urlscan.io logo urlscan.io
SecurityTrails logo

gregorydevans.com Open in urlscan Pro
69.167.152.20  Public Scan

Go To Rescan Add Verdict Report
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity...
Submission: On April 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 27 IPs in 3 countries across 18 domains to perform 115 HTTP transactions. The main IP is 69.167.152.20, located in United States and belongs to LIQUIDWEB, US. The main domain is gregorydevans.com.
TLS certificate: Issued by R3 on March 8th 2022. Valid for: 3 months.
This is the only time gregorydevans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 69.167.152.20 32244 (LIQUIDWEB)
7 192.0.77.37 2635 (AUTOMATTIC)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 108.157.4.100 16509 (AMAZON-02)
2 192.0.76.3 2635 (AUTOMATTIC)
2 2a00:1450:400... 15169 (GOOGLE)
2 192.0.77.2 2635 (AUTOMATTIC)
13 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.34 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a02:2638:1::2 44788 (ASN-CRITE...)
1 2a02:2638::b 44788 (ASN-CRITE...)
15 2a00:1450:400... 15169 (GOOGLE)
7 2a02:2638:1::3 44788 (ASN-CRITE...)
1 178.250.0.160 44788 (ASN-CRITE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 178.250.0.139 44788 (ASN-CRITE...)
2 178.250.0.162 44788 (ASN-CRITE...)
2 142.250.186.99 15169 (GOOGLE)
2 3 2a00:1450:400... 15169 (GOOGLE)
4 8 2a03:2880:f11... 32934 (FACEBOOK)
115 27
15    69.167.152.20 (United States)

ASN32244 (LIQUIDWEB, US)
gregorydevans.com
7    192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
c0.wp.com
2    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
13    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    108.157.4.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-100.dus51.r.cloudfront.net
widget.spreaker.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com
i0.wp.com
13    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
3    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
partner.googleadservices.com
1    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
5    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
www.googletagservices.com
1    2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
rtb.nl.eu.criteo.com
1    2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
ads.eu.criteo.com
15    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
7    2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
cat.fr.eu.criteo.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
9    178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com
pix.eu.criteo.net
2    178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
csm.eu.criteo.net
2    142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net
p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com
3    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
8    2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
28 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
548 KB
18 criteo.net
static.criteo.net — Cisco Umbrella Rank: 632
pix.eu.criteo.net — Cisco Umbrella Rank: 7400
csm.eu.criteo.net — Cisco Umbrella Rank: 7420
351 KB
15 gregorydevans.com
gregorydevans.com
795 KB
12 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
82 KB
11 wp.com
c0.wp.com — Cisco Umbrella Rank: 6955
stats.wp.com — Cisco Umbrella Rank: 2657
pixel.wp.com — Cisco Umbrella Rank: 2521
i0.wp.com — Cisco Umbrella Rank: 2767
97 KB
8 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
5 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
2 KB
4 gstatic.com
fonts.gstatic.com
p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com
54 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
109 KB
3 criteo.com
rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11325
ads.eu.criteo.com — Cisco Umbrella Rank: 7422
cat.fr.eu.criteo.com — Cisco Umbrella Rank: 9840
48 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 7579
914 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
85 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
97 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
2 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
5 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 794
652 B
1 spreaker.com
widget.spreaker.com — Cisco Umbrella Rank: 46333
50 KB
115 18
Domain Requested by
15 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
15 gregorydevans.com gregorydevans.com
c0.wp.com
13 pagead2.googlesyndication.com gregorydevans.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
12 googleads.g.doubleclick.net pagead2.googlesyndication.com
gregorydevans.com
googleads.g.doubleclick.net
9 pix.eu.criteo.net ads.eu.criteo.com
8 www.facebook.com 4 redirects connect.facebook.net
7 static.criteo.net ads.eu.criteo.com
7 c0.wp.com gregorydevans.com
3 www.google.com 2 redirects tpc.googlesyndication.com
3 www.googletagservices.com googleads.g.doubleclick.net
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com googleads.g.doubleclick.net
p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com
2 csm.eu.criteo.net ads.eu.criteo.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 i0.wp.com gregorydevans.com
2 fonts.gstatic.com fonts.googleapis.com
2 connect.facebook.net gregorydevans.com
connect.facebook.net
2 www.googletagmanager.com gregorydevans.com
www.googletagmanager.com
2 fonts.googleapis.com gregorydevans.com
cdnjs.cloudflare.com
1 cdnjs.cloudflare.com ads.eu.criteo.com
1 cat.fr.eu.criteo.com ads.eu.criteo.com
1 ads.eu.criteo.com googleads.g.doubleclick.net
1 rtb.nl.eu.criteo.com gregorydevans.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 pixel.wp.com gregorydevans.com
1 stats.wp.com gregorydevans.com
1 widget.spreaker.com gregorydevans.com
115 28

This site contains links to these domains. Also see Links.

Domain
nationalcybersecuritynews.today
www.nationalcybersecurityuniversity.com
www.famethemes.com
Subject Issuer Validity Valid
gregorydevans.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-27 -
2022-04-27		 3 months crt.sh
*.spreaker.com
Amazon		 2022-03-21 -
2023-04-19		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.nl.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-15 -
2022-06-13		 3 months crt.sh
*.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-19 -
2022-06-18		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-13		 3 months crt.sh
*.fr.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-13 -
2022-06-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
*.eu.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-10 -
2022-07-04		 3 months crt.sh

This page contains 18 frames:

Primary Page: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Frame ID: 683FC5592E3EE4BB23C5A30D0FA59DD4
Requests: 51 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/zrt_lookup.html
Frame ID: C7C54B2A967DF16730A997AE4EFAB8AA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&adk=1812271804&adf=3025194257&lmt=1650395587&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992111&bpp=3&bdt=702&idt=107&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1796572211344&frm=20&pv=2&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=123
Frame ID: 67C254EE6B7267579F5580B240C0C4F2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Frame ID: 9F9FDE1036A0413B5D85C99C78F69854
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Frame ID: B7272D849C542D6F5F774F0CB255A646
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Frame ID: C4A1ED014517EE36D26F482618D2CB90
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Frame ID: E7C7632165301BAE32D1DE30CDBB6E1A
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 985116F7862E871D68E6F27477CB606E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 27DDA5C120381009CE5B791E93FC6EB8
Requests: 2 HTTP requests in this frame

Frame: https://p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 852101FEAA37359F921C1AC0E1103D61
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Frame ID: BDB3AD91CDBC7EFEEB33E1A0FD5D2A07
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16492ac1aaf544%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2523%2521%252FGregoryDEvansPage%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Frame ID: B281B9D28EF17791AC4D9BBD5BB585FC
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1ca3baddce1724%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FParent-Security-282739111832532%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Frame ID: F663DE1531C645CAF909F3BE7C204113
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df18ea96bce51edc%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FNCSByHTCS%253Ffref%253Dts%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Frame ID: 443AA4A2F9D4E00343ADA866C1B534FE
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2298e8e8c05d64%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FDatingScams101-115681623151080%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Frame ID: 7B41C6C999EEF3316C0070D40330AE41
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Frame ID: 9E6C832DCDE0F9DAA6AB2FC6CE81A3CE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 39FB44AEC550EC03BD05E7D6F47CD4D5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 523EC97FFDB4AE8701F9893C86B19E4E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Gregory D. Evans | Ex-Hacker | TV Personality | Author | Public Speaker

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • <link[^>]+s\d+\.wp\.com
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

115
Requests

100 %
HTTPS

62 %
IPv6

18
Domains

28
Subdomains

27
IPs

3
Countries

2345 kB
Transfer

4450 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 98
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 100
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 102
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16492ac1aaf544%26domain%3Dgregorydevans.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgregorydevans.com%252Ff2f29b7da11012c%26relation%3Dparent.parent&container_width=0&header=true&href=https%3A%2F%2Fwww.facebook.com%2F%23!%2FGregoryDEvansPage&locale=en_US&sdk=joey&show_faces=true&stream=true&width=225 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16492ac1aaf544%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2523%2521%252FGregoryDEvansPage%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Request Chain 103
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ca3baddce1724%26domain%3Dgregorydevans.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgregorydevans.com%252Ff2f29b7da11012c%26relation%3Dparent.parent&container_width=0&header=true&href=https%3A%2F%2Fwww.facebook.com%2FParent-Security-282739111832532%2F&locale=en_US&sdk=joey&show_faces=true&stream=true&width=225 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1ca3baddce1724%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FParent-Security-282739111832532%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Request Chain 104
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18ea96bce51edc%26domain%3Dgregorydevans.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgregorydevans.com%252Ff2f29b7da11012c%26relation%3Dparent.parent&container_width=0&header=true&href=https%3A%2F%2Fwww.facebook.com%2FNCSByHTCS%3Ffref%3Dts&locale=en_US&sdk=joey&show_faces=true&stream=true&width=225 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df18ea96bce51edc%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FNCSByHTCS%253Ffref%253Dts%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Request Chain 105
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2298e8e8c05d64%26domain%3Dgregorydevans.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgregorydevans.com%252Ff2f29b7da11012c%26relation%3Dparent.parent&container_width=0&header=true&href=https%3A%2F%2Fwww.facebook.com%2FDatingScams101-115681623151080%2F&locale=en_US&sdk=joey&show_faces=true&stream=true&width=225 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2298e8e8c05d64%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FDatingScams101-115681623151080%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225

115 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/ 		49 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
e1c2193f0193163e63be0a4aabaaf0cacaaac468089b9e592118b0ab540d8754
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
content-encoding
gzip
content-length
11778
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:26:32 GMT
etag
"2e02-5dd06aabdcc8f"
last-modified
Tue, 19 Apr 2022 19:13:07 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
x-cache-status
BYPASS
x-powered-by
PleskLin
lazyload.min.js
gregorydevans.com/wp-content/plugins/w3-total-cache/pub/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
br
etag
W/"61afe2a8-1883"
last-modified
Tue, 07 Dec 2021 22:39:36 GMT
server
nginx
x-powered-by
PleskLin
x-cache-status
BYPASS
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
cache-control
max-age=31536000
expires
Thu, 20 Apr 2023 11:26:32 GMT
mediaelementplayer-legacy.min.css
c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Tue, 29 Sep 2020 15:53:06 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
wp-mediaelement.min.css
c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/wp-mediaelement.min.css
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Fri, 07 Jun 2019 20:45:02 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
88054.css
gregorydevans.com/wp-content/cache/minify/ 		2 KB
968 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/88054.css
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
0bc0d3fcd8dec0d36cf3e023c16c0617b3a992d6c3355e68290ac9822b929c7f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
607
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 21:00:19 GMT
server
nginx
etag
"25f-5dcf40c463704"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open%2BSans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%7CMontserrat%3A400%2C700&subset=latin%2Clatin-ext
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4c0088d08089d4ecfd95333d9db3b56ac6a3b9af2374e083680b39391f7a75ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 11:26:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 11:26:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Apr 2022 11:26:31 GMT
9e0be.css
gregorydevans.com/wp-content/cache/minify/ 		200 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/9e0be.css
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
b1443722a53246a220d0814d7291b266d28df93e2f89898ee3b672d199e0fb07
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
38172
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 21:00:19 GMT
server
nginx
etag
"951c-5dcf40c4c0b34"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
67d13.css
gregorydevans.com/wp-content/cache/minify/ 		40 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/67d13.css
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
26c8b9f5f31a9702ce6444b7cbe12765ed92e747fcbc2e145461a9f2b84a9fa5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
8670
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 21:00:19 GMT
server
nginx
etag
"21de-5dcf40c4bbd14"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
jetpack.css
c0.wp.com/p/jetpack/10.8/css/ 		86 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/p/jetpack/10.8/css/jetpack.css
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
420033f9eaf95478a450e558f93ae6d7a5ad950c3e78f38832b47f9e2164418a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Tue, 29 Mar 2022 19:04:42 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
related-posts.min.js
c0.wp.com/p/jetpack/10.8/_inc/build/related-posts/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/p/jetpack/10.8/_inc/build/related-posts/related-posts.min.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
fe66ac5df69c78be7dfcf75943079129dbf24a254e89febc5a7e916d40de43bc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Tue, 07 Dec 2021 16:56:47 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
jquery.min.js
c0.wp.com/c/5.9.3/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/jquery.min.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Wed, 10 Mar 2021 15:07:24 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
jquery-migrate.min.js
c0.wp.com/c/5.9.3/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
0b992.js
gregorydevans.com/wp-content/cache/minify/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/0b992.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
d9a5fac8f773ad90531e1728010425701eef81b5c2b3c4bdb1f4ce79299100e1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
1226
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 20:51:08 GMT
server
nginx
etag
"4ca-5dcf3eb6e35cc"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
cc7a8.js
gregorydevans.com/wp-content/cache/minify/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/cc7a8.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
bbbea591b0ae199be9cb7a4440104754fec406f22437be7a0f04cddcf3acf05d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
3380
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 21:00:21 GMT
server
nginx
etag
"d34-5dcf40c66cec4"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-23537697-7
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4ec06fba7bce8e7b1a2ae983402eb714c9dcbcb228ea918ae5d97ada5b8924d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38679
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 20 Apr 2022 11:26:32 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		155 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9101039038458640
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
40be7b0db5400d6b0d1156098d2bb7594821422a93a78ea753b490f100746e20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Origin
https://gregorydevans.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54308
x-xss-protection
0
server
cafe
etag
8848659294368057555
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 20 Apr 2022 11:26:32 GMT
wp-emoji-release.min.js
gregorydevans.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-includes/js/wp-emoji-release.min.js?ver=0d55f4a3ed483c70a3b8e51a8cf96a01
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
br
etag
W/"60bfebf0-4705"
last-modified
Tue, 08 Jun 2021 22:15:12 GMT
server
nginx
x-powered-by
PleskLin
x-cache-status
BYPASS
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
cache-control
max-age=31536000
expires
Thu, 20 Apr 2023 11:26:32 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		155 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fa7ffee082a930898e4f43afbf57031e41ebdfc81f58398fc07b4aeb4e98f05b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54331
x-xss-protection
0
server
cafe
etag
5420843237721458627
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 20 Apr 2022 11:26:32 GMT
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a80cb48d816decd95547efdcabb21ef97ad16a74306dc456663ec632bb79f31b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
h3P0UySaH82I8HZqji5yhg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1688
x-fb-rlafr
0
x-fb-debug
oZIts90gpkIhvcZeLFV0+DXp2IRlPOyBvghGadxrfEkqw61QYdwFPPx9Ldrp4xZlmdnKmdx1zwX1R582zHNEGQ==
x-fb-trip-id
686109401
x-fb-content-md5
3f95acdfb5d19b48fd0fbce47e7569dc
x-frame-options
DENY
date
Wed, 20 Apr 2022 11:26:32 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"84b7f63e7bbfbbea2c069196e1692bb6"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 20 Apr 2022 11:35:32 GMT
widgets.js
widget.spreaker.com/ 		154 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.spreaker.com/widgets.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-100.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4f35be57a0a2807c9e3728dd631fd6f2a11d05e50fb9ad4544910082498bfdfc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:24:42 GMT
content-encoding
gzip
age
117
x-cache
Hit from cloudfront
content-length
50636
access-control-allow-origin
*
last-modified
Mon, 31 Jan 2022 13:24:09 GMT
server
AmazonS3
etag
"0a1f4bef4432d1108a6a884a99255f32"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
cache-control
max-age=300
x-amz-cf-pop
DUS51-P2
accept-ranges
bytes
x-amz-cf-id
e5mcDeBD-k8VMaUdznIONgU6xht9Ju4D1yqT60DD0oa3HNUwdh2j1g==
photon.min.js
c0.wp.com/p/jetpack/10.8/_inc/build/photon/ 		685 B
348 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/p/jetpack/10.8/_inc/build/photon/photon.min.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Wed, 20 Apr 2022 11:26:31 GMT
content-encoding
br
last-modified
Tue, 07 Dec 2021 16:56:47 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 20 Apr 2023 11:26:31 GMT
6495e.js
gregorydevans.com/wp-content/cache/minify/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/6495e.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
59291
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 20:51:08 GMT
server
nginx
etag
"e79b-5dcf3eb6e456c"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
68460.js
gregorydevans.com/wp-content/cache/minify/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/68460.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
9893dd761e1acc82fff30d7fbb903015d1b2691ca1fe3c435f64bee693b9b5eb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
6646
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 20:51:09 GMT
server
nginx
etag
"19f6-5dcf3eb74ae0c"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
e-202216.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202216.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn
date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 09 Apr 2023 23:15:21 GMT
1615d.js
gregorydevans.com/wp-content/cache/minify/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/cache/minify/1615d.js
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
vary
Accept-Encoding
x-powered-by
PleskLin
x-cache-status
BYPASS
content-length
2356
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 18 Apr 2022 20:51:10 GMT
server
nginx
etag
"934-5dcf3eb877a8c"
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 11:26:32 GMT
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48043849dc9aa2f3f94c9fec0469dd96452bf872276dd3deacd4b2570220347f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2985af0fdbd27731ce1f86af293bbd6911dc9ac1c6f9cc76d7630f8dce44e29b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%2BSans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%7CMontserrat%3A400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gregorydevans.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:55:44 GMT
x-content-type-options
nosniff
age
9048
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30876
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:11:59 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 20 Apr 2023 08:55:44 GMT
fontawesome-webfont.woff2
gregorydevans.com/wp-content/themes/screenr/assets/css/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/wp-content/themes/screenr/assets/css/fonts/fontawesome-webfont.woff2?v=4.6.1
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/wp-content/cache/minify/9e0be.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
2932abf996373e87fbf2e950876b1962f1b57db954a1643ea68831d9fbb74da4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://gregorydevans.com/wp-content/cache/minify/9e0be.css
Origin
https://gregorydevans.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
etag
"61fde015-11850"
last-modified
Sat, 05 Feb 2022 02:25:25 GMT
server
nginx
x-powered-by
PleskLin
x-cache-status
BYPASS
strict-transport-security
max-age=15768000; includeSubDomains
content-type
application/font-woff2
cache-control
max-age=31536000
accept-ranges
bytes
content-length
71760
expires
Thu, 20 Apr 2023 11:26:32 GMT
all.js
connect.facebook.net/en_US/ 		289 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=7d56919fd771ce59e235be8120253767
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e252e4c94e9535ed7fcafe3cb00de6168906f51015292bbf608034c69cc9f2c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Origin
https://gregorydevans.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
aDdKC+TIjjAYk0qse9C9rg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
84311
x-fb-rlafr
0
x-fb-debug
DM5OJq1u3kQIg6/rhkUg8pfTrCMYQfgxAn2tw8wIu0lv02XvnTZwcHmtBwoGdwv+9/nn2fOKIb8LyvO/DF52PA==
x-fb-content-md5
6a91b24084af66f06ff9f9de4d64cd23
x-frame-options
DENY
date
Wed, 20 Apr 2022 11:26:32 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"d445c6e6f6967fc959511eeb7f16f153"
timing-allow-origin
*
priority
u=3,i
expires
Thu, 20 Apr 2023 10:20:09 GMT
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=52339599&post=85424&tz=-4&srv=gregorydevans.com&host=gregorydevans.com&ref=&fcp=841&rand=0.37104534138653156
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 20 Apr 2022 11:26:32 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
/
gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/?relatedposts=1
Requested by
Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/10.8/_inc/build/related-posts/related-posts.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash
3d6e2a2d514dace6bc7d74df6ed24f65580b845b0e1a4f93a47f5d46f98afce2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
x-requested-with
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:34 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15768000; includeSubDomains
x-content-type-options
nosniff
expires
Thu, 20 Apr 2023 11:26:32 GMT
index.php
gregorydevans.com/ 		80 B
729 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gregorydevans.com/index.php?rest_route=/cleantalk-antispam/v1/apbct_get_pixel_url
Requested by
Host: c0.wp.com
URL: https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash
38df7811921f0032bc5ef1d56e195b87c7d4a79f14f0053c1088f5999092b138
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
X-WP-Nonce
3ffb02c66e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:35 GMT
x-content-type-options
nosniff
x-powered-by
PHP/7.3.33
allow
POST
vary
Origin,Accept-Encoding
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
referrer-policy
no-referrer-when-downgrade
server
nginx
x-wp-nonce
0206772e6d
strict-transport-security
max-age=15768000; includeSubDomains
access-control-allow-methods
OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://gregorydevans.com, *
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
cache-control
max-age=31536000
access-control-allow-credentials
true
x-robots-tag
noindex
link
<https://gregorydevans.com/wp-json/>; rel="https://api.w.org/"
expires
Thu, 20 Apr 2023 11:26:32 GMT
charlestappVA.jpg
i0.wp.com/nationalcybersecuritynews.today/wp-content/uploads/2022/04/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/nationalcybersecuritynews.today/wp-content/uploads/2022/04/charlestappVA.jpg?fit=819%2C519&ssl=1
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
61c0298cc21d2c3a5df38f4c5cda589f1d4275c0565e1d304b5fd8704ecf5197
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 4
date
Wed, 20 Apr 2022 11:26:32 GMT
x-content-type-options
nosniff
last-modified
Wed, 20 Apr 2022 11:26:32 GMT
server
nginx
etag
"e86963866a0b59e1"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://nationalcybersecuritynews.today/wp-content/uploads/2022/04/charlestappVA.jpg>; rel="canonical"
content-length
26968
expires
Fri, 19 Apr 2024 23:26:32 GMT
Greg_Banner_9-1.png
gregorydevans.com/wp-content/uploads/ 		639 KB
640 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gregorydevans.com/wp-content/uploads/Greg_Banner_9-1.png
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.167.152.20 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
66d098952ad021d6d6794c0fc7d42cff3fd503fe41feebb47089b40b796e3e62
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
etag
"5d673f06-9fc14"
last-modified
Thu, 29 Aug 2019 02:57:10 GMT
server
nginx
x-powered-by
PleskLin
x-cache-status
BYPASS
strict-transport-security
max-age=15768000; includeSubDomains
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
654356
expires
Thu, 20 Apr 2023 11:26:32 GMT
Gregs_Logo-e1286945956339.png
i0.wp.com/gregorydevans.com/wp-content/uploads/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/gregorydevans.com/wp-content/uploads/Gregs_Logo-e1286945956339.png?fit=250%2C145&ssl=1
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
4042b2b59d56f85b0547402233e859a8b2fbfeb506d9bf62af1ea5743b1082f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Wed, 20 Apr 2022 11:26:32 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 19:23:19 GMT
server
nginx
etag
"4f5811e6abdf19fa"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://gregorydevans.com/wp-content/uploads/Gregs_Logo-e1286945956339.png>; rel="canonical"
content-length
12044
expires
Fri, 06 Oct 2023 07:23:19 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/ 		303 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f1e68916f94a7c4d63f13173e139a8a500ebd58c1ebbe85f4dcc2e664c91f05f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110910
x-xss-protection
0
server
cafe
etag
17711078589388899673
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 20 Apr 2022 11:26:32 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/ Frame C7C5 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
50073
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 21:31:59 GMT
etag
14837630671339829333
expires
Tue, 03 May 2022 21:31:59 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-23537697-7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
4161
date
Wed, 20 Apr 2022 10:17:11 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 20 Apr 2022 12:17:11 GMT
js
www.googletagmanager.com/gtag/ 		158 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0SJ9ZJTFHY&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-23537697-7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d14a9161a436c8109754a3f5c63b37e20c53394eb8a6d7f171e83a607a9fd400
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59883
x-xss-protection
0
expires
Wed, 20 Apr 2022 11:26:32 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=988482513&t=pageview&_s=1&dl=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&ul=en-us&de=UTF-8&dt=Gregory%20D.%20Evans%20%7C%20Ex-Hacker%20%7C%20TV%20Personality%20%7C%20Author%20%7C%20Public%20Speaker&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=478424329&gjid=1899939502&cid=2123627854.1650453992&tid=UA-23537697-7&_gid=748721830.1650453992&_r=1&gtm=2ou4i1&did=dZTNiMT&gdid=dZTNiMT&z=110190496
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 11:26:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://gregorydevans.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		221 B
652 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=gregorydevans.com&callback=_gfp_s_&client=ca-pub-9101039038458640
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
1d2ea02adec192014b69524dae475df5701be48d420de7c77ed0d04bd3890d33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
208
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=gregorydevans.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=gregorydevans.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&tn=HEADER&id=masthead&cls=site-header%20sticky-header%20transparent&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 11:26:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 67C2 		40 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&adk=1812271804&adf=3025194257&lmt=1650395587&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992111&bpp=3&bdt=702&idt=107&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1796572211344&frm=20&pv=2&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=123
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
444054914c0423dba31bf92b956b86da61ab1531e4744a03e6b2c571c393e633
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
13660
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:32 GMT
expires
Wed, 20 Apr 2022 11:26:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9F9F 		71 KB
28 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84741cfabf386f46aa60df09e5b06561211409b48524be5befb255824f03f26e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
29005
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:32 GMT
expires
Wed, 20 Apr 2022 11:26:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B727 		83 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a8347ce1ad31403384c03cd328084d7ecd2c075a15d46888071d8abf7aed3663
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
31606
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:32 GMT
expires
Wed, 20 Apr 2022 11:26:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-0SJ9ZJTFHY&gtm=2oe4i1&_p=988482513&_z=ccd.NbB&cid=2123627854.1650453992&gdid=dZTNiMT&ul=en-us&sr=1600x1200&_s=1&sid=1650453992&sct=1&seg=0&dl=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&dt=Gregory%20D.%20Evans%20%7C%20Ex-Hacker%20%7C%20TV%20Personality%20%7C%20Author%20%7C%20Public%20Speaker&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0SJ9ZJTFHY&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 11:26:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://gregorydevans.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5b89819f154f2e791101a020915edb0b0d4cab3afbd1d44721f4313fda5db92f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52690
x-xss-protection
0
server
cafe
etag
1480302304049899509
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 20 Apr 2022 11:26:32 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=gregorydevans.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=gregorydevans.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/ Frame C4A1 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
49522
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 21:41:10 GMT
etag
14837630671339829333
expires
Tue, 03 May 2022 21:41:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame C4A1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CYDYa6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS1Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CuNxCSKSJ3LFyfFd0jxBSGeX0a9ZDJMzS56-p1d5Ea_u0AfumULDoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItOTEwMTAzOTAzODQ1ODY0MBgA&sigh=WdR4B4GiXTo&uach_m=[UACH]&cid=CAQSGwCNIrLM6pQN5hTcwhTYRKo8oql3kv3daBg4GBgB
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 20 Apr 2022 11:26:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 20 Apr 2022 11:26:32 GMT
notify
rtb.nl.eu.criteo.com/google/auction/ Frame C4A1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kN-AEsz6RO0HfJ2DYgICAAAAjQiy0riPdCwQ5u1fYrPtMATE9WynKaerABIAAA&wp=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg
Requested by
Host: gregorydevans.com
URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:31 GMT
server
Kestrel
server-processing-duration-in-ticks
263643
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame E7C7 		164 KB
48 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
83c2ad2a820aa55d445d87cbe72948bb4710c3c4b6798e657348c41d92a2e7da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:32 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=0eACmwDWES5y7z4ITjkbKEgOxsboLnvgsxejiI3Ke7Mw0xmrg4uII7D-7jK7bA7p7n_Y3czD9MuoCSx2ypbk9NDb0xIviePbPsHhoZ1knVDW_HZyB6GjS6wmTQhbC9hMGHaMYD_FeyAXB3Tdby9Q_k8J4rnU4W6M8_GSNyPH9krP-sW4KRNEbO3gQfKY7sGpj-L9X4IkwUl3Rsi3fra6RWFcf3tCNgiLdTtBmzgNPm8A7geMDr3lbB7pTFy7ttUjn4tkIQ"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
83724077
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame C4A1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:17:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
562
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:17:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C4A1 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 11:26:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame C4A1 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:23:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
205
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:23:07 GMT
truncated
/ Frame C4A1 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
658d61bfd8959c53a3773914545b78bea129532c524d2b264901a79c84f6f4b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
privacy_small.svg
static.criteo.net/flash/icon/ Frame E7C7 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Apr 2023 11:26:32 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame E7C7 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Apr 2023 11:26:32 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame E7C7 		308 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sat, 15 Apr 2023 11:26:32 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame E7C7 		507 B
835 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Sat, 15 Apr 2023 11:26:32 GMT
lg.php
cat.fr.eu.criteo.com/delivery/ Frame E7C7 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=37MVNwA8GhhKstVsAVwahJFYf2TxuzcUK_BhF4YBJSxxrE3156SDGjaDXzy_uCrXngrY0aPwZMzMndIRsVpbiMtNLo8keyWwD7jW_ymjO5W2QibNCT4cGUeBPB4Wuw178aiNpTsVvR4VO3ioQVgzIzZ_EXSy7uPIf8YIiiQhdtGcuAs0dBUnp7Oj1T_AZt2qWgKQMgirnGZJW0JwC59WreYl85NP1nY8gDwhFKxlWrQvFCLRwnxDkta9ZlyOCoz_BzmJCAhiyT8Rjmb0DCE_1zvWqHLAIK2jps2CE3gXtfTy2_8e0ZMbJmUOSUMAyL7u71SIRvAlG3W0GGFm9c6ZBfzP2Bwd7ZQbeLhOYhDb9fEs5beXzycJ-wy8pSmDpRJxBOyIt48sb3GjIHYAH9QOGmX-_jXXWvdneYhtoxpNKNSMU0x24t6NmucqOqipxk_F9HMnQw
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 11:26:31 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2901584
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame E7C7 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
545970
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xpa3op79iBriIw4J%2BFD%2B%2FUsB50aj6z8FnO2CJtiEsAdN%2BTKl89PS0oHrapDZdDlp%2FPBg9yejCMVseAQU3hxBuZ9VaW7uP0K%2Fee3j67UFzB3nioCHtpOfNidEPSCAfvFg%2FUHMRjjn3LSWTv1ean3jCcU%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6fed868e9d0f23af-ZRH
expires
Mon, 10 Apr 2023 11:26:32 GMT
animejs.js
static.criteo.net/animejs/ Frame E7C7 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Apr 2023 11:26:32 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?h=244&m=0&partner=40907&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F40907%2F210427%2F4a924ff557ee4df2b7d6b2ef365b3081_161124_lashoe-logo_mit_rand_sq.jpg&v=3&w=196&s=7dwqAFl5cAye6A9wUTGCUTbI
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ed8dafac3fb0bb29f3986343b67799f5e7562fa3fe4c015468bdd237d5574355
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29612173
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1498
expires
Wed, 29 Mar 2023 05:02:46 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1579700041%2Fproducts%2F1716%2Fde%2F1716-lashoe-hallux-schuhe-boots-mit-cut-outs-marine-fs20-ha_a.jpg&v=3&w=800&s=JxSR_6n6cSX9nByOLyN5FWXI&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
cf1ed759068e86cd44e8f0e72daeb8806a72ea170bb427d5efe515a0c3ec21ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:31 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29117312
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
48132
expires
Thu, 23 Mar 2023 11:35:05 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1639563237%2Fproducts%2F2114%2Fde%2F2114-lashoe-hallux-schuhe-v-shape-pantolette-mit-korkabsatz-schwarz-fs22-24954-ha_a.jpg&v=3&w=800&s=LJHHTvOfC-EO8OEtRWx7EefP&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
8a2915eb494dcf7da0c53f72acad835999109419a78b1bc2773f7198f178d44e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=30860207
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
48550
expires
Wed, 12 Apr 2023 15:43:20 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1638545996%2Fproducts%2F2079%2Fde%2F2079-lashoe-hallux-schuhe-sneaker-colourblocking-blau-fs22-24454-ha_a.jpg&v=3&w=800&s=Qo3ub5hnpwGZx8u4PtO6nACD&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
1da121634eaaca16d476ea87446b9e4d298f1b15f450f70ec6b6a032b769ea75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29197673
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
42298
expires
Fri, 24 Mar 2023 09:54:26 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1574934985%2Fproducts%2F1411%2Fde%2F1411-lashoe-hallux-schuhe-boot-mit-cut-outs-schwarz-fs19-ha_a.jpg&v=3&w=800&s=Sz6JtXByUQY7eb4V2qPc5cz3&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
861e51769b027c029bd90f5a632de02e39add98bf43823da605984e255ce39cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=31107968
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
34384
expires
Sat, 15 Apr 2023 12:32:41 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1639486189%2Fproducts%2F2072%2Fde%2F2072-lashoe-hallux-schuhe-plateau-sneaker-wei%25C3%259F-fs22-24544-ha_a.jpg&v=3&w=800&s=n4M5m8hGt-XgVz4dyjfN4oos&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
cccd8994cc8bdeb02396dc0b86e2f63a2f79f16b6a6a66e1c67c66092ce73ef2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=28854969
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
28200
expires
Mon, 20 Mar 2023 10:42:41 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1638545305%2Fproducts%2F2063%2Fde%2F2063-lashoe-hallux-schuhe-chunky-sneaker-beige-orange-fs22-24614-ha_a.jpg&v=3&w=800&s=q6N3cT775X89g-ESEIXDfswn&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
5a17ae8ad24de71f4bd5c2a040f84d492b58b71a982b113024302f5f9f5c9384
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:31 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=28533989
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
44692
expires
Thu, 16 Mar 2023 17:33:02 GMT
img
pix.eu.criteo.net/img/ Frame E7C7 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1638548452%2Fproducts%2F2080%2Fde%2F2080-lashoe-hallux-schuhe-sneaker-colourblocking-pink-gelb-fs22-fs22-24442-ha_a.jpg&v=3&w=800&s=yWaG1taXBIImzf3bCb1XmOOG&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
2112cbe3e044fde1639810a228a934fdcad5bb9c180d94c096f0c981fcda2503
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29917285
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
48044
expires
Sat, 01 Apr 2023 17:47:58 GMT
all
csm.eu.criteo.net/ Frame E7C7 		0
128 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=0eACmwDWES5y7z4ITjkbKEgOxsboLnvgsxejiI3Ke7Mw0xmrg4uII7D-7jK7bA7p7n_Y3czD9MuoCSx2ypbk9NDb0xIviePbPsHhoZ1knVDW_HZyB6GjS6wmTQhbC9hMGHaMYD_FeyAXB3Tdby9Q_k8J4rnU4W6M8_GSNyPH9krP-sW4KRNEbO3gQfKY7sGpj-L9X4IkwUl3Rsi3fra6RWFcf3tCNgiLdTtBmzgNPm8A7geMDr3lbB7pTFy7ttUjn4tkIQ&sds=2&rev=81237&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 20 Apr 2022 11:26:32 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame E7C7 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Apr 2023 11:26:32 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame E7C7 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 15 Apr 2023 11:26:32 GMT
css
fonts.googleapis.com/ Frame E7C7 		2 KB
519 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4bbb558bcc73c6ec7de1a3bfee854935d2acb54b5055f49347a47fff164c2ce2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 10:06:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 11:26:32 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Apr 2022 11:26:32 GMT
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v26/ Frame E7C7 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v26/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d94fd1a3793df0abe10fb36e59825864e1ec9623496e1e04c9cca624be01394
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 08:42:58 GMT
x-content-type-options
nosniff
age
96214
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21028
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:17:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 19 Apr 2023 08:42:58 GMT
9901434137684010768
tpc.googlesyndication.com/simgad/ Frame 9F9F 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9901434137684010768?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnDVXtPrelMKbhkt5om-JGUerfxcA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff5aac9870f1410129ad566213ad662fb603e1ac7bb284712142b38426cbe9a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 17 Apr 2022 01:45:04 GMT
x-content-type-options
nosniff
age
294089
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
79823
x-xss-protection
0
last-modified
Thu, 09 Sep 2021 16:38:33 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 17 Apr 2023 01:45:04 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 9F9F 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:20:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
368
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:20:25 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9F9F 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:17:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
563
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:17:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9F9F 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 11:26:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9F9F 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:23:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
206
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:23:07 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9F9F 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
02af7e03520b6699b7eff36516fcd9fc000f00f6388f8ddeac599d00a76e6d0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:54:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9153
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11979
x-xss-protection
0
server
cafe
etag
7739490655680154556
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 08:54:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 9F9F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CiZLS6O1fYsu4FM6rzLUPjfifkA2Qk6ndaa_8w67kD4-y9sX7GxABIJvBphNgleKQgqAHoAGSmav8AsgBAqgDAcgDyQSqBMECT9ALQA-pjR_-7XdCYp1YfPY7YBJuoGwdVK8Ii7achEAm-D1Uta_9sb98vGg6hhbe-ugQRGOsv-QPGPj3AlNDkZAkqEZw6t0_ukj23wGyp09rnRnLQEcY8_yXdevdRccAVa_naEM5wUDfxWz-pO4wcqBewdbpFA2gFCSfVHlKdYnwkcm2owKlMFdlHU_UXp6lyQRyhf28dNDkh19nbYNahQ1SRgm-qQdfBzgI4eaSVqKrNxLFrTcgmSmPX7EGB6db9N0LQeqx26K_f_akVZl-HDr78KOhTpcxHOndc3fgwSNYz9n8mpGP115Io6y_5YzUYAm2pO997TPLjGOZESx5Xd6-r6ahfCkFm0tuw-vJuuJ6yevCNEeNaG4nuvzSLPxBaB3HZ8sOZx19rX3hF0i5Zr3ww91ogZs6OgLhoyvKPAPgwASehLfwsQOSBQQIBBgBkgUECAUYBKAGAoAH1ubUgwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCV3CzSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItOTEwMTAzOTAzODQ1ODY0MBgA&sigh=hQapJ7n8eUQ&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 20 Apr 2022 11:26:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
9901434137684010768
tpc.googlesyndication.com/simgad/ Frame B727 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9901434137684010768?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnDVXtPrelMKbhkt5om-JGUerfxcA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff5aac9870f1410129ad566213ad662fb603e1ac7bb284712142b38426cbe9a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 17 Apr 2022 01:45:04 GMT
x-content-type-options
nosniff
age
294089
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
79823
x-xss-protection
0
last-modified
Thu, 09 Sep 2021 16:38:33 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 17 Apr 2023 01:45:04 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame B727 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:20:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
368
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:20:25 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B727 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:17:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
563
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:17:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B727 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 11:26:33 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B727 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:22:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
258
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 11:22:15 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B727 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
02af7e03520b6699b7eff36516fcd9fc000f00f6388f8ddeac599d00a76e6d0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:54:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9153
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11979
x-xss-protection
0
server
cafe
etag
7739490655680154556
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 08:54:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame B727 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CTM2W6O1fYor7FL6ozLUPppG_iAqQk6ndaa_8w67kD4-y9sX7GxABIJvBphNgleKQgqAHoAGSmav8AsgBAqgDAcgDyQSqBMECT9BSW76Tx3xag3BfXjNsVk2nCX4JrdBuewUockJDGGjNYPgQ4WY67bbuiQauXoJ89C7o2Vuhc-xcMiYOtjKJzR_Wi1TDkDzCfiJFkl9YQ8qxPfD3xpEbhSMpmWNsWu_ZSk9OmEVPRkcvEtlyad9F7UcO4jXEBBsSTHTtTXb4FxIg_qMxhJvhE5RqY3_TQh2XhnIMJ4XuA38qr2nab5gh_DRjg2WKxnBV1wWqt1zYFQj11DmHOppJDutLfdqY3E8hgLmrBohxUePQtDH8RBbQ46vib2ZWm_0-uvJNQiOwE9U4xxutDsShw0npTm4sR1VBWqAT5crMKDoLPOOff7_xyiL9SZx9zveoh0BfZY5xc4TYYH6k2SKNJAj2-JPSvDhATxpLcEY3p9U0Cvue_I14SZiDDIXYgr5CcKAY9Icxd1E4wASehLfwsQOSBQQIBBgBkgUECAUYBKAGAoAH1ubUgwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCf7BnSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItOTEwMTAzOTAzODQ1ODY0MBgA&sigh=0UNLpPNOYTE&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 20 Apr 2022 11:26:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 9851 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1198
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:06:35 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 9F9F 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ec10e3467e98d4306a63782e79bedc4f5eec105a2dd32d13ab55a70be27d1941

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
s
googleads.g.doubleclick.net/pagead/drt/ Frame 27DD 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1198
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:06:35 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
redir.html
p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8521 		247 B
962 B 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f3.1e100.net
Software
sffe /
Resource Hash
0c3694e532556166659501575b716ad4546655b5825fb9f4094649f65500144f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
204
content-security-policy-report-only
script-src 'nonce-aT6iNN7FfGPThUdDADy_bA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:33 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Mon, 02 Dec 2019 20:15:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame B727 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b0ae2d33e6e4638048cf4a238061286f81d1bdb30c1c8fecc45307413fc35eb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
si
googleads.g.doubleclick.net/pagead/drt/ Frame 9851
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:26:33 GMT
expires
Wed, 20 Apr 2022 11:26:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:26:33 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame BDB3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=2357840047&adf=3573739926&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992114&bpp=5&bdt=705&idt=133&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BhyUtd9Vlp&p=https%3A//gregorydevans.com&dtd=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 13:33:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
78802
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 13:33:11 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 27DD
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:26:33 GMT
expires
Wed, 20 Apr 2022 11:26:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 11:26:33 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
iframe.html
p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8521 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Requested by
Host: p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f3.1e100.net
Software
sffe /
Resource Hash
2c210f07aa622eb7c29ec0006334c0b837c009845037e242b472e7acec9b2852
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1861
content-security-policy-report-only
script-src 'nonce-2SyAeEmNLszM5Ja4UGHNPw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:33 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Thu, 29 Apr 2021 21:38:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
www.facebook.com/login/ Frame B281
Redirect Chain
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16492ac1aaf544%26domain%3Dgregorydevans.com%26...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16492ac1aaf544%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2523%2521%252FGregoryDEvansPage%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=7d56919fd771ce59e235be8120253767
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
5PTXWSSSBIiiwc0xjVr1xu53YsAW9WcUjsqa9j7HnK4DQprJAV1NnjLy4w5n4SULG810B18yE3Z7Wyl0TEiklg==
x-fb-rlafr
0
x-frame-options
DENY
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16492ac1aaf544%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2523%2521%252FGregoryDEvansPage%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
pragma
no-cache
priority
u=3,i
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
x-fb-debug
Oo+VmI+0ak1ZJ6G8r88wnr6ZLY90sHvCauHZLl2y4ddeMz6D6ObrOiU92FBbpCaGo4Lcgaw3C3iY8y44bA/u7g==
x-fb-rlafr
0
x-xss-protection
0
/
www.facebook.com/login/ Frame F663
Redirect Chain
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ca3baddce1724%26domain%3Dgregorydevans.com%26...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1ca3baddce1724%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FParent-Security-282739111832532%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=7d56919fd771ce59e235be8120253767
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=0
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
zYoKtQt9Y/P0JfdrkMk4staEopaumP/LtE5he055teUh+UPwH2otcaKuOCeWrOgLKkIWha05BDTHCNy1FaLdDw==
x-fb-rlafr
0
x-frame-options
DENY
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1ca3baddce1724%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FParent-Security-282739111832532%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
pragma
no-cache
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
x-fb-debug
jDZYxSluPoGyj7YmJ1k28993Qa622rGzN33uxlsvuVATo56ujb2PTCqs/A1YIa2SNFu5DZC0zObCI99ugipHHw==
x-fb-rlafr
0
x-xss-protection
0
/
www.facebook.com/login/ Frame 443A
Redirect Chain
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df18ea96bce51edc%26domain%3Dgregorydevans.com%26...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df18ea96bce51edc%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FNCSByHTCS%253Ffref%253Dts%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=7d56919fd771ce59e235be8120253767
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=0
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
paDTIeNks0/VyOhvEZnw7RtM4/tdx4swHg33C3fvDfgofZijJuM94ykItkRDBSkAj0l0o7wU6tYQxliqPBZ+hA==
x-fb-rlafr
0
x-frame-options
DENY
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df18ea96bce51edc%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FNCSByHTCS%253Ffref%253Dts%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
pragma
no-cache
priority
u=3,i
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
x-fb-debug
PZEtQ/vmC13x9ktBT67v9mNfn/bz5Ote+daI5m+H+x3LC0b5BDNkNmhXyk3ocqoipVPwVLB4J/nbbIkrlcW5Yw==
x-fb-rlafr
0
x-xss-protection
0
/
www.facebook.com/login/ Frame 7B41
Redirect Chain
  • https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2298e8e8c05d64%26domain%3Dgregorydevans.com%26...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2298e8e8c05d64%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FDatingScams101-115681623151080%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=7d56919fd771ce59e235be8120253767
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=0
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
+yvE7ev20b1i2OS7dmup6wUFkJeWAqwvH05M7seZ4tM4Q5X3gF3MhX8ybQRvnxwU83Jxa2IWclUV8lcQGQX8yw==
x-fb-rlafr
0
x-frame-options
DENY
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Wed, 20 Apr 2022 11:26:33 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2298e8e8c05d64%2526domain%253Dgregorydevans.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fgregorydevans.com%25252Ff2f29b7da11012c%2526relation%253Dparent.parent%26container_width%3D0%26header%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252FDatingScams101-115681623151080%252F%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dtrue%26stream%3Dtrue%26width%3D225
pragma
no-cache
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
x-fb-debug
yrS+KJTMYwjCSbwUv7550dEVhdGcRJecNMm39r1DroLzVHGIb9U1mBCJSu5FIUwE40ftdEsUUeRZOd+sVUC7qQ==
x-fb-rlafr
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220413&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aadbd1db7b974058659c7ff0e85aedada2c4e191d98b6fabf807289f880925f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 11:26:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10656
x-xss-protection
0
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 9E6C 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9101039038458640&output=html&h=600&slotname=6970532026&adk=3654989029&adf=131135716&pi=t.ma~as.6970532026&w=240&fwrn=4&fwrnh=100&lmt=1650395587&rafmt=1&psa=0&format=240x600&url=https%3A%2F%2Fgregorydevans.com%2Fveterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650453992119&bpp=1&bdt=710&idt=144&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C240x600&nras=1&correlator=1796572211344&frm=20&pv=1&ga_vid=2123627854.1650453992&ga_sid=1650453992&ga_hid=988482513&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1114&ady=1319&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44760911%2C31065659&oid=2&pvsid=902182284036360&pem=750&tmod=2034619937&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=hJOZlivRpW&p=https%3A//gregorydevans.com&dtd=147
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 13:33:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
78802
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 13:33:11 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9101039038458640&plah=gregorydevans.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 11:26:33 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C4A1 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuQheHrF_tEFA2crpju7PTiDagrUMSV8NZbXuw8uLPFB-xqvvaWvyR6ulhjdZGV-_szW5eUrlvI8Tw33L0I8oeH&sig=Cg0ArKJSzENVtd4Wmy8WEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=85,768,1000,1118,1285&tos=85,683,232,118,167&v=20220418&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650453992517&rpt=110&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 11:26:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 39FB 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
4078
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 10:18:35 GMT
expires
Thu, 20 Apr 2023 10:18:35 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 523E 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ebb5e605665369ef07a4062a2189d32777967a3078990bf7bad78833e5a06078
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pcqU2sfFN6HYZQECzfj2+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-pcqU2sfFN6HYZQECzfj2+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 11:26:33 GMT
expires
Wed, 20 Apr 2022 11:26:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
all
csm.eu.criteo.net/ Frame E7C7 		0
127 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=0eACmwDWES5y7z4ITjkbKEgOxsboLnvgsxejiI3Ke7Mw0xmrg4uII7D-7jK7bA7p7n_Y3czD9MuoCSx2ypbk9NDb0xIviePbPsHhoZ1knVDW_HZyB6GjS6wmTQhbC9hMGHaMYD_FeyAXB3Tdby9Q_k8J4rnU4W6M8_GSNyPH9krP-sW4KRNEbO3gQfKY7sGpj-L9X4IkwUl3Rsi3fra6RWFcf3tCNgiLdTtBmzgNPm8A7geMDr3lbB7pTFy7ttUjn4tkIQ&sds=2&rev=81237&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yl_t6AAEWx0K7dCQAApC59o6oH6_lgV0d2T3bg&u=%7CMtRKKI8gO3Dbff5ls6PEu6EkWyRCLISQXCe4q2NfDHc%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDRVB26GpcU1HGDGNRdz2NuKscXJo8g-282xnogJ7CaCd1F97QsPhf3UuUdUnVfDAZeZ2b0UcC0_pT8ib2yKldB_fmLTNSUyTyStySylhPCKpIzYPih8YAFkPow--qOUvmP32hQi68_c3DXr2LcHW7JN3Dl7JsXslvtvDOBALoBUIjQQ4IGvDb3dkrlKcToDKJZvbwooAsMhpEZytIXOkTcpvH2u8SA9hvyb2Fk8BQ9arfTXSi9SrYeVBy_m6LF0CBXvGVUnHlCSKncPE8VqJud-NNVNyEcFmDLHaJdcqhC49_UgDjAcTwi9_gT1stx9IYbWsKuC1TgOLdI_5q5fW3f8-yS04LzvXNCD9BP1G52BjH5x1Oi5aOU0x8nOeouyy6BFR5FzMSKwfZ5iK_Cho36Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCC2Gt6O1fYp22EZChtwfnhan4Csme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItOTEwMTAzOTAzODQ1ODY0MKAB1bbS6gPIAQmpArtAKaBzIbI-qAMBqgS4Ak_QJlTOv-9JTAEcX74bVSU7YpNabR4c5fkK_CURovEi83L8NbtL7D9m9JYDi6Iswfm2rgACC42Tfn763_XaM_AG81FvFXwDQ37dQ4hM9h1jgqkBEpPezJIFuNozcTARzHiIQFryvQo6xYgDD7rkqHDvx7gGL61fzgMja2RJTHSFzHUI_JnMZ__Lgi0SdXs-ICAKq8brNRIrYVw0_I7C7OTDAPCrx50vasQ4nP_ydjKvvlu0Kq68bNFTR3eMVwXuA84RVO8aAPuBuzB0hBRzBbN0FRXRhiGQs4JY5CmE0O5IRviYprfXVnEfiwTZFDgaw5bqB32tCR5P1yJw-unY70v1c13rI2DW487otVam3CvPxgUYzxJXBJhZY-shOIdmVlK30jhi1azOMqD7Fvmhl1iaEOEYsYkBZoAG7ririb37yohZoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2G_SzCym8NKug8QCFFJGVqcwShDg%26client%3Dca-pub-9101039038458640%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 20 Apr 2022 11:26:33 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 39FB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 13:33:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
78802
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 13:33:11 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 523E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220413&jk=902182284036360&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 39FB 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?qsu_iQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 9F9F 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstREAvJTc3alb0u390C6f8Ncx5Zh17Iz80N2vbITVqRc6gaPtizN-ne-1lsdnjvcrkrGPaE7Cd2eQ8uMR8H6ESHhw1U-bqYZslARryNFRdzOkyeMvk41w&sai=AMfl-YSTyFzmZY0XyWaOgFajecBAYQ1cbpbjN4IuH7J-M5cLaH_LEaZ-jHqxgjqgpWhKV3sdkrhGa_VK1rec&sig=Cg0ArKJSzAJB1ve7ukxuEAE&id=lidar2&mcvt=1000&p=0,0,480,240&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220418&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=2357840047&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650453992254&rpt=1197&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 11:26:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220413&jk=902182284036360&bg=!AQKlAkbNAAZvJBiFTyQ7ACkAdvg8Wu329CuS982fS0hulYwRcwHidsqRsZm6IoaxOhLUWsJIgbWZhgIAAABuUgAAAAFoAQeZApzukUCkDnjhWPhwjnmIiN1d7BopRRPrRps4LSqyNvMIFWfM5MNdfrdc23F2ebnhLuK4mMGYiMWpEMIRU_-sC-DloInggyZFTMWcTQym5YQ1puIVfhgoWnzsO1s9XBjjmQqtTBAFEdtFavc2yE2Tw6hV8wXMm-eay0x7gtYvAEXsWIze-xpzf4I1_Zbbt8qy0HM_I_iH7QhrgwjEdOt6jCePkmwLq7jHFBGEU25JdbAEifuet_dI72faDESaJWvsChtI6vBgWDaCP8DYf_QAFBjEcfn2H3Ck4iIU2zhPojHAyxFXfJbk3TipZETChDXhkgelVrZXefrgrWBftCdVetNH-G0Bc11PXZCGPJyqlVuowhhmo2EWPAwGxtMxV2Sei-3xEEw3BkyNYHx37q_BYy-kl1Fy78DBm6F3eEM2RQIFhJch8lAllp_1MwFQR4MggoV9QVh0vvYKU_0kmwgeqoZ5FXHrBlu8L1x7cK_CCzjc0SLSnGTpGCMF6-APb968a61ABPEiCL0ztusrenaVkPgY5pJH39C34a4D4ifGg8kxwfQn07u8BCI2IY0smCk1MfXmJ-U1TkfvuNf5e155OinVnwHShYg4sHmrxgM5Z_2_UT20Y6t45zVhUnAWr_MRjiu5LbrJp7vDLun4Cvs4cbwQUARRvsLh6U3KIP1DYvv7H-eFfbkfvNA7nU2wA-YU6g6LARsgaHaxjngjeQknCGQ1fJfS2hEawQKKWZJgOLz2WKllNolskZMIR8bsJ5_s5rgHXJjDWpXwZaNyribY1CFV-Bw2DsatKMRjkzoc3L0chkBxFq-Lwb6ODd-qoEqU3smUQIVZpnruYRQUvklgQka9TEG5BcqM4H2xLuGFffe83md1fO3t3S7pCdu7Fg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
img
pix.eu.criteo.net/img/ Frame E7C7 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=40907&q=80&r=0&u=https%3A%2F%2Fcdn.lashoe.com%2Fimage%2Fupload%2Fdpr_1.0%2Cf_auto%2Ch_1200%2Cw_1200%2Fv1579700041%2Fproducts%2F1716%2Fde%2F1716-lashoe-hallux-schuhe-boots-mit-cut-outs-marine-fs20-ha_a.jpg&v=3&w=800&s=JxSR_6n6cSX9nByOLyN5FWXI&b=1200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
cf1ed759068e86cd44e8f0e72daeb8806a72ea170bb427d5efe515a0c3ec21ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:26:35 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29117309
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
48132
expires
Thu, 23 Mar 2023 11:35:05 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| apbct_attach_event_handler__backend object| _wpemojiSettings object| related_posts_js_options object| Screenr_Plus undefined| $ function| jQuery object| ctPublicFunctions function| ctSetCookie function| ctDeleteCookie function| apbct_public_sendAJAX function| apbct_public_sendREST object| ctPublic function| apbct_collect_visible_fields function| apbct_visible_fields_set_cookie function| apbct_js_keys__set_input_value function| apbctGetScreenInfo object| cleantalkModal function| gtag object| dataLayer object| twemoji object| wp object| FB object| adsbygoogle object| Screenr function| string_to_number function| string_to_bool object| _stq number| w3tc_lazyload object| lazyLoadOptions function| setImmediate function| clearImmediate object| platform object| SP function| _toConsumableArray function| _nonIterableSpread function| _iterableToArray function| _arrayWithoutHoles function| _extends function| _typeof function| LazyLoad function| st_go function| linktracker_init object| wpcom object| portfolios object| google_tag_manager object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_lpabyc string| google_user_agent_client_hint string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| google_llp object| googletag object| GoogleGcLKhOms

18 Cookies

Domain/Path Name / Value
gregorydevans.com/ Name: ct_ps_timestamp
Value: 1650453992
gregorydevans.com/ Name: ct_fkp_timestamp
Value: 0
gregorydevans.com/ Name: ct_timezone
Value: 0
gregorydevans.com/ Name: ct_screen_info
Value: %7B%22fullWidth%22%3A1600%2C%22fullHeight%22%3A1459%2C%22visibleWidth%22%3A1600%2C%22visibleHeight%22%3A1200%7D
gregorydevans.com/ Name: ct_has_scrolled
Value: false
gregorydevans.com/ Name: ct_mouse_moved
Value: false
gregorydevans.com/ Name: ct_checked_emails
Value: 0
.gregorydevans.com/ Name: _gid
Value: GA1.2.748721830.1650453992
.gregorydevans.com/ Name: _gat_gtag_UA_23537697_7
Value: 1
.gregorydevans.com/ Name: _ga_0SJ9ZJTFHY
Value: GS1.1.1650453992.1.0.1650453992.0
.gregorydevans.com/ Name: _ga
Value: GA1.1.2123627854.1650453992
.gregorydevans.com/ Name: __gads
Value: ID=e86227ec67c03eff-22b452227bcd0052:T=1650453992:RT=1650453992:S=ALNI_ManIVQp8J0kCFwGLbsjGH1AegDQ9g
.doubleclick.net/ Name: IDE
Value: AHWqTUnElRM1PF-Fd7eIxH-4QXhUiEWHjvc1gfY0Nw9WzewSJwq3cZI62c22naA5PW4
gregorydevans.com/ Name: ct_pointer_data
Value: %5B%5D
.doubleclick.net/ Name: DSID
Value: NO_DATA
gregorydevans.com/ Name: ct_checkjs
Value: 5bac86129e18119cd15d730968252cf20bb5b1b9ab4f9f182b6931193a75e3ba
.facebook.com/ Name: sb
Value: 6e1fYiCzsGlCKEQ4aDz9z3oc
.facebook.com/ Name: fr
Value: 0lV8rwIlxwn1Pxyfk..BiX-3p.u_.AAA.0.0.BiX-3p.AWWyoCscbEw

7 Console Messages

Source Level URL
Text
network error URL: https://gregorydevans.com/wp-content/cache/minify/6495e.js
Message:
Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network error URL: https://gregorydevans.com/veterans-affairs-takes-on-a-new-scam-pension-poaching-firefox-chrome-microsoftedge-cybersecurity-hacker/?relatedposts=1
Message:
Failed to load resource: the server responded with a status of 500 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
network error URL: https://gregorydevans.com/index.php?rest_route=/cleantalk-antispam/v1/apbct_get_pixel_url
Message:
Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
c0.wp.com
cat.fr.eu.criteo.com
cdnjs.cloudflare.com
connect.facebook.net
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gregorydevans.com
i0.wp.com
p4-bhx2toydeigok-j2hh6c72bwglm2tr-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.wp.com
rtb.nl.eu.criteo.com
static.criteo.net
stats.wp.com
tpc.googlesyndication.com
widget.spreaker.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
108.157.4.100
142.250.186.34
142.250.186.99
178.250.0.139
178.250.0.160
178.250.0.162
192.0.76.3
192.0.77.2
192.0.77.37
2606:4700::6811:180e
2a00:1450:4001:803::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::200a
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:827::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::200e
2a00:1450:4001:831::2004
2a02:2638:1::2
2a02:2638:1::3
2a02:2638::b
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
69.167.152.20
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02af7e03520b6699b7eff36516fcd9fc000f00f6388f8ddeac599d00a76e6d0f
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0bc0d3fcd8dec0d36cf3e023c16c0617b3a992d6c3355e68290ac9822b929c7f
0c3694e532556166659501575b716ad4546655b5825fb9f4094649f65500144f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
1d2ea02adec192014b69524dae475df5701be48d420de7c77ed0d04bd3890d33
1d94fd1a3793df0abe10fb36e59825864e1ec9623496e1e04c9cca624be01394
1da121634eaaca16d476ea87446b9e4d298f1b15f450f70ec6b6a032b769ea75
2112cbe3e044fde1639810a228a934fdcad5bb9c180d94c096f0c981fcda2503
26c8b9f5f31a9702ce6444b7cbe12765ed92e747fcbc2e145461a9f2b84a9fa5
2932abf996373e87fbf2e950876b1962f1b57db954a1643ea68831d9fbb74da4
2985af0fdbd27731ce1f86af293bbd6911dc9ac1c6f9cc76d7630f8dce44e29b
2c210f07aa622eb7c29ec0006334c0b837c009845037e242b472e7acec9b2852
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
38df7811921f0032bc5ef1d56e195b87c7d4a79f14f0053c1088f5999092b138
3d6e2a2d514dace6bc7d74df6ed24f65580b845b0e1a4f93a47f5d46f98afce2
4042b2b59d56f85b0547402233e859a8b2fbfeb506d9bf62af1ea5743b1082f1
40be7b0db5400d6b0d1156098d2bb7594821422a93a78ea753b490f100746e20
420033f9eaf95478a450e558f93ae6d7a5ad950c3e78f38832b47f9e2164418a
444054914c0423dba31bf92b956b86da61ab1531e4744a03e6b2c571c393e633
48043849dc9aa2f3f94c9fec0469dd96452bf872276dd3deacd4b2570220347f
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4bbb558bcc73c6ec7de1a3bfee854935d2acb54b5055f49347a47fff164c2ce2
4c0088d08089d4ecfd95333d9db3b56ac6a3b9af2374e083680b39391f7a75ca
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ec06fba7bce8e7b1a2ae983402eb714c9dcbcb228ea918ae5d97ada5b8924d8
4f35be57a0a2807c9e3728dd631fd6f2a11d05e50fb9ad4544910082498bfdfc
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a17ae8ad24de71f4bd5c2a040f84d492b58b71a982b113024302f5f9f5c9384
5b89819f154f2e791101a020915edb0b0d4cab3afbd1d44721f4313fda5db92f
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
61c0298cc21d2c3a5df38f4c5cda589f1d4275c0565e1d304b5fd8704ecf5197
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
658d61bfd8959c53a3773914545b78bea129532c524d2b264901a79c84f6f4b8
66d098952ad021d6d6794c0fc7d42cff3fd503fe41feebb47089b40b796e3e62
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83c2ad2a820aa55d445d87cbe72948bb4710c3c4b6798e657348c41d92a2e7da
84741cfabf386f46aa60df09e5b06561211409b48524be5befb255824f03f26e
861e51769b027c029bd90f5a632de02e39add98bf43823da605984e255ce39cc
8a2915eb494dcf7da0c53f72acad835999109419a78b1bc2773f7198f178d44e
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9893dd761e1acc82fff30d7fbb903015d1b2691ca1fe3c435f64bee693b9b5eb
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
a80cb48d816decd95547efdcabb21ef97ad16a74306dc456663ec632bb79f31b
a8347ce1ad31403384c03cd328084d7ecd2c075a15d46888071d8abf7aed3663
aadbd1db7b974058659c7ff0e85aedada2c4e191d98b6fabf807289f880925f9
b0ae2d33e6e4638048cf4a238061286f81d1bdb30c1c8fecc45307413fc35eb3
b1443722a53246a220d0814d7291b266d28df93e2f89898ee3b672d199e0fb07
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bbbea591b0ae199be9cb7a4440104754fec406f22437be7a0f04cddcf3acf05d
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
cccd8994cc8bdeb02396dc0b86e2f63a2f79f16b6a6a66e1c67c66092ce73ef2
cf1ed759068e86cd44e8f0e72daeb8806a72ea170bb427d5efe515a0c3ec21ba
d14a9161a436c8109754a3f5c63b37e20c53394eb8a6d7f171e83a607a9fd400
d9a5fac8f773ad90531e1728010425701eef81b5c2b3c4bdb1f4ce79299100e1
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e1c2193f0193163e63be0a4aabaaf0cacaaac468089b9e592118b0ab540d8754
e252e4c94e9535ed7fcafe3cb00de6168906f51015292bbf608034c69cc9f2c4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebb5e605665369ef07a4062a2189d32777967a3078990bf7bad78833e5a06078
ec10e3467e98d4306a63782e79bedc4f5eec105a2dd32d13ab55a70be27d1941
ed8dafac3fb0bb29f3986343b67799f5e7562fa3fe4c015468bdd237d5574355
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e68916f94a7c4d63f13173e139a8a500ebd58c1ebbe85f4dcc2e664c91f05f
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
fa7ffee082a930898e4f43afbf57031e41ebdfc81f58398fc07b4aeb4e98f05b
fe66ac5df69c78be7dfcf75943079129dbf24a254e89febc5a7e916d40de43bc
ff5aac9870f1410129ad566213ad662fb603e1ac7bb284712142b38426cbe9a2