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding,,
x-amz-request-id: 3W5TVDFV95E7F71A
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 1

GET
H2 200 impl.20210616-34-RELEASE.js Show response
cdn.taboola.com/libtrc/ 525 KB
118 KB 7ms
7ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 174fa874eee88ffd59d5c9cc7fd064f06e721fad3a156ddb5f4098fd987eb5f9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: oEJW3jRBb5.jXgPmawDt65uOguNTfUcf
content-encoding: br
etag: "3e4b3c9fa3c276ef324d58abc8c116f8"
age: 9993
x-cache: HIT
content-length: 120041
x-amz-id-2: LRYsbihvW20C96AAi0b7RI3tGIQ1ZEf7MbSY/xNkJcyqIWgyP0lH5eqqpDejSx0cWhioNDIG8dc=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:28:41 GMT
server: AmazonS3-br
x-timer: S1624101541.265380,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: ZZ3SKDJXCA0HRPC5
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 77
x-cache-hits: 19062

GET
H2 200 pmk-202010011.9.js Show response
widget.perfectmarket.com/futureplc-network/ 112 KB
31 KB 7ms
7ms Script
application/javascript 151.101.13.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/futureplc-network/pmk-202010011.9.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/futureplc-network/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6e68f2acf3fa748d9e49f0aef011881bd36464c6acc3dd8da372d1ffd01ab1b5

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 1KszywNVKe0wCjC2HEvPi4MK4u.rp5is
content-encoding: gzip
etag: "d6b57de064774268cabc5e20ef9f67ad"
age: 952885
x-cache: HIT, HIT
content-length: 31154
x-amz-id-2: Emnf8LI+iCcSIgdKEPk5U+J7LVVGklTBtbY790JdLzi+b1NbLZBO4mdp34kISlcoGc+IytOfJmo=
x-served-by: cache-sna10743-LGB, cache-fra19183-FRA
last-modified: Fri, 27 Nov 2020 11:37:05 GMT
server: AmazonS3
x-timer: S1624101541.292156,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding,,
x-amz-request-id: KJXVQ4FVTM83AT5K
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 506, 5627

GET
H2 200 card-interference-detector.20210616-34-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
3 KB 7ms
7ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/card-interference-detector.20210616-34-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e40f20f16228a404805bce9dc67114379e181174dff3eae638f6850328508fae

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: yP8D_WPocnXZhTbjo1lcHLhr_nZjkSlZ
content-encoding: gzip
etag: "55361e56c70e05d678fe772adff16f8a"
age: 107
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2188
x-amz-id-2: 3Xh3hg+Xc875LX/q5qV0vKxo1MvzwDlKz6FaGV/AAWBrfkHFbJzi7bFbV++17dif5IFhqU2ibO4=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:36:52 GMT
server: AmazonS3
x-timer: S1624101541.309596,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: PF8ZGGJMGDVYPQST
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 77
x-cache-hits: 95

GET
H2 200 json Show response
trc.taboola.com/futureplc-techradar/trc/3/ 20 KB
8 KB 433ms
431ms XHR
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/futureplc-techradar/trc/3/json?tim=13%3A19%3A01.319&lti=deflated&data=%7B%22id%22%3A688%2C%22ii%22%3A%22%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1623919684899%2C%22vi%22%3A1624101541307%2C%22cv%22%3A%2220210616-34-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A0%2C%22ga%22%3Atrue%2C%22tcs%22%3A%22%22%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A9132%2C%22nsid%22%3A%22futureplc-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A12%2C%22uim%22%3A%22thumbnails-b%3Apub%3Dfutureplc-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A3510.421875%2C%22mw%22%3A602%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1c7ce503a6b246061f03e62c24a189fcb0586593f069a083b15684cf52cca5e0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 424
date: Sat, 19 Jun 2021 11:19:01 GMT
content-encoding: gzip
server: nginx
x-timer: S1624101541.325721,VS0,VE424
x-served-by: cache-fra19180-FRA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.techradar.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ 18 KB
6 KB 9ms
9ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d5c1ed77b99d3f67ef7d419e1d6d78a663d8cac3668749252aa85c88cdef8fe

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: y2EUw.irPGYHWZQvvHFS16CCD7wJF5Fq
content-encoding: gzip
etag: "7f7f981d4ecb61feeff48e66441716da"
age: 347
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5628
x-amz-id-2: TklKzcscKDRV/KiZHZSW4Hmm6Wuc/xAae1ssr1JymSf8MvlqblKYbJKXGTrDqOG6ZMNoaHOT5iw=
x-served-by: cache-fra19180-FRA
last-modified: Sun, 30 May 2021 11:12:52 GMT
server: AmazonS3
x-timer: S1624101542.766790,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: NWCSWNG0MX0N8EZJ
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 77
x-cache-hits: 1166

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ 2 KB
977 B 9ms
8ms Stylesheet
text/css 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 10qGt8O9hKdbB5IigEtXn8Bn._HPfO8j
content-encoding: gzip
etag: "10c372ee2c83a7fd12df18aebc5320c6"
age: 11045
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 719
x-amz-id-2: A8pOn0vHP2AZTFPKUH/E/XQ0BnACpoDi2Cn8umalQjLdBaCQMU0fH3eIPGkBpOFXLrfZ+JH/G5w=
x-served-by: cache-fra19180-FRA
last-modified: Tue, 06 Apr 2021 14:48:01 GMT
server: AmazonS3
x-timer: S1624101542.766775,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: H26RXF80K5Y33KYT
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 77
x-cache-hits: 28061

GET
H2 200 tb Show response
15.taboola.com/ 3 KB
3 KB 19ms
17ms XHR
text/html 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=futureplc-techradar&unitType=244&tbloc=&pageType=text&pstn=Below%20Article%20Thumbnails&uuip=Feed%20-%20Below%20Article%20Thumbnails&cisrf=&cirf=https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked&encoded=1&uid=abc22292-0686-4229-b72a-364456e16b55-tuct7c75825&variant=73266|1480&callback=TRC.videoTagCallbacks.videoCallback1&cb=1624101541763&tagid=&cntry=DE&platform=1&sesid=5b585ce141d9c94298d10c53dc8f6794&itemid=/news/multiple-turbotax-customer-accounts-hacked&viewid=1624101541307&geolat=&geoing=&deviceifa=&appid=&sd=&ri=141f7cfe21f1f45d97967dd63f8dfa94&appname=&cdb=&gdprApplies=true&rid=&sii=-5742858714333041513&oee=true&tpubid=1009592&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=HE&hasGDPRConsent=false&tcfVersion=2&cmpStatus=0&tnetid=1009595&prcnt=&layer=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fcef3945ba680b542f2b2451865fac510cdb60ce654f82fde2d7fb0b876a1db9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Jun 2021 11:19:01 GMT
content-encoding: gzip
access-control-allow-origin: https://www.techradar.com
machineid: 1447
x-cache: MISS
xvid-debug: mrmr - :
x-served-by: cache-fra19180-FRA
pragma: no-cache
server: nginx
x-timer: S1624101542.770195,VS0,VE11
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://am-wf.taboola.com>; rel=preconnect
x-cache-hits: 0

GET
H2 200 feed-card-placeholder.20210616-34-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
1 KB 7ms
6ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/feed-card-placeholder.20210616-34-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 549d9a488e722d661169203e2c3aa51f5e76ce3bd9848963c5172a2acbe7bed0

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: coYbF4fahQQfm8njCg2zRwnEdSrsN1MZ
content-encoding: gzip
etag: "4bb0067e49fc014afd54d3c17dbc2d93"
age: 19
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1269
x-amz-id-2: MnWAAa/53DWDDA8XlPkOSQjCliShJUshf7Nzvk4ZLKNbA0KW4rzoxXObFO+EfiMHKAL3ETXgiNU=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:36:42 GMT
server: AmazonS3
x-timer: S1624101542.770103,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: SZEJA48WT8PS6888
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 77
x-cache-hits: 32

GET
H2 200 distance-from-article.20210616-34-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
1 KB 7ms
6ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/distance-from-article.20210616-34-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c90ba3deb367832ba13c564bcb1c2f1f59962f17fb3bf92307681616a9e16203

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: JJz7mYiMzL2rcOrWgnF.xyDwK7eV.vV8
content-encoding: gzip
etag: "3f4b9b69d0db5b49f6e98ee5ae22ad26"
age: 72
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1014
x-amz-id-2: vZnjcL0ExZj95dAem+aWA5yH+GkdbaBHvCH6Am8ryXtd6JtgGtaEFARTb17S08/vFQZhlrF47j8=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:36:50 GMT
server: AmazonS3
x-timer: S1624101542.775384,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: TN0C944RK6CYN3Q3
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 77
x-cache-hits: 39

GET
H2 200 article-detection.20210616-34-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
1 KB 7ms
7ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/article-detection.20210616-34-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1b1652f5c37b04bbffd31d5e91a30120d22e418fcb99928e963aac46e1868dad

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: VAxaJz8ePnwOdahM99Tvwwini9fheCkL
content-encoding: gzip
etag: "12ce2dbd11d516393610febb989a2e05"
age: 57
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 865
x-amz-id-2: Zl4hKxrBQT0QypeFi9DOYFi53C1UvNs/D9lE+Wl/4XxWyl+FyP5hdjLHV01kit5oQlD1C5VmNC8=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:37:01 GMT
server: AmazonS3
x-timer: S1624101542.775416,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: WKVQ0CEHP50CP020
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 77
x-cache-hits: 30

GET
H2 200 userx.20210616-34-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 23 KB
8 KB 7ms
6ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210616-34-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/futureplc-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 78cd98c948de43fb86a945154e2e3d04c5d563d971fdd2db15103cc844efb7d6

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Qd7vhYyuYFUQ.pg.gTHStlE_cAHomdAg
content-encoding: gzip
etag: "7178a6044dd2cebcfa7d24b58ac97fbb"
age: 104
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7964
x-amz-id-2: 9oucq6CbWLTMF3BJnAn97Bk3+D0YyoIOlpKB9M/mKQf/QXHIoVNB5ymyBRiIkA98ANBTu17Aq04=
x-served-by: cache-fra19180-FRA
last-modified: Thu, 17 Jun 2021 08:36:03 GMT
server: AmazonS3
x-timer: S1624101542.784495,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
x-amz-request-id: 7VBQ5KS5JZRAH1FW
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 77
x-cache-hits: 48

GET
H2 204 debug
trc-events.taboola.com/futureplc-techradar/log/2/ 0
89 B 45ms
13ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/futureplc-techradar/log/2/debug?tim=13%3A19%3A01.761&type=warn&msg=Dynamic%20Translation%20load%20is%20enabled%20but%20response%20is%20missing%20the%20map.%20Using%20embedded%20solution&id=6313&cv=20210616-34-RELEASE&lt=deflated&pct=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:19:01 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 7375

GET
H2 204 debug
trc-events.taboola.com/futureplc-techradar/log/2/ 0
88 B 45ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/futureplc-techradar/log/2/debug?tim=13%3A19%3A01.769&type=error&msg=Exit%20TRCRBox.loadScriptCallback(retry%3D0)%3A%20no%20items%20in%20response%20-%20thumbs-feed-01&id=1424&cv=20210616-34-RELEASE&lt=deflated&pct=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:19:01 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 7375

GET
H2 204 debug
trc-events.taboola.com/futureplc-techradar/log/2/ 0
88 B 45ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/futureplc-techradar/log/2/debug?tim=13%3A19%3A01.771&type=error&msg=Exit%20TRCRBox.loadScriptCallback(retry%3D0)%3A%20no%20items%20in%20response%20-%20organic-thumbs-feed-01&id=8527&cv=20210616-34-RELEASE&lt=deflated&pct=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:19:01 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 7375

GET
H2 200 f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 4 KB
2 KB 7ms
6ms Image
image/svg+xml 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding: gzip
etag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
age: 2
via: 1.1 varnish
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1758
x-amz-id-2: QvMTzrJ1sqHqbtTS38GSlbgcAwEVpb/6/VVZi7XQWhIdO7VhR40gonWNObdQTHplF21EUdzhZZA=
x-served-by: cache-fra19180-FRA
last-modified: Wed, 07 Feb 2018 11:15:52 GMT
server: AmazonS3
x-timer: S1624101542.797915,VS0,VE0
date: Sat, 19 Jun 2021 11:19:01 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: QQEHSY6P3GVEQ2QG
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/svg+xml
access-control-allow-headers: *
abp: 77
x-cache-hits: 2

GET
H2 200 UnitFeedManagerDesktop.min.js Show response
vidstat.taboola.com/lite-unit/1.4.0/ 80 KB
24 KB 9ms
7ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/1.4.0/UnitFeedManagerDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6e2297899242fa4c800ff7320c93d3cd0bbb89770cf0a1d5614b0f183c94dc70

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront), 1.1 varnish
age: 902296
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 23966
x-served-by: cache-fra19180-FRA
last-modified: Tue, 31 Mar 2020 13:14:35 GMT
server: AmazonS3
x-timer: S1624101542.827782,VS0,VE0
etag: "9284c0ece401137f8f576e2e3ba9e6c1"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: iA6R1_CQvut40DNYjntqsihKi-VgFR5Yuxhl0_SklEIU8vjNbV9CGw==
x-cache-hits: 8940

GET
H2 200 yyJZUrX92JXL9u67TvF5oU-1200-80.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.mos.cms.futurecdn.net/ 6 KB
6 KB 13ms
8ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.mos.cms.futurecdn.net/yyJZUrX92JXL9u67TvF5oU-1200-80.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3fa7c3d2bda5fb3e2d317497f21ea44e90f96c5ff5f85f6718aacf683920eed9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 956366
edge-cache-tag: 505602323804374607973206292148510526870,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 515
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.mos.cms.futurecdn.net/yyJZUrX92JXL9u67TvF5oU-1200-80.png
content-length: 5668
x-request-id: b4923ae4eb3069b6b7196dd01253bd8c
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Tue, 08 Jun 2021 09:25:53 GMT
server: nginx
x-timer: S1624101542.838540,VS0,VE1
etag: "2d2effd0ff41fde0145766fd87da068b"
x-served-by: cache-wdc5572-WDC, cache-dca17779-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 49615a12b5f7ceeb27c6af4cfb98dee1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 73 KB
74 KB 13ms
9ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/49615a12b5f7ceeb27c6af4cfb98dee1.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a720219b1ee9707221b5e795190cba4d2f7dff452d638ef4c3b310a679c2101b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 955091
edge-cache-tag: 570966354911554235161356603699804241054,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 190
expiration: expiry-date="Thu, 10 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/49615a12b5f7ceeb27c6af4cfb98dee1.jpg
content-length: 74818
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 10 May 2021 14:59:54 GMT
server: nginx
x-timer: S1624101542.838476,VS0,VE1
etag: "32564349ea156b9bff3f8da0d233a08b"
x-served-by: cache-wdc5563-WDC, cache-dca17753-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 7e016667a06c3953bbd551436b1db2b6.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 44 KB
45 KB 11ms
7ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7e016667a06c3953bbd551436b1db2b6.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f797457740539e0f84dafa80fd8efe1a55ed91d638f3cd4e8a0d4460cbd8804f

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 987985
edge-cache-tag: 482821531515689230506783830797345189770,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 704
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7e016667a06c3953bbd551436b1db2b6.jpeg
content-length: 45444
x-request-id: 9c8e9a66cdedfb4eebf5424ab6e9629a
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Mon, 24 May 2021 00:47:50 GMT
server: nginx
x-timer: S1624101542.838446,VS0,VE1
etag: "d8c4246725bbea08be834aa7cee0cde4"
x-served-by: cache-wdc5527-WDC, cache-dca12926-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 1

GET
H2 200 12a5dfeeb4f380b0c7db08cb7978917a.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 50 KB
50 KB 13ms
10ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/12a5dfeeb4f380b0c7db08cb7978917a.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b9c4dc59cde921ae082c73aaa8c9a1dfa74f8df3a07d161b0db360f33f10fed2

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 789183
edge-cache-tag: 330962844905796968335132538951817369094,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 116
expiration: expiry-date="Thu, 08 Jul 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/12a5dfeeb4f380b0c7db08cb7978917a.jpeg
content-length: 50776
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 07 Jun 2021 03:00:28 GMT
server: nginx
x-timer: S1624101542.838471,VS0,VE1
etag: "2d6a1456af17c67fdbbc26796e05eff9"
x-served-by: cache-wdc5565-WDC, cache-dca17744-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 204 social
trc-events.taboola.com/futureplc-techradar/log/3/ 0
230 B 14ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/futureplc-techradar/log/3/social?route=AM:AM:V&tvi2=2512&lti=deflated&ri=141f7cfe21f1f45d97967dd63f8dfa94&sd=v2_5b585ce141d9c94298d10c53dc8f6794_abc22292-0686-4229-b72a-364456e16b55-tuct7c75825_1624101541_1624101541_CNawjgYQuM89GLur-5-iLyABKAEwODib4wlAhIoQSLCG2ANQo-wQWAFgAGixr-m1yv33zq0B&ui=abc22292-0686-4229-b72a-364456e16b55-tuct7c75825&pi=/news/multiple-turbotax-customer-accounts-hacked&wi=-5742858714333041513&pt=text&vi=1624101541307&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22TurboTax%20customer%20accounts%20affected%20by%20cyberattack%22%2C%22sec%22%3A%22Computing%22%2C%22aut%22%3A%5B%22Mayank%20Sharma%22%5D%2C%22img%22%3A%22https%3A%2F%2Fcdn.mos.cms.futurecdn.net%2FXxEvtaBKpJqN7Wv27Q5bvC.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=13%3A19%3A01.831&id=8319&llvl=1&cv=20210616-34-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sat, 19 Jun 2021 11:19:01 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 supply-feature
trc.taboola.com/futureplc-techradar/log/3/ 0
258 B 16ms
16ms Image
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/futureplc-techradar/log/3/supply-feature?route=AM:AM:V&tvi2=2512&lti=deflated&ri=141f7cfe21f1f45d97967dd63f8dfa94&sd=v2_5b585ce141d9c94298d10c53dc8f6794_abc22292-0686-4229-b72a-364456e16b55-tuct7c75825_1624101541_1624101541_CNawjgYQuM89GLur-5-iLyABKAEwODib4wlAhIoQSLCG2ANQo-wQWAFgAGixr-m1yv33zq0B&ui=abc22292-0686-4229-b72a-364456e16b55-tuct7c75825&pi=/news/multiple-turbotax-customer-accounts-hacked&wi=-5742858714333041513&pt=text&vi=1624101541307&d=%7B%22event_type%22%3A%22END_OF_ARTICLE_MEASUREMENT%22%2C%22event_state%22%3A%22REPORTED%22%2C%22event_value%22%3A%22%7B%5C%22distance%5C%22%3A537.421875%2C%5C%22articleClasses%5C%22%3A%5C%22text-copy%20bodyCopy%20auto%5C%22%2C%5C%22articleTag%5C%22%3A%5C%22DIV%5C%22%2C%5C%22threshold%5C%22%3A%5C%22450%5C%22%7D%22%7D&tim=13%3A19%3A01.861&id=8478&llvl=1&cv=20210616-34-RELEASE&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624101542.865574,VS0,VE9
x-served-by: cache-fra19180-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7e016667a06c3953bbd551436b1db2b6.jpeg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f797457740539e0f84dafa80fd8efe1a55ed91d638f3cd4e8a0d4460cbd8804f

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 987985
edge-cache-tag: 482821531515689230506783830797345189770,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 704
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7e016667a06c3953bbd551436b1db2b6.jpeg
content-length: 45444
x-request-id: 9c8e9a66cdedfb4eebf5424ab6e9629a
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Mon, 24 May 2021 00:47:50 GMT
server: nginx
x-timer: S1624101542.900030,VS0,VE0
etag: "d8c4246725bbea08be834aa7cee0cde4"
x-served-by: cache-wdc5527-WDC, cache-dca12926-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.mos.cms.futurecdn.net/yyJZUrX92JXL9u67TvF5oU-1200-80.png
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3fa7c3d2bda5fb3e2d317497f21ea44e90f96c5ff5f85f6718aacf683920eed9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 956366
edge-cache-tag: 505602323804374607973206292148510526870,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 515
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn.mos.cms.futurecdn.net/yyJZUrX92JXL9u67TvF5oU-1200-80.png
content-length: 5668
x-request-id: b4923ae4eb3069b6b7196dd01253bd8c
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Tue, 08 Jun 2021 09:25:53 GMT
server: nginx
x-timer: S1624101542.904243,VS0,VE0
etag: "2d2effd0ff41fde0145766fd87da068b"
x-served-by: cache-wdc5572-WDC, cache-dca17779-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/12a5dfeeb4f380b0c7db08cb7978917a.jpeg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b9c4dc59cde921ae082c73aaa8c9a1dfa74f8df3a07d161b0db360f33f10fed2

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 789183
edge-cache-tag: 330962844905796968335132538951817369094,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 116
expiration: expiry-date="Thu, 08 Jul 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/12a5dfeeb4f380b0c7db08cb7978917a.jpeg
content-length: 50776
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 07 Jun 2021 03:00:28 GMT
server: nginx
x-timer: S1624101542.904201,VS0,VE0
etag: "2d6a1456af17c67fdbbc26796e05eff9"
x-served-by: cache-wdc5565-WDC, cache-dca17744-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/49615a12b5f7ceeb27c6af4cfb98dee1.jpg
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a720219b1ee9707221b5e795190cba4d2f7dff452d638ef4c3b310a679c2101b

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Sat, 19 Jun 2021 11:19:01 GMT
via: 1.1 varnish, 1.1 varnish
age: 955091
edge-cache-tag: 570966354911554235161356603699804241054,579179033019623958066548589099963835462,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 190
expiration: expiry-date="Thu, 10 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/49615a12b5f7ceeb27c6af4cfb98dee1.jpg
content-length: 74818
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 10 May 2021 14:59:54 GMT
server: nginx
x-timer: S1624101542.910412,VS0,VE0
etag: "32564349ea156b9bff3f8da0d233a08b"
x-served-by: cache-wdc5563-WDC, cache-dca17753-DCA, cache-fra19180-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

GET
H2 204 social
trc-events.taboola.com/futureplc-techradar/log/3/ 0
230 B 14ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/futureplc-techradar/log/3/social?route=AM:AM:V&tvi2=2512&lti=deflated&ri=141f7cfe21f1f45d97967dd63f8dfa94&sd=v2_5b585ce141d9c94298d10c53dc8f6794_abc22292-0686-4229-b72a-364456e16b55-tuct7c75825_1624101541_1624101541_CNawjgYQuM89GLur-5-iLyABKAEwODib4wlAhIoQSLCG2ANQo-wQWAFgAGixr-m1yv33zq0B&ui=abc22292-0686-4229-b72a-364456e16b55-tuct7c75825&pi=/news/multiple-turbotax-customer-accounts-hacked&wi=-5742858714333041513&pt=text&vi=1624101541307&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22player-iframe%22%2C%22nm%22%3A%22video%22%2C%22c%22%3A1%2C%22m%22%3A%22video%22%7D%2C%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.techradar.com%2Fnews%2Fmultiple-turbotax-customer-accounts-hacked%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22TurboTax%20customer%20accounts%20affected%20by%20cyberattack%22%2C%22sec%22%3A%22Computing%22%2C%22aut%22%3A%5B%22Mayank%20Sharma%22%5D%2C%22img%22%3A%22https%3A%2F%2Fcdn.mos.cms.futurecdn.net%2FXxEvtaBKpJqN7Wv27Q5bvC.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=13%3A19%3A02.585&id=6517&llvl=1&cv=20210616-34-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sat, 19 Jun 2021 11:19:02 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 204 bulk Show response
trc.taboola.com/futureplc-techradar/log/3/ 0
295 B 29ms
28ms XHR
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/futureplc-techradar/log/3/bulk?tvi2=2512&route=AM%3AAM%3AV&lti=deflated&bulkSize=5
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Sat, 19 Jun 2021 11:19:02 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624101543.846872,VS0,VE9
x-served-by: cache-fra19180-FRA
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.techradar.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
711 B 10ms
10ms Image
image/png 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: www.techradar.com
URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://www.techradar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 13321
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: mouaSx+zLz+daByqFPTyWftjEEWVx2Ra4QTNy9MPIUClTT4jaqZDUS1ZHFYvQA07FPAY+M6uW30=
x-served-by: cache-fra19180-FRA
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1624101543.876194,VS0,VE0
date: Sat, 19 Jun 2021 11:19:02 GMT
x-amz-request-id: 6P8Y14FA9N2SAAH6
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 77
x-cache-hits: 5214

POST
H2 200 NRJS-85cca59f12bf4593115 Show response
bam.eu01.nr-data.net/events/1/ Frame 9A89 24 B
104 B 21ms
21ms XHR
image/gif 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://bam.eu01.nr-data.net/events/1/NRJS-85cca59f12bf4593115?a=158799923&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=10376&ck=0&ref=https://www.ultimedia.com/deliver/generic/iframe

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.ultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 19 Jun 2021 11:19:06 GMT
via: 1.1 varnish
x-timer: S1624101547.600922,VS0,VE14
x-served-by: cache-fra19178-FRA
strict-transport-security: max-age=300
x-cache: MISS
content-type: image/gif
access-control-allow-origin: https://www.ultimedia.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 24
x-cache-hits: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPI39q-ts9n-nHLioJtGY0g2zpeN0YNdbUFPpTwi-vS0Wcm57vZlK-w-9cEWihWOCWNxFClp1lmqfFPTG4u0SshH2Sv-i2VtOw&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1

Domain: um.wbtrk.net
URL: https://um.wbtrk.net/doubleclick/user/match?google_gid=CAESEKfrA2ITgMGzCI7FhJKRl8Q&google_cver=1&google_push=AYg5qPLZXtmtMNxnuK1QG_1FclsQB1LfWI46Fjl1zcynEp6tlnOc2dg7NOwFxI1gWT-MHdx3pGBANmc45tK5J74QB3Ra_UGOTGOI

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPLAKzKquI5wENA2GaRyUVeGidQXoJxHwrJCAD3bqfJFxYSytMg_I2bBvxhJ6su8vNYLhnU6qDILzJx1wHBg8dxC6tJKTc-O5g&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YM3So-RXxROUWiLWGfuY5wAABKkAAAAB&google_push=AYg5qPJGo9Xa9u9FXSpOG5d7msn7LN0qETzK4B7Yd9uuQpR3nTsqQbR9SVV09HXjqLzVe8eiFnQw-ieKGRFWtLPHQ9yACJWiE3_M&google_gid=CAESEFRnOiWl4gPX3GTR7C43olw&google_cver=1

Verdicts & Comments Add Verdict or Comment

481 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.techradar.com/	1970-01-19 19:09:47	Name: _gid Value: GA1.2.2141880810.1624101535
.techradar.com/	1970-01-19 19:08:23	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked%22%2C%22sref%22:%22%22%2C%22sts%22:1624101534752%2C%22slts%22:0}
.techradar.com/	1970-01-20 12:39:33	Name: _ga Value: GA1.2.853721705.1624101535
.techradar.com/	1970-01-19 19:08:25	Name: AMP_TOKEN Value: %24NOT_FOUND
.techradar.com/	1970-01-19 19:08:21	Name: _gat Value: 1
.techradar.com/	1970-01-20 04:37:45	Name: _parsely_visitor Value: {%22id%22:%22pid=41fba9ccc59b33e07ba683d50e3965a5%22%2C%22session_count%22:1%2C%22last_session_ts%22:1624101534752}
.www.techradar.com/	1969-12-31 23:59:59	Name: FTR_Country_Code Value: DE

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	log	URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked(Line 183) Message: DOMContentLoaded at 232
console-api	log	URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked(Line 262) Message: techradar loaded successfully.
console-api	error	URL: https://quantcast.mgr.consensu.org/tcfv2/28/cmp2.js?referer=www.techradar.com(Line 1) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://vanilla.futurecdn.net/techradar/296797/media/shared/js/main.9b28108de37dacd40e1f.bundle.js(Line 29) Message: No archive filter present
console-api	log	URL: https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked(Line 184) Message: PageLoad at 583
console-api	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/video.min.js(Line 12) Message: VIDEOJS: WARN: A plugin named "errors" already exists. You may want to avoid re-registering plugins!
console-api	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/video.min.js(Line 12) Message: VIDEOJS: WARN: videojs.plugin() is deprecated; use videojs.registerPlugin() instead
console-api	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/video.js/7.7.5/video.min.js(Line 12) Message: VIDEOJS: WARN: videojs.plugin() is deprecated; use videojs.registerPlugin() instead
console-api	warning	URL: https://www.ultimedia.com/js/player-digiteka/dtkplayer-vjs.js?v=5.11.06(Line 1) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	info	URL: https://cdn.ampproject.org/rtv/032106141722000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2106141722000 https://www.techradar.com/news/multiple-turbotax-customer-accounts-hacked
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.5.js(Line 32) Message: a: 0.001953125 ms
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js(Line 3) Message: Dynamic Translation load is enabled but response is missing the map. Using embedded solution
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js(Line 3) Message: Exit TRCRBox.loadScriptCallback(retry=0): no items in response - thumbs-feed-01
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210616-34-RELEASE.js(Line 3) Message: Exit TRCRBox.loadScriptCallback(retry=0): no items in response - organic-thumbs-feed-01

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
a.tribalfusion.com
a47bfe330ee71e8bcd1442dbf471a81c.safeframe.googlesyndication.com
ad.turn.com
ads.servebom.com
ads.travelaudience.com
ads.videoadex.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ampcid.google.com
ampcid.google.de
ap.lijit.com
api.bam-x.com
api.vanilla.futurecdn.net
bam.eu01.nr-data.net
boot.pbstck.com
bordeaux.futurecdn.net
btloader.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn.mos.cms.futurecdn.net
cdn.onesignal.com
cdn.parsely.com
cdn.pbstck.com
cdn.taboola.com
cdnjs.cloudflare.com
champagne.futurecdn.net
cm.g.doubleclick.net
cms.quantserve.com
config.seedtag.com
connect.facebook.net
dclk-match.dotomi.com
dmp.truoptik.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
futureplc-com.videoplayerhub.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hawk.techradar.com
ib.adnxs.com
image2.pubmatic.com
image6.pubmatic.com
images.taboola.com
js-agent.newrelic.com
match.adsrvr.org
medialb.ultimedia.com
ml314.com
p.cpx.to
p1.parsely.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.advertising.com
pm.w55c.net
pool.grid-data.bidswitch.net
pr-bh.ybp.yahoo.com
ps.eyeota.net
quantcast.mgr.consensu.org
r.skimresources.com
r.turn.com
rtb.openx.net
s.ad.smaato.net
s.cpx.to
s.tribalfusion.com
s0.2mdn.net
sb.scorecardresearch.com
secure.adnxs.com
securepubads.g.doubleclick.net
slice.vanilla.futurecdn.net
ssbsync.smartadserver.com
stags.bluekai.com
static.adsafeprotected.com
static.narrativ.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.mathtag.com
sync.search.spotxchange.com
sync.smartadserver.com
sync.teads.tv
tags.bkrtx.com
token.rubiconproject.com
tpc.googlesyndication.com
tracking.m6r.eu
trc-events.taboola.com
trc.taboola.com
uk-script.dotmetrics.net
um.simpli.fi
um.wbtrk.net
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
vanilla.futurecdn.net
vidstat.taboola.com
widget.perfectmarket.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.techradar.com
www.ultimedia.com
cm.g.doubleclick.net
um.wbtrk.net
104.111.228.137
104.111.242.245
104.16.91.60
104.18.133.145
104.244.36.20
141.226.228.48
142.250.184.194
142.250.185.98
151.101.114.114
151.101.13.181
151.101.13.44
151.101.14.110
151.101.14.137
151.101.14.49
151.139.128.11
169.50.137.190
172.217.16.130
18.195.130.212
18.197.99.6
185.113.25.52
185.113.25.62
185.29.133.199
185.33.220.244
185.33.221.89
185.64.189.115
185.64.190.80
185.86.138.114
185.86.139.94
185.94.180.126
2.18.234.21
2001:678:cb4:bbbb::11
216.52.2.48
23.45.99.241
2600:9000:2104:1800:9:46dc:4700:93a1
2606:4700:10::6816:15d
2606:4700:10::ac43:1997
2606:4700:20::ac43:4686
2606:4700:3039::6815:c077
2606:4700::6810:125e
2606:4700::6810:5614
2606:4700::6810:7aaf
2606:4700::6812:c05
2606:4700::6812:e134
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1288:80:800::7001
2a00:1450:4001:800::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2006
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2004
2a00:1450:4001:810::2008
2a00:1450:4001:810::200e
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2001
2a00:1450:4001:828::2001
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:400c:c07::9b
2a02:fa8:8806:16::1400
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.123.143.157
3.126.56.137
3.127.178.105
3.231.179.169
35.156.250.242
35.186.193.173
35.190.0.66
35.190.59.101
35.227.252.103
35.244.159.8
51.210.215.111
52.205.167.202
52.211.195.119
52.212.39.74
52.213.246.12
54.194.137.128
54.246.143.132
65.9.77.106
65.9.77.122
65.9.77.45
65.9.86.61
66.155.71.149
67.27.234.124
69.173.144.138
72.251.244.140
76.223.111.131
85.114.159.93
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
025cd92e900ceb1570614c16c3a0828fa3c439bcb47cf8dcf059e9eeea3bed77
06503352984183697b7695de1d989652bc05634c474b958169e92a3b430d9d34
08ab941f4ec89349e726684b25e12cf47e0743c8901666062a0e13ce9c7fe42e
0ad8ff16d564ea282c6e2fef20b32da05b467cc75d5d61bfabd5aaacad5c4a68
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c1b1571e3db7ac45f12a66b7b26d6d7aec244406a9c36f75d2243da5b96ed77
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c
0ec71ff87102ef7cbd44db128703ca84c8360dd0fb07d69b2d7de6553f61c3e6
0f7021610b9cd6073912f1a3ffa0dbdf7b6b52edf827f2cbff76a0e4fc0f2014
10a309db055151bac385330a41350892b8366944a67f88289c2a7ae3e4dc5ecd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1275f5002f1fb5418de69bba40d0be4b9613e7aa418ee1e4944fe3d3dc3040ff
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
131423a5b0117aa6fddbde39abed88048b2ee6a147ade1fbf040b551614ab2d2
132e07f2ff5c408cc7d7b7e8e0ab00df19f8dcd7590fc29eef84ba1294abb3a1
15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226
174fa874eee88ffd59d5c9cc7fd064f06e721fad3a156ddb5f4098fd987eb5f9
1a7b2074a4f6e9742910ffa5e1ed7bffe31770ec68f8b9a1cb4d5b2dba06d197
1b1652f5c37b04bbffd31d5e91a30120d22e418fcb99928e963aac46e1868dad
1c7ce503a6b246061f03e62c24a189fcb0586593f069a083b15684cf52cca5e0
232e2107e9ebb4adaae34e5aa7f8eba38b819ed4a735bac8f26d41106635c97c
23b7aa657b062d1d82e2d3c61184adc01688c613fa3d5098fcf1905fe9fae16c
248f51c9a7f6136709822ceccfe6f73892d869514a8368ba7f4d542965c22088
25b527f4bc5d184c82877a9ec68c04dfd8bf60588733ada0b669d9711ca11b23
25f67b8d248a294dedff8595c60e50def75f5aeaa99aa113de31c360c06e1c2e
2645d09b4b8af80535aa165ec758091cb8826569b9cecea5ab2dc6186371b0b3
284fdff0fb208f095883c8dfe58887e7f489b1eb1d2983b4a723dbaabc911aa7
29507fd3a172d0d54a23c53defa95fe78dbf477c5577b7b789abc2946c8a40d8
2caf174ed6d24a795610fd53645a4807320592e14310fb220f95772249729db1
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2f548bc7676dd25abb9901005467dc9e3c7df5de142e003293bdb2409378a310
303a80079b8134e227e25c4489e1f70ed498e2045f36b80c780365411e05156f
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34a01a90180d01eac132d910689ea582fa9ea91fe9d70c41c414db245c1a2be6
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37e462e1f7550be08dccd8e494b056922c15d33681fcd2ed083c025dadbcd6d8
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
3b5c9d3b1a69cfa4ef54ad04e4a8c1725d0c487e5192f200fbfd5c2f96258192
3d4887cf9b1f61cd538c45a6c3a7706d3c540d40c881ea1e12b3a52ceb4e270c
3f16ac21e440ca9e4121318b6321d3cf83ed58ab737e36308a964ca79425765a
3fa7c3d2bda5fb3e2d317497f21ea44e90f96c5ff5f85f6718aacf683920eed9
408abc3a5bedff37056ecb1ba4872225de8a269ffe9aa04fd8fd38a7e7ec5116
40ec91b5987ae5536857c45f2a644ebb428fd1fa5c176a7919edcd388c519ae3
43fc744dc9f9bdd26ba499a6e1840b548740e7ce2b63e7c986d997d2bcae496e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
450cd8f0848a395dd1c0e329fe4f5444e58cfd576162312a30d74a095d7135f2
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
47b909013d3417b03924fcd883814b0bb4de66cacb2e7e66b8bbb367b5cf9d40
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a531652edc904de03234d8344995e573fe6ded1dd7fa20c8dc8cb2d5d1137b7
4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9319ff054a4e23bcf5955ea6cfa3ac0caf3065f316b6648b73169ec4e4fc82
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
549d9a488e722d661169203e2c3aa51f5e76ce3bd9848963c5172a2acbe7bed0
56b74a7b6aae50f4c4c7e586df6be251b2445721ddeec694c9d7341664e88e04
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
5913491ab33dd1891820af7d900c22d50839b52cc5e6c7c8da2bfa405d2ba8b0
5d5c1ed77b99d3f67ef7d419e1d6d78a663d8cac3668749252aa85c88cdef8fe
5de4d39b298a975f2e5e8ba914ed1dd280b93506e7e1e6d74f7157dad088cef3
5e7a2bad37bbfa59daaa3d64641cd088b37d9fb9dbfe56ecea073e70a49034a6
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
5f75046fd5a2476a7900590faf1640a3b1b8786c778c5b77e83ac89228b5cb50
6246181ac297819af28db2b38ae02ec62ce6898359187bce59b9296a1b56dac2
633e8e4321d69a35b6a8e7f89f638be406db896dcbe25d70c670124046b33bcb
675ab0a24f0160c73eaa7dde430b9f5ee68a54dc0c0c8d7d2bd0a811f30f6fd5
675deebe8fdfa76a2f9b7e6a289778a4fd48efbd06271815cab952ea2a8297f1
6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda
6e2297899242fa4c800ff7320c93d3cd0bbb89770cf0a1d5614b0f183c94dc70
6e68f2acf3fa748d9e49f0aef011881bd36464c6acc3dd8da372d1ffd01ab1b5
6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9
6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8
70a3c68ee8ccb00752002a45bfb79c13ce97435ac5e3f1b5bc02094f4db6cd3e
72038f7e343171cc1da3c3810b23efa80fcfa1667a2134c794a3c13310da8dd1
72766bdcbc667afaa318b08a68c4438a077a626f0f5e4906c26dcdfb4a5159f3
73a783d2e5f778e1af41cc4126dfea9956cf43a518e2707658c0200c93765527
73e1a83763138cda9698dce772af8cc13c3f2cc5627269b8ea1d1a44edc8baa1
7596715c38f9d9cb99868ddaace96be2dd70b73bd0db7f6e51452320ec6c9672
75c31224c26778b891b6059a4890944602233d94b66a0390c2832082cf2f0229
768b4c5398b942252e2ea031605dc76450130f831eb830091fcf4fd5a452f134
76b7bfe1c73966516f95f039734ac728c843a664e8fb860820b75c08bdf7be07
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
780396b361c35383795d3d1fb3e71e8c1e57e717973f3a4599ec4f11ba75f84e
78cd98c948de43fb86a945154e2e3d04c5d563d971fdd2db15103cc844efb7d6
798fd497fbd16c26e7c04c4974205af4bfaa3ddbbbf5d50c08c60c6076a90c8e
7a1ab1bbff48ffaf19924ecc9eceadd85d61899da1b6fae2d1f71841b3bb8927
7be1cbac7f3e77c7aaf3be35723f1c1d0b328b464fbc7ec33d0fec1ba693616c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8036e893559287b0a9982f4476fc16208c7b98a0b0b73622085a1d7a35a62270
80a9802565210d90b27dbbeebb8cec9a910dcbe2777e207af4baf1a69145f116
823ad659e6ed50a1ad0daa3a883b0764257d4b65b2275c088ec49f34e68ae6bd
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
842a744745a2dbf574be528ddf41025c034e11e4226fa0738bfd9110acf64204
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85da858da197bc034ddd6a90ba04a4e1b9d61392aa8dd4ae322d26b02107b53d
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
890fcfaadd00fd8483e1ba7b51c31b099af96c719211d43df3838be8288641b9
89e89a88516b28a3f5735f8dc6ef9937b2fe9584982bce4cbddb60ff67389b15
8bd8efc43a7c783ebcfdd6eeaa231e502ffac82fe6983e457eea36a301c7d5a9
8ec272b76ebdf8756da8e60cbec342b26e1e314d223b828e34b02aedea5d6d5a
8f77a5637f21ed2fd3ec40fdabed99089c7e9483b26601ada71eb546cf959930
90bf6452264f553da2a967eb617aeb61a5fd7e18fbe6b61db1716a8de702d832
91f94a3c7e05d1c1afd01260e88ebea5be6720ed3514c7a82bba96a33d4d6b21
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
99e39599d9a8292c712094b6114233d19961923037fc0e2d9441c773f654b98a
9a2c0a3b3510b56be29d68362d3e731986fdc810bb57d6ed461185b278ff89e2
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c3bf56a50e683c3a6f650cefdd3d6d1c1821956ff6e540d197582f024bf930d
9cb2e0e04c3dd1a8cf41139a13fd64aaf807208375a7b3f624efe99f141eee7f
9cc73673ee110f8f020e736a2667ff047f37903796651016d27b9338b26733d8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
9ffd9b775c0e9b7d1ffdb066dd7f12b73678e004f5b8f4407f13fedf04df75e4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a248461f716cfc969cc2600b73be331cb7ec48f4c745cc1105c34322b5e1ec47
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a634caafaf97a747cdf2f0995363aa8188ff5181d533c14de30fbe607d0a49bc
a720219b1ee9707221b5e795190cba4d2f7dff452d638ef4c3b310a679c2101b
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a90aaae188d09a4332ae42195cf1ae89071f0d8f65d72fb5db5dfff6e85e2162
a9e981ae78d049d13c88bb8c8138a69c63fdcc58d793c7aa3017bbbf8cc6ceb4
aa33ff28df27cb82f3db3f7e5b9f726796099b323565ef93a867a2b4b440154f
aaa2c811c57c6b7d0d1dc088a9642b932d0a4039e582bb8f75ad3d250a180317
ad340d4f58ae9631c5693ba08f4ab31c30515eec5dd15eb1f032dd7b87652fb2
adba0bbe3ed4a927cf6207a478975bea85c225b56b579ef189b23204f728d1f7
ae606d55159036056ae7af211d701d66df6929f096a1eb9b0f3c6ba7ca66eba1
b0c3a6f5688d7e52c6c7eabc9ad866fa8e92127394cebae37f213bfe74d12add
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b176de534428b3b8d36fb821412c5075cc426bfb3fe282571bcd9f00f2c0b152
b394ea8edffcaa643791a6d6ae840f701975acead68e3a8a627f0c0122034a63
b51423401412ab5d2fec98015b6892087f95d633507fb7a047e9851abb23f221
b9c4dc59cde921ae082c73aaa8c9a1dfa74f8df3a07d161b0db360f33f10fed2
bc07683824de08b1a3136c6c195ac3983eea1d32f3b2dab2b11c2ed14cd03a4b
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bedb250fbc085e7e094128dc62fd514630fd0cc924780d5b6052d922d30d79aa
bef7e561e79fa98d7f1cf8d3e1fdb781e51c88aa1a9a0533731d58912bced150
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c6530271d4d8b9614c7561b8ca15af450460b8c8c443ae4898b7ee400056817c
c7074428f35c5b89051302a21c430412e5c17881667183b4b52fbd19ed9178ab
c90ba3deb367832ba13c564bcb1c2f1f59962f17fb3bf92307681616a9e16203
c9ea51e6a1e73d647d660816accb37152b01f7aa01236c442021693ed79a64e8
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb119772d56823f206a68f49c240df40fc4d53d670272fb6b2174083bf386448
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e4669f4a99a7e805a5eb964c1ebc48916cefe5a5a4ce226e2b49bbd9f26c82
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d10bfad757ebad3e5250a813741d2e98dde085d3dee974beaa2fd5b3d8c76f21
d192dd389cf1bd71de9ec65f62295e0b44c2d75051d3d61c9bf863b7d3052ced
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d4c0c1b8a101cc1dc9ce8082e9d2a974a99983567fe19c79f6399beb5a5b4e05
d6d96318f7877c187bdf3878e8399b8b35560529f2cdfe561f3b4208998a81a0
da0d225b827963ce2ee07f67c70d9358566745bd7e386b64ee0eabf015cffa1e
dacda9fa5e09c78ad75e74c2c878693d483d38011690f2fb77d38dd3cb32fc0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd8462581fbf0cc10e037227ac64af5dbfef91db165a3b932c08636fbdae1224
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567
e131feeb38c4f82f2aefa729d8d9bc04eec12df163182a4ba854805daa80cd88
e14d033f3d90fa03199f709f80132cf6ddc63756b5d026774a7402db031364cc
e28a60fb185e1a2f469880cfff94c451e46a85cdb5026e0bb03e4feb09a567a9
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d2fb5e2edecc03632d4232f8956dfc6cea25557cdd082cab892d00f2769bc4
e40171f5791b64901d1d68fb0c245b984deb3fd0986b25d10d8bf096c29c08ce
e40f20f16228a404805bce9dc67114379e181174dff3eae638f6850328508fae
e4bc0868ed790ba9ab3cc54087c6ac883e1d923adfcd8159ed4920b069062213
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e743940bd3e7cb4cea3c663f6ef0b57271fbf3e4bb26e8565faf5cdf749f213e
e78f56276c04b58863c43424709892edc08c45c7eb17bdc289d3cdd2a060fb1e
e9de171624db5ceebc3a80b2470c8b39c826b8b3e900c6a61ff5d403667d7ea4
eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09ca0b6a4a7a98dea325f0d805b061bf01d350a07efcb3f09ea136e3eae92e2
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f781adfea30c3876a3540cbe92d910804408a1926b4140345f13f5ece75dc1a7
f797457740539e0f84dafa80fd8efe1a55ed91d638f3cd4e8a0d4460cbd8804f
f7ff1f3f68d442cbfed7a7078d0f273b1d79e5bd5c38ded3d1ea29fee847f7e0
f8942a4d07d719aefb6790eec32e2d83ef40a9ddfe0e7571e33cf58a0d44262f
f8bef438d7f943286be82b012f97f30294ebfcc0f1164b889d7e577722866905
fa0911dcc4faf8c1af34373c4ef2646f429c5d322344e0e94034c1b8a5fb72bb
fcef3945ba680b542f2b2451865fac510cdb60ce654f82fde2d7fb0b876a1db9
fd6532c4263ed3258c1e1bf414a579efa07fbd236533aaf7700e51b35d0a39c2

www.techradar.com Open in urlscan Pro 151.101.114.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

406 Requests

98 %HTTPS

35 %IPv6

71 Domains

106 Subdomains

71 IPs

7 Countries

5820 kBTransfer

16679 kBSize

7 Cookies

35 Outgoing links

Redirected requests

406 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.techradar.com Open in urlscan Pro
151.101.114.114 Public Scan

Screenshot
Live screenshot

Full Image

406
Requests

98 %
HTTPS

35 %
IPv6

71
Domains

106
Subdomains

71
IPs

7
Countries

5820 kB
Transfer

16679 kB
Size

7
Cookies

406 HTTP transactions
5 data transactions