arstechnica.com Open in urlscan Pro
3.131.184.180 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Submission: On October 19 via manual (October 19th 2023, 1:00:00 pm UTC) from MA — Scanned from DE

Summary HTTP 172 Redirects Links 60 Behaviour Indicators

Summary

This website contacted 50 IPs in 6 countries across 38 domains to perform 172 HTTP transactions. The main IP is 3.131.184.180, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is arstechnica.com. The Cisco Umbrella rank of the primary domain is 44315.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 28th 2023. Valid for: a year.

This is the only time arstechnica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	3.131.184.180 3.131.184.180	16509 (AMAZON-02) (AMAZON-02)
26	205.234.175.175 205.234.175.175	23352 (SERVERCEN...) (SERVERCENTRAL)
10	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2600:9000:212... 2600:9000:2127:a800:17:b7d9:a700:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6813:9117	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:7fc0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:7416::1	15169 (GOOGLE) (GOOGLE)
8	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
1	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	52.7.215.88 52.7.215.88	14618 (AMAZON-AES) (AMAZON-AES)
1	13.32.121.43 13.32.121.43	16509 (AMAZON-02) (AMAZON-02)
3	65.9.95.94 65.9.95.94	16509 (AMAZON-02) (AMAZON-02)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
1	13.226.89.88 13.226.89.88	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:212... 2600:9000:2127:cc00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	23.35.237.151 23.35.237.151	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:440... 2606:4700:4400::ac40:9256	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.202.170.110 18.202.170.110	16509 (AMAZON-02) (AMAZON-02)
3	65.9.90.93 65.9.90.93	16509 (AMAZON-02) (AMAZON-02)
1	65.9.89.147 65.9.89.147	16509 (AMAZON-02) (AMAZON-02)
2	44.215.116.28 44.215.116.28	14618 (AMAZON-AES) (AMAZON-AES)
1	130.162.160.243 130.162.160.243	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	18.213.249.75 18.213.249.75	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.64.239 151.101.64.239	54113 (FASTLY) (FASTLY)
1	65.9.95.29 65.9.95.29	16509 (AMAZON-02) (AMAZON-02)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
1	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.224.24.192 34.224.24.192	14618 (AMAZON-AES) (AMAZON-AES)
42	65.9.94.155 65.9.94.155	16509 (AMAZON-02) (AMAZON-02)
7	34.107.161.9 34.107.161.9	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.173.112.203 35.173.112.203	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:7611	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2	2600:1901:0:4... 2600:1901:0:4277::1	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.75.88.209 104.75.88.209	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
3	65.9.95.57 65.9.95.57	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.172.145.232 35.172.145.232	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
5	65.9.95.69 65.9.95.69	16509 (AMAZON-02) (AMAZON-02)
172	50

1 3.131.184.180 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-131-184-180.us-east-2.compute.amazonaws.com

arstechnica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 205.234.175.175 (Carrollton, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net

cdn.arstechnica.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:a800:17:b7d9:a700:93a1 (United States)

ASN16509 (AMAZON-02, US)

ads-static.conde.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9117 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.mediavoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
plugin.mediavoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:7fc0 (United States)

ASN13335 (CLOUDFLARENET, US)

polarcdn-terrax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:7416::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

shiverscissors.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.193.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidanalytics.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.7.215.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-215-88.compute-1.amazonaws.com

api.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-43.fra60.r.cloudfront.net

cdn.memo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.95.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-94.prg50.r.cloudfront.net

player.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.89.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-89-88.prg50.r.cloudfront.net

z-na.associates-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2127:cc00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9256 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.202.170.110 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-170-110.eu-west-1.compute.amazonaws.com

segment-data.zqtk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.90.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-90-93.prg50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.89.147 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-89-147.prg50.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.215.116.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-116-28.compute-1.amazonaws.com

assoc-na.associates-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.162.160.243 (Slough, United Kingdom)

ASN31898 (ORACLE-BMC-31898, US)

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.249.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-249-75.compute-1.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.239 (United States)

ASN54113 (FASTLY, US)

api.condenast.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-29.prg50.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.180 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.224.24.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-24-192.compute-1.amazonaws.com

prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 65.9.94.155 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-94-155.prg50.r.cloudfront.net

dwgyu36up6iuz.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.107.161.9 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 9.161.107.34.bc.googleusercontent.com

permutive.arstechnica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.173.112.203 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-112-203.compute-1.amazonaws.com

elsa.memoinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7611 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

am-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:4277::1 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

planebasin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.95.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-57.prg50.r.cloudfront.net

player-frontend.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.172.145.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-145-232.compute-1.amazonaws.com

capture.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.95.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-69.prg50.r.cloudfront.net

dp8hsntg6do36.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	cloudfront.net dwgyu36up6iuz.cloudfront.net dp8hsntg6do36.cloudfront.net	1 MB
26	arstechnica.net cdn.arstechnica.net — Cisco Umbrella Rank: 54206	973 KB
12	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1126 trc.taboola.com — Cisco Umbrella Rank: 680 am-trc-events.taboola.com — Cisco Umbrella Rank: 15139 vidanalytics.taboola.com — Cisco Umbrella Rank: 10623	342 KB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 385	251 KB
8	cnevids.com api.cnevids.com — Cisco Umbrella Rank: 109934 player.cnevids.com — Cisco Umbrella Rank: 22587 player-frontend.cnevids.com — Cisco Umbrella Rank: 27652	372 KB
8	arstechnica.com arstechnica.com — Cisco Umbrella Rank: 44315 permutive.arstechnica.com — Cisco Umbrella Rank: 88482	20 KB
7	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 4246 r.skimresources.com — Cisco Umbrella Rank: 4126 t.skimresources.com — Cisco Umbrella Rank: 4281 p.skimresources.com — Cisco Umbrella Rank: 5648	15 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 334 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 657	69 KB
4	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 720 pixel.adsafeprotected.com — Cisco Umbrella Rank: 936	15 KB
3	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 498	386 KB
3	associates-amazon.com z-na.associates-amazon.com — Cisco Umbrella Rank: 11935 assoc-na.associates-amazon.com — Cisco Umbrella Rank: 4343	4 KB
2	planebasin.com planebasin.com — Cisco Umbrella Rank: 110237	859 B
2	memoinsights.com elsa.memoinsights.com — Cisco Umbrella Rank: 36571	1 KB
2	amazon.dev prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 3902	128 B
2	moatads.com z.moatads.com — Cisco Umbrella Rank: 712 mb.moatads.com — Cisco Umbrella Rank: 779	79 KB
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 655	546 B
2	polarcdn-terrax.com polarcdn-terrax.com — Cisco Umbrella Rank: 10476	3 KB
2	mediavoice.com 1 redirects cdn.mediavoice.com — Cisco Umbrella Rank: 62456 plugin.mediavoice.com — Cisco Umbrella Rank: 46403	138 KB
2	conde.digital ads-static.conde.digital — Cisco Umbrella Rank: 22337	475 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108	14 KB
1	condenastdigital.com capture.condenastdigital.com — Cisco Umbrella Rank: 19778	48 B
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 187	53 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 344	17 KB
1	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 965	702 B
1	permutive.com cdn.permutive.com — Cisco Umbrella Rank: 3138	240 KB
1	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 261	572 B
1	prmutv.co bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co — Cisco Umbrella Rank: 34251	392 B
1	condenast.io api.condenast.io — Cisco Umbrella Rank: 30411	6 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1781	18 KB
1	zqtk.net segment-data.zqtk.net — Cisco Umbrella Rank: 11517	569 B
1	permutive.app cdn.permutive.app — Cisco Umbrella Rank: 10262	210 KB
1	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214	133 KB
1	memo.co cdn.memo.co — Cisco Umbrella Rank: 42738	7 KB
1	criteo.com gum.criteo.com — Cisco Umbrella Rank: 478	288 B
1	shiverscissors.com shiverscissors.com — Cisco Umbrella Rank: 124885	24 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	139 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	29 KB
0	getrockerbox.com Failed metrics.getrockerbox.com Failed
172	38

	Domain	Requested by
42	dwgyu36up6iuz.cloudfront.net	arstechnica.com player-frontend.cnevids.com
26	cdn.arstechnica.net	arstechnica.com cdn.arstechnica.net
10	cdn.cookielaw.org	arstechnica.com cdn.cookielaw.org
7	permutive.arstechnica.com	cdn.permutive.app
6	cdn.taboola.com	arstechnica.com cdn.taboola.com
5	dp8hsntg6do36.cloudfront.net	player-frontend.cnevids.com
4	am-trc-events.taboola.com	cdn.taboola.com
3	player-frontend.cnevids.com	player.cnevids.com player-frontend.cnevids.com
3	imasdk.googleapis.com	player.cnevids.com imasdk.googleapis.com
3	c.amazon-adsystem.com	ads-static.conde.digital c.amazon-adsystem.com
3	static.adsafeprotected.com	arstechnica.com ads-static.conde.digital player.cnevids.com
3	t.skimresources.com	arstechnica.com s.skimresources.com
3	player.cnevids.com	arstechnica.com cdn.arstechnica.net player.cnevids.com
2	planebasin.com	shiverscissors.com
2	elsa.memoinsights.com	cdn.memo.co
2	prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	c.amazon-adsystem.com
2	assoc-na.associates-amazon.com	z-na.associates-amazon.com
2	p.skimresources.com	arstechnica.com
2	api.cnevids.com	cdn.arstechnica.net
2	geolocation.onetrust.com	cdn.cookielaw.org
2	polarcdn-terrax.com	arstechnica.com cdn.mediavoice.com
2	ads-static.conde.digital	arstechnica.com ads-static.conde.digital
1	vidanalytics.taboola.com	cdn.taboola.com
1	pagead2.googlesyndication.com	imasdk.googleapis.com
1	capture.condenastdigital.com
1	connect.facebook.net	player-frontend.cnevids.com
1	s0.2mdn.net	imasdk.googleapis.com
1	ct.pinterest.com	arstechnica.com
1	cdn.permutive.com	cdn.permutive.app
1	ib.adnxs.com	cdn.permutive.app
1	bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co	cdn.permutive.app
1	trc.taboola.com	cdn.taboola.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	api.condenast.io	player.cnevids.com
1	pixel.adsafeprotected.com	static.adsafeprotected.com
1	mb.moatads.com	z.moatads.com
1	www.datadoghq-browser-agent.com	ads-static.conde.digital
1	plugin.mediavoice.com	cdn.mediavoice.com
1	segment-data.zqtk.net	ads-static.conde.digital
1	cdn.permutive.app	ads-static.conde.digital
1	z.moatads.com	ads-static.conde.digital
1	securepubads.g.doubleclick.net	www.googletagservices.com
1	z-na.associates-amazon.com	www.googletagmanager.com
1	r.skimresources.com	s.skimresources.com
1	cdn.memo.co	arstechnica.com
1	gum.criteo.com	cdn.taboola.com
1	shiverscissors.com	arstechnica.com
1	www.googletagmanager.com	arstechnica.com
1	s.skimresources.com	arstechnica.com
1	cdn.mediavoice.com	1 redirects
1	www.googletagservices.com	arstechnica.com
1	arstechnica.com
0	metrics.getrockerbox.com Failed
172	53

This site contains links to these domains. Also see Links.

Domain
video.arstechnica.com
www.condenast.com
cdn.arstechnica.net
keepass.info
www.malwarebytes.com
en.wikipedia.org
www.arstechnica.com
twitter.com
mastodon.social
www.facebook.com
www.youtube.com
www.instagram.com
condenast.com

Subject Issuer	Validity	Valid
*.arstechnica.com Amazon RSA 2048 M01	`2023-09-28` - `2024-10-25`	a year	crt.sh
*.cachefly.net GlobalSign RSA OV SSL CA 2018	`2022-11-01` - `2023-12-03`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
ads-static.conde.digital Amazon RSA 2048 M02	`2023-03-20` - `2024-04-17`	a year	crt.sh
*.skimresources.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-25` - `2023-11-08`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
shiverscissors.com R3	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
cnevideos.com Amazon RSA 2048 M02	`2023-02-28` - `2023-12-29`	10 months	crt.sh
memo.co Amazon RSA 2048 M02	`2023-03-28` - `2024-04-25`	a year	crt.sh
*.cnevids.com Amazon RSA 2048 M02	`2023-08-18` - `2024-09-14`	a year	crt.sh
assoc-na.associates-amazon.com Amazon RSA 2048 M01	`2023-03-08` - `2024-03-07`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2023-09-07` - `2023-12-06`	3 months	crt.sh
*.zqtk.net Amazon RSA 2048 M02	`2023-06-18` - `2024-07-16`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-14` - `2024-01-16`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-06-20` - `2024-07-20`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-29` - `2024-04-27`	a year	crt.sh
condenast.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-06-13` - `2024-07-14`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
*.prmutv.co R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev Amazon RSA 2048 M02	`2022-12-27` - `2024-01-25`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
a.api.permutive.app R3	`2023-09-10` - `2023-12-09`	3 months	crt.sh
memoinsights.com Amazon RSA 2048 M02	`2023-03-28` - `2024-04-25`	a year	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
planebasin.com R3	`2023-08-07` - `2023-11-05`	3 months	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-07` - `2024-08-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-28` - `2023-10-26`	3 months	crt.sh
conde.io Amazon RSA 2048 M02	`2023-06-27` - `2024-07-25`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Frame ID: CC2FBF5619CBEDE28F24BDEB746A6543
Requests: 155 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.18828247094455164
Frame ID: 15F1B51C564FB583994AF58DC91272D9
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 0C94990DF2CBFAE97664F07171231394
Requests: 20 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.595.0_en.html
Frame ID: A15723A1AA0A6493B08434D24CF5DF7C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8363E8D016619A1CD0DC38D24521304A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

172
Requests

95 %
HTTPS

37 %
IPv6

38
Domains

53
Subdomains

50
IPs

6
Countries

5514 kB
Transfer

14055 kB
Size

12
Cookies

60 Outgoing links

These are links going to different origins than the main page.

URL: http://video.arstechnica.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.condenast.com/brands/ars-technica
Title: Advertise with Ars

Search URL Search Domain Scan URL

URL: https://cdn.arstechnica.net/wp-content/uploads/2023/08/warning.jpg
Title: Enlarge

Search URL Search Domain Scan URL

URL: https://cdn.arstechnica.net/wp-content/uploads/2023/10/malicious-keepass-ad-google.png

Search URL Search Domain Scan URL

URL: https://keepass.info/
Title: genuine Keepass site

Search URL Search Domain Scan URL

URL: https://cdn.arstechnica.net/wp-content/uploads/2023/10/fake-keepass-website.png

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
Title: post Wednesday

Search URL Search Domain Scan URL

URL: https://cdn.arstechnica.net/wp-content/uploads/2023/10/keepass-digitaleagle.png

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Punycode
Title: punycode

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-unsolved-mysteries-of-quantum-leap-with-donald-p-bellisario
Title: Unsolved Mysteries Of Quantum Leap With Donald P. Bellisario

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-unsolved-mysteries-of-warhammer-40k-with-author-dan-abnett
Title: Unsolved Mysteries Of Warhammer 40K With Author Dan Abnett

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/sitrep-f-16-replacement-search-a-signal-of-f-35-fail
Title: SITREP: F-16 replacement search a signal of F-35 fail?

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/sitrep-boeing-707
Title: Sitrep: Boeing 707

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/personal-history-steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube
Title: Steve Burke of GamersNexus Reacts To Their Top 1000 Comments On YouTube

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube
Title: Modern Vintage Gamer Reacts To His Top 1000 Comments On YouTube

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-the-nes-conquered-a-skeptical-america-in-1985
Title: How The NES Conquered A Skeptical America In 1985

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/scott-manley-reacts-to-his-top-1000-youtube-comments
Title: Scott Manley Reacts To His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/how-immersive-stories-deepen-the-horror-of-games-like-soma-and-amnesiac-rebirth
Title: How Horror Works in Amnesia: Rebirth, Soma and Amnesia: The Dark Descent

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/lgrs-clint-basinger-reacts-to-his-top-1000-youtube-comments
Title: LGR's Clint Basinger Reacts To His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/the-f-35-s-next-tech-upgrade
Title: The F-35's next tech upgrade

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-one-gameplay-decision-changed-diablo-forever
Title: How One Gameplay Decision Changed Diablo Forever

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-unsolved-mysteries-mortal-kombat
Title: Unsolved Mortal Kombat Mysteries With Dominic Cianciolo From NetherRealm Studios

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/us-navy-gets-an-italian-accent
Title: US Navy Gets an Italian Accent

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-amazons-undone-brought-dreams-to-life-through-rotoscope-and-oil-paints
Title: How Amazon’s “Undone” Animates Dreams With Rotoscoping And Oil Paints

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit
Title: Fighter Pilot Breaks Down Every Button in an F-15 Cockpit

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-nba-jam-became-a-billion-dollar-slam-dunk
Title: How NBA JAM Became A Billion-Dollar Slam Dunk

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/linus-tech-tips-reacts-to-his-top-1000-youtube-comments
Title: Linus "Tech Tips" Sebastian Reacts to His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-alan-wake-was-rebuilt-3-years-into-development
Title: How Alan Wake Was Rebuilt 3 Years Into Development

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-prince-of-persia-defeated-apple-ii-s-memory-limitations
Title: How Prince of Persia Defeated Apple II's Memory Limitations

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-crash-bandicoot-hacked-the-playstation-to-run
Title: How Crash Bandicoot Hacked The Original Playstation

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-myst
Title: Myst: The challenges of CD-ROM | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/markiplier-reacts-to-his-top-1000-youtube-comments
Title: Markiplier Reacts To His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-the-evolution-of-oddworld-and-what-comes-next
Title: How Mind Control Saved Oddworld: Abe's Oddysee

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe
Title: Bioware answers unsolved mysteries of the Mass Effect universe

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-civilization
Title: Civilization: It's good to take turns | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/sitrep-dod-resets-ballistic-missile-interceptor-program
Title: SITREP: DOD Resets Ballistic Missile Interceptor program

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/warframe-s-rebecca-ford-reviews-your-characters
Title: Warframe's Rebecca Ford reviews your characters

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-subnautica
Title: Subnautica: A world without guns | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-slay-the-spire-war-stories
Title: How Slay the Spire’s Original Interface Almost Killed the Game | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-amnesia-the-dark-descent-the-horror-facade
Title: Amnesia: The Dark Descent - The horror facade | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-c-and-c-tiberian-sun
Title: Command & Conquer: Tiberian Sun | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-blade-runner-skinjobs-voxels-and-future-noir
Title: Blade Runner: Skinjobs, voxels, and future noir | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-dead-space-the-drag-tentacle
Title: Dead Space: The Drag Tentacle | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/teach-the-controversy-flat-earthers
Title: Teach the Controversy: Flat Earthers

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-gets-a-crucial-green-light
Title: Delta V: The Burgeoning World of Small Rockets, Paul Allen's Huge Plane, and SpaceX Gets a Crucial Green-light

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/chris-hadfield-explains-his-space-oddity-video
Title: Chris Hadfield explains his 'Space Oddity' video

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/apollo-the-greatest-leap-episode-1-risk
Title: The Greatest Leap, Episode 1: Risk

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-ultima-online-the-virtual-ecology
Title: Ultima Online: The Virtual Ecology | War Stories

Search URL Search Domain Scan URL

URL: https://video.arstechnica.com/
Title: More videos

Search URL Search Domain Scan URL

URL: https://twitter.com/arstechnica

Search URL Search Domain Scan URL

URL: https://mastodon.social/@arstechnica

Search URL Search Domain Scan URL

URL: https://www.facebook.com/arstechnica

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@arstechnica

Search URL Search Domain Scan URL

URL: https://www.instagram.com/arstechnica/

Search URL Search Domain Scan URL

URL: http://condenast.com/

Search URL Search Domain Scan URL

URL: https://www.condenast.com/user-agreement/
Title: User Agreement

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/
Title: Privacy Policy and Cookie Statement

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/#california
Title: Your California Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.condenast.com/online-behavioral-advertising-oba-and-how-to-opt-out-of-oba/#clickheretoreadmoreaboutonlinebehavioraladvertising(oba)
Title: Ad Choices

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy
Title: More information about your privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js HTTP 301
https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js

172 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 60 KB
18 KB 431ms
212ms Document
text/html 3.131.184.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.131.184.180 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-131-184-180.us-east-2.compute.amazonaws.com

Software

nginx/1.23.4 / PHP/8.1.19

Resource Hash

ec1beb5e0e2d6b015b4664703c00979d018257327c147ffb42a74339b542b043

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 19 Oct 2023 12:59:54 GMT
link: <https://arstechnica.com/wp-json/wp/v2/posts/1977141>; rel="alternate"; type="application/json"
server: nginx/1.23.4
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/8.1.19
x-xss-protection: 1; mode=block

GET
H2 200 main-1eae76c908.css
cdn.arstechnica.net/wp-content/themes/ars/assets/css/ 337 KB
71 KB 104ms
24ms Stylesheet
text/css 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 61fa63adf47d4b3d236cdff13deaa504de0546485106eaa1f0e98b1786815670

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696362654
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 167cfe8547881c2bfa68f43f56fd01cc
content-length: 72292
x-cf2: H
last-modified: Tue, 03 Oct 2023 19:42:27 GMT
server: CFS 0215
x-cff: B
etag: W/"651c6ea3-5448b"
content-type: text/css
access-control-allow-origin: *
cf4age: 0
accept-ranges: bytes

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 51ms
33ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: h6ThlO7ea17v6JNPXbI1zQ==
age: 73500
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6822
x-ms-lease-status: unlocked
last-modified: Tue, 17 Oct 2023 03:32:40 GMT
server: cloudflare
etag: 0x8DBCEC1B778F120
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 39ab5dcb-301e-008d-1533-010e51000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 818933701c4c9a35-FRA

GET
H2 200 otCCPAiab.js Show response
cdn.cookielaw.org/opt-out/ 22 KB
6 KB 47ms
30ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/opt-out/otCCPAiab.js

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: ERttG9+iQk1LCPjR495NRw==
age: 30190
x-ms-lease-status: unlocked
last-modified: Tue, 22 Feb 2022 22:01:18 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 84ed10d5-601e-00ec-3ce1-5ad09f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 818933701c4a9a35-FRA

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 89 KB
29 KB 112ms
88ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0ba0ab7576240fc7fa00dee2adb52faccef5a1fb710c3e8e1233c0e1caf5fce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29127
x-xss-protection: 0
server: cafe
etag: 392 / 19649 / 31078905 / config-hash: 14863387668746949887
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 12:59:54 GMT

GET
H2 200 ars-technica.min.js Show response
ads-static.conde.digital/production/cns/builds/ars-technica/ 141 KB
141 KB 132ms
38ms Script
application/javascript 2600:9000:2127:a800:17:b7d9:a700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:a800:17:b7d9:a700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d8d9e669ba66861451060f87f8b59bdd5faecf841f98aaa2b0da95d8c0d07d82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: Kblnb91Zi31tZlaDhgXD.HnxA9n0hB1W
date: Thu, 19 Oct 2023 12:46:28 GMT
via: 1.1 9b9ab8e6e595847652a9158c684a8926.cloudfront.net (CloudFront)
last-modified: Mon, 09 Oct 2023 14:51:38 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 807
x-amz-server-side-encryption: AES256
etag: "cf754f035b5e33e051ad290ff156e0a5"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=900, stale-while-revalidate=3600, stale-if-error=86400
accept-ranges: bytes
content-length: 143929
x-amz-cf-id: kfuL7uIrfqv3m1zQ_s3VcBmh5WPAVq7efFYQ6JNvCYMCZJ4diAqeuQ==

GET
H2 200 ars-84a4ab0802.ads.us.js Show response
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 3 KB
1 KB 102ms
23ms Script
application/javascript 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/ars-84a4ab0802.ads.us.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 16708dda2536b4b3782313db4a6ec8456cd84da7ae0f56d7d2455e68fc9bc4f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391173
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 08ff82960c3f4b1359e8d5f25d64435c
content-length: 1143
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:52:15 GMT
server: CFS 0215
x-cff: B
etag: W/"649db6bf-bc0"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 275415
accept-ranges: bytes
x-cf-rand: 98.436

GET
H2 200 style.min.css
cdn.arstechnica.net/wp/wp-includes/css/dist/block-library/ 87 KB
15 KB 126ms
47ms Stylesheet
text/css 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391173
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: db3b144ec4703d6dce2f3d0ac27e6158
content-length: 14508
x-cf2: H
last-modified: Mon, 17 Oct 2022 21:17:21 GMT
server: CFS 0215
x-cff: B
etag: W/"634dc661-15b64"
content-type: text/css
access-control-allow-origin: *
cf4age: 19313276
accept-ranges: bytes
x-cf-rand: 94.719

GET
H2 200 comments.css
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/ 4 KB
1 KB 128ms
49ms Stylesheet
text/css 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/comments.css?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 76a942b00d27a492f8c322bd161121bf2c010d6453ded0cc0788477bc1c7f61d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391173
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: c5065545d8fb879b48d83aab1e1bac65
content-length: 1101
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:49:36 GMT
server: CFS 0215
x-cff: B
etag: W/"649db620-10e6"
content-type: text/css
access-control-allow-origin: *
cf4age: 273447
accept-ranges: bytes
x-cf-rand: 0.448

GET
H2 200 paywall.css
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/ 839 B
1 KB 128ms
49ms Stylesheet
text/css 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/paywall.css?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 4046579e6e4eb157620e7ed218f64cca8b290ba6269d762df786c3c5e069cc5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391173
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 93c99330137bfc91abb36644d043d6ac
content-length: 839
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:49:36 GMT
server: CFS 0215
x-cff: B
etag: "649db620-347"
content-type: text/css
access-control-allow-origin: *
cf4age: 273447
accept-ranges: bytes
x-cf-rand: 14.723

GET
H2 200 warning-800x534.jpg
cdn.arstechnica.net/wp-content/uploads/2023/08/ 45 KB
46 KB 128ms
50ms Image
image/jpeg 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2023/08/warning-800x534.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 6ae09cd20041ec0f2769082d1a2b11c972b3ba6ab05d21b19a1419b3010b504d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-version-id: KdC3VMh0Da2rWk0uR8aX_SVsjX3XgJPh
x-cf-tsc: 1697691140
x-cf3: H
x-amz-request-id: 5NC4TMZMH71AYVWW
cf4ttl: 43200.000
x-amz-server-side-encryption: AES256
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:M
x-cf-reqid: 8695ca6e91f1aee7b8a793fdb2e65f4e
x-amz-replication-status: COMPLETED
content-length: 46312
x-amz-id-2: jbJC63iV0bDOCBN4xUHbDihbvzPiiN2zSFB5pWiSxDyV9A/YPvnDXXyqIeF/fS+zyyF7a9bGx+A=
x-cf2: H
last-modified: Tue, 08 Aug 2023 12:54:39 GMT
server: CFS 0215
x-cff: B
etag: "2ae470b94a30bec61927b849575250b0"
content-type: image/jpeg
access-control-allow-origin: *
cf4age: 47
accept-ranges: bytes
x-cf-rand: 27.088

GET
H2 200 malicious-keepass-ad-google-640x477.png
cdn.arstechnica.net/wp-content/uploads/2023/10/ 122 KB
123 KB 45ms
45ms Image
image/png 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2023/10/malicious-keepass-ad-google-640x477.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: fde25ad09c5d4bf924bb2bf5b118b68a94ed2124dc5c6fa2182f8415ed935f4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-version-id: wSR0PWKCEauci_UIbvTvKrccSYHPeLJv
x-cf-tsc: 1697691209
x-cf3: H
x-amz-request-id: S95WDSMGV7S21JAZ
cf4ttl: 43200.000
x-amz-server-side-encryption: AES256
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:M
x-cf-reqid: cb19e1ef468742fc38ecbd5598111258
x-amz-replication-status: COMPLETED
content-length: 125127
x-amz-id-2: pJu/mOXuthY+Nfi8Dr32eryZDIz2Y+IPxzMkyoWmXk6Mpm/wpjEZ7mIYL8fTBnCWQnrvk1GdkFE=
x-cf2: H
last-modified: Thu, 19 Oct 2023 04:40:10 GMT
server: CFS 0215
x-cff: B
etag: "d6632fb1b5132ee0fe173c4213165815"
content-type: image/png
access-control-allow-origin: *
cf4age: 88
accept-ranges: bytes

GET
H2 200 fake-keepass-website-640x393.png
cdn.arstechnica.net/wp-content/uploads/2023/10/ 117 KB
118 KB 43ms
39ms Image
image/png 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2023/10/fake-keepass-website-640x393.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: eda376c50be465fcdba41f675393693c3625289c74b025f625722d400ecaafc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-version-id: ieaGorzfsK_TigEJfiCH88XX8XXMGjPw
x-cf-tsc: 1697691209
x-cf3: H
x-amz-request-id: S95ZTMMMW554JAP4
cf4ttl: 43200.000
x-amz-server-side-encryption: AES256
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:M
x-cf-reqid: 9cb6eefe778ebdebbccd314bc85cf6b3
x-amz-replication-status: COMPLETED
content-length: 119778
x-amz-id-2: vWjdy1YB2PUjAGGkT3VbAKooDLb3FCGYQKIhkFtUzPZyUecfAMmD1TaZ9EHTx317pTG8W0DeRis=
x-cf2: H
last-modified: Thu, 19 Oct 2023 04:41:31 GMT
server: CFS 0215
x-cff: B
etag: "fa13d68120ed292884f095ce36e81dbe"
content-type: image/png
access-control-allow-origin: *
cf4age: 88
accept-ranges: bytes

GET
H2 200 keepass-digitaleagle-640x517.png
cdn.arstechnica.net/wp-content/uploads/2023/10/ 43 KB
44 KB 52ms
49ms Image
image/png 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2023/10/keepass-digitaleagle-640x517.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 93bea8408610109650029c023b88d039114aa9be5663eeaa1b3fbbc7244ad50d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-version-id: 3wCZZ0Yjp3ni6YyDAA0i4FKQsdlAwqHj
x-cf-tsc: 1697691209
x-cf3: H
x-amz-request-id: S95NTF7SFQYCAS5C
cf4ttl: 43200.000
x-amz-server-side-encryption: AES256
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:M
x-cf-reqid: 8a9b35837e63828de25b633c748f7cf5
x-amz-replication-status: COMPLETED
content-length: 44243
x-amz-id-2: AoMRFJwsQ6Qafh/pBe4jxRUSZ5LMTIN4l8ayEixBIxCfcFJT1Uadh1GeZtSOD5NVspWQLz4ujTs=
x-cf2: H
last-modified: Thu, 19 Oct 2023 04:43:11 GMT
server: CFS 0215
x-cff: B
etag: "b06ffdca944b78f609f2b9e9e587f752"
content-type: image/png
access-control-allow-origin: *
cf4age: 88
accept-ranges: bytes

GET
H2 200 privacyoptions123x59-c5c9972158.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 1 KB
1 KB 41ms
39ms Image
image/png 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/privacyoptions123x59-c5c9972158.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 3ffb2898bfdc64f6aa63183418b7c42a529f37505c70f68270abf62d90d6babe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391174
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 7e33a7ad1b921e24986351f16e3db0fd
content-length: 1188
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:52:15 GMT
server: CFS 0215
x-cff: B
etag: "649db6bf-4a4"
content-type: image/png
access-control-allow-origin: *
cf4age: 210369
accept-ranges: bytes

GET
H2 200 main-9e780dd793.js Show response
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 626 KB
204 KB 27ms
24ms Script
application/javascript 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 82c48e4f43352a8f0c34f9ad13be89d22a8439ba8e322e2300499871d242aa0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1695915473
content-encoding: gzip
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: af95f30f7a38d271c155307bc1aa4a2a
content-length: 208280
x-cf2: H
last-modified: Thu, 28 Sep 2023 15:26:33 GMT
server: CFS 0215
x-cff: B
etag: W/"65159b29-9c6f8"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 0
accept-ranges: bytes

GET
H2

200

conde-asa-polar-master.js Show response
polarcdn-terrax.com/nativeads/script/condenastcorporate/
Redirect Chain

https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js

5 KB
2 KB

70ms
32ms

Script
text/javascript

2606:4700::6812:7fc0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Server: 2606:4700::6812:7fc0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
via: 1.1 varnish
cf-cache-status: HIT
last-modified: Thu, 19 Oct 2023 06:06:14 GMT
server: cloudflare
age: 13619
vary: Accept-Encoding
content-type: text/javascript
x-varnish: 3609622394
cache-control: max-age=21600
accept-ranges: bytes
cf-ray: 818933720a729a3b-FRA
content-length: 2018

Redirect headers

date: Thu, 19 Oct 2023 12:59:54 GMT
server: cloudflare
vary: Accept-Encoding
location: https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
x-country: DE
cache-control: max-age=3600
cf-ipcountry: DE
cf-ray: 818933713d8f9a2f-FRA
expires: Thu, 19 Oct 2023 13:59:54 GMT

GET
H/1.1 200
OK 100098X1555750.skimlinks.js Show response
s.skimresources.com/js/ 36 KB
14 KB 83ms
21ms Script
application/octet-stream 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: e213cf8f887633ac8924c0390bb121f259a895ab8432013f5b6e1c37727802aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jun 2023 15:01:52 GMT
Server: AmazonS3
x-amz-request-id: EC4MQPW9BNQT1F90
ETag: "7c5963972efe352a00c4f008ac8c383b"
X-HW: 1697720394.cds249.lo4.hn,1697720394.cds222.lo4.c
Content-Type: application/octet-stream
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13836
x-amz-id-2: 3VkQo86/CwfEclMxFGwMJUFRC+XnUoumejNAqaU4yANnA6iDDC5rj67V0WdxaIzHYFs6GIcClbM=

GET
H2 200 iframeResizer.min.js Show response
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/ 14 KB
6 KB 42ms
40ms Script
application/javascript 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/iframeResizer.min.js?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 4bc7f443f57d55c7eba98816a3d1054bdcee0cc74f4c1302f82056d118f141bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391174
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 556d18f3daf3c6f86ea0e7b5bc549ac8
content-length: 5969
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:49:36 GMT
server: CFS 0215
x-cff: B
etag: W/"649db620-3734"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 255223
accept-ranges: bytes
x-cf-rand: 69.475

GET
H2 200 iframe.js Show response
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/ 7 KB
2 KB 26ms
23ms Script
application/javascript 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/iframe.js?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: c390e14d82304a2d9f01faedb819791a5553764c90bd4830c3a27b6108006644

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391174
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 9e9453f199ace092e9efb301c89a6e00
content-length: 1697
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:49:36 GMT
server: CFS 0215
x-cff: B
etag: W/"649db620-1c92"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 210392
accept-ranges: bytes

GET
H2 200 b10882a1-8446-4e7d-bfb2-ce2c770ad910.json Show response
cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/ 6 KB
3 KB 45ms
29ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b10882a1-8446-4e7d-bfb2-ce2c770ad910.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7abbd200510b514fce325237f0a9149fde8bc489e85934801aea98cf24c3d50c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 83600
content-md5: WFnzmDf9rc3pwweNZtoQ3Q==
content-length: 2015
x-ms-lease-status: unlocked
last-modified: Mon, 02 Oct 2023 13:37:49 GMT
server: cloudflare
etag: 0x8DBC34CC55C24C9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 931eab10-b01e-0005-0c35-f5eb58000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81893370fb5c1cbd-FRA
expires: Fri, 20 Oct 2023 12:59:54 GMT

GET
H2 200 dnsfeed Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 75 B
243 B 45ms
24ms Script
text/javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/dnsfeed

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e949e0ba546cccd944b7fc64ebc3f97123638dd1b3af8eec5732cd599c2ed46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
cf-ray: 8189337109e79a1e-FRA
vary: Accept-Encoding
content-type: text/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 515 KB
139 KB 40ms
16ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

91eb1f5a1d91c121061548cb3e3797421572c15943030ac0a398484b2d86326c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141350
x-xss-protection: 0
last-modified: Thu, 19 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Oct 2023 12:59:54 GMT

GET
H2 200 v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU Show response
shiverscissors.com/ 68 KB
24 KB 69ms
25ms Script
text/javascript 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

dccefe9d1209e85a5edeb399ee2e7ba50d0540f5ce29cc86775090c89dfab1ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Thu, 19 Oct 2023 12:59:54 GMT
x-datacenter: gce-europe-west1
etag: "9b7db0ad5ab9acba6e5da0a0d0c507e26eda3a640bb1351413a2e17720b42de1"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-test-cmwb
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 1033761249
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/condenast1-network/ 309 KB
79 KB 30ms
7ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef6ff5f0c4b32cd4482ed02e3b1b80194dbd1fa477675008b793b71e31074f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: czxR6vvv47MyHGcO1tLBoIAauPOUg42g
content-encoding: gzip
via: 1.1 varnish
date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-request-id: CJ5F1VVDRJTC5VBZ
age: 4305
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 80221
x-amz-id-2: yMEWiSEq2IFzfkW80xS1j89WClpMvROi9fWkb74EkTrmgq+/UxIBr2P1zjeYuZt4zgkbdFa1WL4=
x-served-by: cache-fra-eddf8230123-FRA
last-modified: Thu, 19 Oct 2023 11:48:08 GMT
server: AmazonS3
x-timer: S1697720394.411973,VS0,VE0
etag: "8dac1f2fa7bae80f8dc1b861ac450e14"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 84
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 43

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 357 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 279 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ecbfb541946a9a9437190a21d98e1c7ab7d863837d7d038a9a1e053c649c8ba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 400 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 faux-apple-domain-360x200.png
cdn.arstechnica.net/wp-content/uploads/2017/04/ 27 KB
28 KB 44ms
44ms Image
image/png 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2017/04/faux-apple-domain-360x200.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d7cf19e3d2c9c192e149badd2271c1037d448c18d0e6aeeaba08ae0f95e7efca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-version-id: null
x-cf-tsc: 1697691140
x-cf3: H
x-amz-request-id: 6JRGTJ27BKTVT8NA
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1536154300:cacheN.waw1-01:M
x-cf-reqid: aeea90c3f4ae9a82f35f7dc95de7d8c3
x-amz-replication-status: COMPLETED
content-length: 28084
x-amz-id-2: 0tLQDVrRhEq5jMD6yP8JdScpJEbM70QKq17VqYaacn1FLS3a6xiUBuhosWLE1Z21hx9BFMKzxmk=
x-cf2: H
last-modified: Sat, 21 Dec 2019 00:42:49 GMT
server: CFS 0215
x-cff: B
etag: "f7fa62d5f96f229ecd37041ac7b14561"
content-type: image/png
access-control-allow-origin: *
cf4age: 91
accept-ranges: bytes

GET
H2 200 Dang.jpg
cdn.arstechnica.net/wp-content/uploads/2018/10/ 90 KB
91 KB 47ms
45ms Image
image/jpeg 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2018/10/Dang.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-amz-version-id: null
x-cf-tsc: 1697675739
x-cf3: H
x-amz-request-id: F10ZAWNST9TQP090
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 2c6e4c22f43138fcfdb0cff1840a2738
content-length: 92486
x-amz-id-2: RFBCBzh4QUKPtX8TbhUx2PI8RFXl/4TM/mNoWIeqUKi0b2c8bK3vJWcFU9VrJzV0+YgBfLIvSYI=
x-cf2: H
last-modified: Sat, 21 Dec 2019 01:48:48 GMT
server: CFS 0215
x-cff: B
etag: "03e5fec9e7ca5f8064d945bd791bd4c3"
content-type: image/jpeg
access-control-allow-origin: *
cf4age: 1198313
accept-ranges: bytes

GET
H2 200 channel-ars-be7bb52ba9.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 5 KB
5 KB 52ms
50ms Image
image/png 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/channel-ars-be7bb52ba9.png
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1688391175
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fF.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 5c09cca57bda0922fb95f1c0bd3bd0bc
content-length: 4809
x-cf2: H
last-modified: Thu, 29 Jun 2023 16:52:15 GMT
server: CFS 0215
x-cff: B
etag: "649db6bf-12c9"
content-type: image/png
access-control-allow-origin: *
cf4age: 210370
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 economica-bold-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 25 KB
25 KB 80ms
28ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-bold-otf-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617786
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 89d039ba8174894a1288806880a9351f
content-length: 25592
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-63f8"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 63007
accept-ranges: bytes

GET
H2 200 economica-regular-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 24 KB
24 KB 127ms
75ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-regular-otf-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617786
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: f70df9f2be446c7931c39942260a2316
content-length: 24264
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-5ec8"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 76212
accept-ranges: bytes

GET
H2 200 bitter-italic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 24 KB
24 KB 101ms
50ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-italic-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617786
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 1757b499371991b38022df254825f550
content-length: 24212
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:06 GMT
server: CFS 0215
x-cff: B
etag: "651ee236-5e94"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 82096
accept-ranges: bytes

GET
H2 200 bitter-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 22 KB
23 KB 103ms
52ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-regular-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617786
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 41b92b0a09d1612e42f50247f9128ba1
content-length: 22872
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:06 GMT
server: CFS 0215
x-cff: B
etag: "651ee236-5958"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 63007
accept-ranges: bytes

GET
H2 200 opensans-semibold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 19 KB
19 KB 103ms
54ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibold-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617787
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 90aa8a9afea36b0351a8a6fc1b8ad120
content-length: 18972
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-4a1c"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 63007
accept-ranges: bytes

GET
H2 200 opensans-semibolditalic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 20 KB
21 KB 123ms
74ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibolditalic-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 59201950b83489808587827b4050ffe0597992825daa88c227476cdbbf8ca282

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696611145
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: b89f1c83cb2a38bedb7ac2400ed05444
content-length: 20872
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-5188"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 56091
accept-ranges: bytes

GET
H2 200 opensans-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 18 KB
19 KB 76ms
27ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-regular-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617786
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 1e444d35172c0350206da876901149fb
content-length: 18824
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-4988"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 81447
accept-ranges: bytes

GET
H2 200 opensans-italic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 20 KB
21 KB 129ms
79ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-italic-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: c46974d8f6030e4888708b18a5d9a32b25eb765a5708896e1899df449d87aab7

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1697371518
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 2f2b1e4850e5e7a5f32b134d75eac3af
content-length: 20748
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-510c"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 339911
accept-ranges: bytes

GET
H2 200 opensans-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 19 KB
19 KB 74ms
25ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-bold-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696617787
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 7840bc25024ae4ac736b537ed11c18d5
content-length: 19516
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:07 GMT
server: CFS 0215
x-cff: B
etag: "651ee237-4c3c"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 63007
accept-ranges: bytes

GET
H2 200 bitter-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 22 KB
22 KB 126ms
77ms Font
font/woff2 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-bold-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
x-cf-tsc: 1696616783
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fB.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: eab1b46e15d797600dd9de939dd8e0d8
content-length: 22104
x-cf2: H
last-modified: Thu, 05 Oct 2023 16:20:06 GMT
server: CFS 0215
x-cff: B
etag: "651ee236-5658"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 63286
accept-ranges: bytes

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
303 B 48ms
27ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 818933714e741e49-FRA
access-control-allow-headers: Content-Type

GET
H2 200 sync Show response
gum.criteo.com/ 46 B
288 B 47ms
13ms Script
text/javascript 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:53 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 254295
expires: 60

GET
H/1.1 200
OK video_groups Show response
api.cnevids.com/v1/ 4 KB
1 KB 399ms
97ms XHR
application/json 52.7.215.88
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cnevids.com/v1/video_groups?filters={%22channel_key%22:%22arstechnica%22}&pagesize=20&endpoint=oo.arstechnica

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.7.215.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-7-215-88.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

cb52c9b5c6b4f30eb9580d4414ecd97d408ffb0579fc9792f379da7e9e43221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/*
Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Status: 200 OK
Connection: keep-alive
Content-Length: 658
X-XSS-Protection: 1; mode=block
X-Request-Id: e6316255-cab9-4fc9-80b4-02c7967768a0
X-Runtime: 0.001832
X-Backend-Node: 10.110.123.172
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"798ac2b4d49534dd28de391df2e1d8e6"
X-Download-Options: noopen
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate
Vary: Accept-Encoding, Origin
X-Frame-Options: SAMEORIGIN

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 20ms
20ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 4181
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7a75efb1-601e-0081-6c94-b47ab1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 818933720e379a35-FRA

GET
H2 200 memo.js Show response
cdn.memo.co/js/ 21 KB
7 KB 435ms
395ms Script
application/javascript 13.32.121.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.memo.co/js/memo.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4d7b91ed4a7804e22b94e4873af273def73469e80b740bd9787e287003058868

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: dIwRVCKiXrZkA8Vq0TRLD0Yyqjiw5iXT
content-encoding: gzip
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
date: Thu, 19 Oct 2023 12:59:55 GMT
last-modified: Wed, 04 May 2022 18:49:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
etag: W/"09a117df3977ec5a869191fcea2ac408"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-id: IuFU_OZezZ7H4X1jSdM8tcSVf44HQbESQghDHEiaBcWLanLO4y9SmQ==

GET
H/1.1 200
OK arstechnica.js Show response
player.cnevids.com/interlude/ 113 KB
28 KB 260ms
154ms Script
text/javascript 65.9.95.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/interlude/arstechnica.js?isRightRail=true

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-94.prg50.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

560bf130580f795cffabe8de5f2c69ec3f92921e1841ae6e55d516a046805cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies: none
X-Amz-Cf-Pop: PRG50-C1
X-Cache: Miss from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 27992
X-XSS-Protection: 1; mode=block
X-Request-Id: 3d3b9c2f-6119-4129-906c-07d27366b7fa
X-Runtime: 0.014419
X-Backend-Node: 10.110.125.120
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"9c6b0e7acf4931e890f4d67bf5a5ce21"
X-Download-Options: noopen
Vary: Origin,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: kyPQ7gY9h8KK6DK5duLFxHU5GuVi05eDr49DkMBUnQloZFeN5gBxhg==

POST
H2 200 / Show response
r.skimresources.com/api/ 167 B
385 B 45ms
15ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.19.9.1 /

Resource Hash

af06fcd260a5e139f01760a0f507354b2109969432203415e000909695ca849e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: openresty/1.19.9.1
via: 1.1 google
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 15F1 0
123 B 41ms
18ms Image
text/plain 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.18828247094455164
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
via: 1.1 google
cache-control: private, no-store
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain

GET
H2 200 px.gif
p.skimresources.com/ 43 B
276 B 51ms
15ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=7.2305686686289965
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Thu, 19 Oct 2023 12:59:54 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 51ms
15ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=7.2305686686289965
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Thu, 19 Oct 2023 12:59:54 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 v2 Show response
z-na.associates-amazon.com/onetag/ 11 KB
4 KB 135ms
25ms Script
text/javascript 13.226.89.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.89.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-89-88.prg50.r.cloudfront.net

Software

Server /

Resource Hash

7475f5c70d3b6020b6f4621b2e69fba3360bea00a913e60b085af165b93842ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 21:50:48 GMT
content-encoding: gzip
accept-charset: UTF-8
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 017ac0aeeb057314a9b1c06f8b97ba34.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: PRG50-C1
x-amz-rid: GYBJQMNJ6516AW0J125M
age: 54546
vary: accept-encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
access-control-allow-origin: *
x-amz-cf-id: FbrryFK2CsdYAtt4yQ2osSgV_nFTKWitKktjXJ1cEEeLrAvjKpGTwQ==

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
478 B 130ms
22ms Image
image/gif 2600:9000:2127:cc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adslot=cafcp_728x90_
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:cc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 14 Sep 2023 17:45:23 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 b9288402a0a891e0bbaca832ecabae60.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3006872
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: gshcl_isYBudG1Gu2tx3mjGm6-7-yecPtf_bPv89Rs6BnguFDJ5_LA==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310170101/ 421 KB
133 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310170101/pubads_impl.js?cb=31078905

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f1999dd213ea15813d6e27249169c4d54cfec7150e81ed1e1aad85d7b20202f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:37:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4963
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135205
x-xss-protection: 0
server: cafe
etag: 9147680799068891735
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 18 Oct 2024 11:37:11 GMT

GET
H2 200 iasPET.1.js Show response
static.adsafeprotected.com/ 22 KB
7 KB 87ms
22ms Script
application/javascript 2600:9000:2127:cc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/iasPET.1.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:cc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: UWTIHcIBCTlOhfqinKDA9NwqhFA8.Ocb
content-encoding: gzip
via: 1.1 b9288402a0a891e0bbaca832ecabae60.cloudfront.net (CloudFront)
date: Mon, 16 Oct 2023 09:33:20 GMT
x-amz-cf-pop: PRG50-C1
age: 271595
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Jun 2021 13:42:44 GMT
server: AmazonS3
etag: W/"51636de3ce868a2172f9e6996c2934e0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: hfwE_dqkpEaGVYUhWPG-w8bWth50yJ8YU0k07oTOizs4fOU86IKR0g==

GET
H2 200 moatheader.js Show response
z.moatads.com/condenastprebidheader987326845656/ 223 KB
79 KB 59ms
13ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f75c76aa4b70766651aec7f46e9161fe774810bffac96034dc63e5a9eed10918

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
last-modified: Thu, 05 Oct 2023 09:39:45 GMT
server: AmazonS3
x-amz-request-id: 2C0FGGWF1D4GN71Z
etag: "8084c7ed00910ec0b1440e653bef434a"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=7781
accept-ranges: bytes
content-length: 80338
x-amz-id-2: ykLqPOy9+O6K6W1EIzTG/820aiJukT5Cs5wWZsg8BzTrla15cKURt2VMJwE9Pf6kiWZfKrS1Ci8=

GET
H2 200 1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js Show response
cdn.permutive.app/ 877 KB
210 KB 77ms
32ms Script
application/javascript 2606:4700:4400::ac40:9256
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9256 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cbe47dffdb2913380b553bde4184a77fbce2a415e8e8405d348fa3bc7bfd6fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: bd1cec50-00d1-4ce9-9572-785857419a1e
age: 0
x-guploader-uploadid: ADPycduQl_nbH9miOdu1Wu06VDmQ34CaY7CvGB_vRm0mT22N0f4_VMWei4jb14EwKnc839_xTlFhdCW0O_FW9E-Rh_rQJA
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
last-modified: Thu, 19 Oct 2023 11:16:33 GMT
server: cloudflare
etag: W/"2719bef489ecb653b4a8dd2a9fd6d4cc"
vary: Accept-Encoding
x-goog-generation: 1697714193418732
content-type: application/javascript
x-goog-hash: crc32c=GgtKag==, md5=Jxm+9InstlO0qN0qn9bUzA==
cache-control: public, max-age=900
x-goog-stored-content-length: 226203
timing-allow-origin: *
cf-ray: 818933733ccf3804-FRA
expires: Thu, 19 Oct 2023 13:14:54 GMT

GET
H/1.1 200
OK condenast-amp Show response
segment-data.zqtk.net/ 321 B
569 B 143ms
35ms XHR
application/javascript 18.202.170.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://segment-data.zqtk.net/condenast-amp?url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.202.170.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-170-110.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fff8e490154cb7c1489bcd167245fdeffc9042fb1755dc1c3e824d255ef835cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:54 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: https://arstechnica.com
X-Result-Id: Bavk7oIVe3o
Cache-Control: max-age=143551
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: Sat, 21 Oct 2023 04:52:26 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 263 KB
64 KB 85ms
26ms Script
application/javascript 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c5f80cce6889f5bd1236ae540178efed729c20bf20c5afaeed6e2fa02d50323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:24:42 GMT
content-encoding: gzip
via: 1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront), 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
last-modified: Tue, 17 Oct 2023 19:57:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, PRG50-C1
age: 2112
x-amz-server-side-encryption: AES256
etag: W/"b9a7eb01b5274e82795d834c0b8154f1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: ukbG498U8O0rZJ_JyPP4whKa-RQyVd4BFXVwZvXlsbJOH3uoDAyaJQ==

GET
H2 200 prebid.min.js Show response
ads-static.conde.digital/production/cns/builds/ars-technica/ 333 KB
334 KB 34ms
33ms Script
application/javascript 2600:9000:2127:a800:17:b7d9:a700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:a800:17:b7d9:a700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b923c564473d30245b19bc93eaa384225d8ca55118931f89df58e4de539ecb77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: W1ekqYaeI9b2d39f733XZQ83XWuN4aQH
date: Thu, 19 Oct 2023 12:47:02 GMT
via: 1.1 9b9ab8e6e595847652a9158c684a8926.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 18:43:58 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 773
x-amz-server-side-encryption: AES256
etag: "bf357e4a648bea9a6ea64056718fcea6"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 341250
x-amz-cf-id: 8WIev3PccyksNGFqd07h2OaiR6wP8N7JLcaYgISP5h3ft5N9yvY2Qw==

GET
H2 200 plugin.js Show response
plugin.mediavoice.com/ 369 KB
138 KB 43ms
34ms Script
application/javascript 2606:4700::6813:9117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://plugin.mediavoice.com/plugin.js
Requested by: Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9117 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89a04f1809b96eca28e1646ccc40bfa7b714142a610b41e40082bbebca8ea6c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
via: 1.1 varnish
cf-cache-status: HIT
age: 35393
content-length: 140320
last-modified: Wed, 16 Aug 2023 13:50:07 GMT
server: cloudflare
etag: W/"64dcd40f-5c2bf"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
x-varnish: 2598430912 2598326629
cache-control: max-age=43200
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-ray: 818933730f5c9a2f-FRA
expires: Thu, 19 Oct 2023 10:26:37 GMT

GET
H2 200 condenastcorporate Show response
polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/ 208 B
429 B 57ms
37ms XHR
application/json 2606:4700::6812:7fc0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/condenastcorporate
Requested by: Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:7fc0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dc40a5096530714279199bd98ffbe44f3108bf9dd183ec74d85f69705d86e25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
server: cloudflare
etag: W/"f3cb63b5151ee861d177a2136e7d9989"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-country: DE
access-control-expose-headers: X-Country, CF-Ray
cache-control: max-age=3600
timing-allow-origin: *
cf-ray: 818933732c72371f-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b04bfd56-28cb-4e0f-af9d-d7cc72f833b0/ 275 KB
45 KB 27ms
26ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b04bfd56-28cb-4e0f-af9d-d7cc72f833b0/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f19c74770a3c3b7a1b77b663cc3f4956672bcab87aa84153bb284b480d7bdd94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 83600
content-md5: qqMrjX+oFA4SoHpH9ukLyw==
content-length: 45974
x-ms-lease-status: unlocked
last-modified: Mon, 02 Oct 2023 13:38:17 GMT
server: cloudflare
etag: 0x8DBC34CD5BC1DD0
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: af4b17c6-201e-004a-2b35-f59a0c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 818933730dfd1cbd-FRA
expires: Fri, 20 Oct 2023 12:59:54 GMT

GET
H2 200 iab2Data.json Show response
cdn.cookielaw.org/vendorlist/ 388 KB
56 KB 20ms
19ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2Data.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1eb87b27793a8954383be6ea616cd92550b0ed770cd39badd077c6cc5bd118ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: abYDkfrWpuQom2hPJTcelg==
age: 24759
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 56684
x-ms-lease-status: unlocked
last-modified: Thu, 19 Oct 2023 05:21:01 GMT
server: cloudflare
etag: 0x8DBD0632F279B7B
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 94417760-601e-0080-284c-02c685000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 818933730e011cbd-FRA

GET
H2 200 googleData.json Show response
cdn.cookielaw.org/vendorlist/ 56 KB
16 KB 18ms
18ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/googleData.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36a6a34c7aecb6ffec0a5abeac30e74bbac96825870de87139ceb8425b4d9b0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5zsj3C8kCkpgFbn9xoQgCw==
age: 22607
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 16214
x-ms-lease-status: unlocked
last-modified: Wed, 18 Oct 2023 06:05:05 GMT
server: cloudflare
etag: 0x8DBCFA02CD6A4F9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3d39ff9e-701e-008c-2e96-01518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 818933730e021cbd-FRA

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 67 KB
15 KB 22ms
22ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otTCF.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28ed651acc8b89aa0ff6d9d19d3026c41bf80b05a4a5bfbd9805e68add5e6cdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ttnLMdLBmYA6u5uFmQ7JsA==
age: 13099
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14914
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:35 GMT
server: cloudflare
etag: 0x8DB82A15C7F12C4
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 60e729a6-801e-0065-13a4-b469bb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 818933730f339a35-FRA

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
88 B 23ms
22ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.5 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 Oct 2023 12:59:54 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.5
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
375 B 19ms
18ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.5 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 Oct 2023 12:59:54 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.5
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://arstechnica.com
warning: 299 - "Deprecated API"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 datadog-logs-v4.js Show response
www.datadoghq-browser-agent.com/ 51 KB
18 KB 96ms
29ms Script
application/javascript 65.9.89.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-logs-v4.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.89.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-89-147.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 11f5637cd1e69c5416520a3f0cb75816b0207728752deb02f7f164fc8e584499

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:21 GMT
content-encoding: br
via: 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront)
last-modified: Mon, 09 Oct 2023 11:26:12 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 35
x-amz-server-side-encryption: AES256
etag: W/"44c5d2c58c3f065730a026e0868767da"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: WlTDYPRcrIRmFUw27W2b_1McmfFWhMpqCYPmlZB-14Q4kUWQmbAdKg==

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 9 KB
3 KB 17ms
17ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: IRMIKuionWyvX1I089CQ9w==
age: 56086
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2626
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:31 GMT
server: cloudflare
etag: 0x8DB82A15A246027
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: edde817a-801e-00e6-68fc-b4c916000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81893373ff251cbd-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 21ms
21ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Oct 2023 12:59:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 58098
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: c36a75b2-f01e-014c-63fb-b459ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 81893373ff271cbd-FRA

GET
H/1.1 200
OK andoncord Show response
assoc-na.associates-amazon.com/onetag/ 16 B
411 B 490ms
114ms XHR
application/json 44.215.116.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://assoc-na.associates-amazon.com/onetag/andoncord

Requested by

Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.215.116.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-215-116-28.compute-1.amazonaws.com

Software

Server /

Resource Hash

c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:55 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 7EC6FHFETPSCGN89RF65
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 16

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 528 B
707 B 139ms
54ms Script
text/html 130.162.160.243
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2Ba%24%3D!!t%2BxBk_lLgxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7B%2CNr1U*%26ujMUU9%3C%24kBjqI&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-EOU9GJ%2BZ4ONI7%2BlS9taa18sl5UMbMAFrHQZRAnlp9pAdeA91T5s1LwZtUqv15LnesVBD&rs=1-DGgZfkPjUIRx5A%3D%3D&sc=1&os=1-Uw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pcode=condenastprebidheader987326845656&rx=420342825847&callback=MoatNadoAllJsonpRequest_25102116
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.162.160.243 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 9e679dfa02058332de47b24401e7aa0b6c0bfe61ae2ededc9c937bc2bdb974de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
server: istio-envoy
etag: "9b8a3e0f358dad2a3e25fe98467035352d642fd7"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 29
timing-allow-origin: *
content-length: 528

GET
H/1.1 200
OK 5b27ee7e8c1abc4e7900000f Show response
api.cnevids.com/v1/video_groups/ 104 KB
18 KB 192ms
192ms XHR
application/json 52.7.215.88
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cnevids.com/v1/video_groups/5b27ee7e8c1abc4e7900000f?endpoint=oo.arstechnica

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.7.215.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-7-215-88.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

594fc5814367bca74a6cfa0fcd89df251a05e7e39eb324ce959b5b692354f468

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/*
Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Status: 200 OK
Connection: keep-alive
Content-Length: 17103
X-XSS-Protection: 1; mode=block
X-Request-Id: f18e9044-750f-4c83-80b0-492436a8f2ab
X-Runtime: 0.003976
X-Backend-Node: 10.110.9.231
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"3af9d0b2599cb976ec37a2cd87bff95d"
X-Download-Options: noopen
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate
Vary: Accept-Encoding, Origin
X-Frame-Options: SAMEORIGIN

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 363 B
596 B 352ms
143ms XHR
application/json 18.213.249.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=931565&slot=%7Bid:_out_of_page_0,ss:%5B1.1%5D,p:3379/conde.ars/interstitial/security/article/1,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=2f14d269-e305-78ea-d99a-507ebe35bb93&url=https%253A%252F%252Farstechnica.com%252Fsecurity%252F2023%252F10%252Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%252F
Requested by: Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.249.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-249-75.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8af9c8b099eb304043231105612df622c8ab8f1cddfa4399f769aecd700ae41e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
server: nginx
x-server-name: app11.va.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *

GET
H/1.1 200
OK recommendations Show response
api.condenast.io/v1/ 23 KB
6 KB 43ms
9ms Fetch
application/json 151.101.64.239
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.condenast.io/v1/recommendations?applicationID=cne-interlude-arstechnica&brand=arstechnica&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&filter%5Bstrategy%5D=POPULAR&filter%5BcontentType%5D=CNEVIDEO&filter%5Blanguage%5D=en-US&page%5Bsize%5D=5
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/interlude/arstechnica.js?isRightRail=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.64.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 99c59c29d85c7479fd9560f6322aedd29006e09873d353678a60cfe26644c2dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
Via: 1.1 2816426ad1adbedbdd23d4cdf80c2de2.cloudfront.net (CloudFront), 1.1 varnish
x-backend: 2SrKDXXFWNz87LdtRpzPzK--F_RECS_NA
X-Amz-Cf-Pop: FRA60-P2
Age: 264
X-Cache: Miss from cloudfront, HIT
Connection: keep-alive
Content-Length: 5209
X-Served-By: cache-fra-eddf8230020-FRA
X-Timer: S1697720395.040142,VS0,VE1
Vary: origin,accept-encoding, Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: max-age=600, must-revalidate, public
access-control-allow-credentials: true
Accept-Ranges: bytes
X-Amz-Cf-Id: mpey1mySS2b_B9dBxort7CaXNF7NBerlPNg5Mk7CyI7XdL24KXnF6Q==
X-Cache-Hits: 1

GET
H2 200 3035 Show response
config.aps.amazon-adsystem.com/configs/ 505 B
780 B 80ms
22ms Script
application/javascript 65.9.95.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3035
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-29.prg50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 321b6d434acaa0d2b57801f86fb4ad3444a8e946ac7a07453108515456c7fbcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:29:25 GMT
via: 1.1 0803e66d64c794aaadfd4a88601bc68e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: PRG50-C1
age: 1830
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 505
x-amz-cf-id: 4m9zhdpssYZaRY7aIlAD-Y7eIWIJunbhHOuhyDauOgX_dUJe4x7D0A==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 321 B
678 B 24ms
24ms XHR
application/json 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3035&u=https%3A%2F%2Farstechnica.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: Server /
Resource Hash: b6219572ff2614c0f7b38815e5f2d8bac96c758d0e455152d2afd7f417395dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 10:45:36 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: PRG50-C1
age: 8059
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://arstechnica.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 321
x-amz-cf-id: bKnZgovhLXKQ-FCjPYxoCWcaZSyCjbMZLyk_TGV8B1sNC_Ww5-hGiw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 66ms
22ms XHR
application/javascript 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 2a9856881d192b485d1bf1928e98c7ec.cloudfront.net (CloudFront)
date: Thu, 19 Oct 2023 03:00:56 GMT
x-amz-cf-pop: PRG50-C1
age: 36596
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: Txz-60vSzpWlV8eJm7Ac9FvC9G5KwGbHOASwPaS9PRQxw-ujVP5bjQ==

GET
H2 200 impl.20231017-7-RELEASE.js Show response
cdn.taboola.com/libtrc/ 813 KB
169 KB 7ms
6ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20231017-7-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 73b4424d2202e9f35bc51ef07a84e4f2ca17e5c73fb20a25869eb92ae379e2b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: kWTGf8NvWbb5LFVDeZErjvUZoExbKdv8
content-encoding: br
via: 1.1 varnish
date: Thu, 19 Oct 2023 12:59:55 GMT
x-amz-request-id: 5485VPXHM2MYWHW9
age: 14086
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 172298
x-amz-id-2: 4RQQHVFCyQRh/wX4iKGP6SU4EJ5o5sC1bqxuX3ELPOEqIEAyt7Bbhswp+aoYui84a+7qLAyNkjI=
x-served-by: cache-fra-eddf8230123-FRA
last-modified: Tue, 17 Oct 2023 09:04:04 GMT
server: AmazonS3-br
x-timer: S1697720395.065466,VS0,VE0
etag: "3bda92b29c116dc4e083c00e4076691d"
vary: Accept-Encoding
content-type: application/javascript
abp: 0
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 52940

POST
H2 200 json Show response
trc.taboola.com/condenast-arstechnica/trc/3/ 14 KB
6 KB 247ms
234ms XHR
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/condenast-arstechnica/trc/3/json?llvl=2&tim=14%3A59%3A55.066&lti=trecs&pubit=n&t=1&data=%7B%22cmps%22%3A2%2C%22id%22%3A%2229905%22%2C%22sd%22%3A%22%22%2C%22ui%22%3A%22%22%2C%22ii%22%3A%22%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%22%2C%22it%22%3A%22text%22%2C%22vi%22%3A1697720395066%2C%22cv%22%3A%2220231017-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%2C%22qs%22%3A%22%22%2C%22bv%22%3A%220%22%2C%22btv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%2C%22vpi%22%3A%22%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A5611%2C%22sde%22%3A%221.000%22%2C%22lt%22%3A%22trecs%22%2C%22nsid%22%3A%22condenast1-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%20-%20AT%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%20-%20AT%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a-6x1%3Apub%3Dcondenast1-network%3Aabp%3D0%22%2C%22cd%22%3A5125.81%2C%22mw%22%3A1220%7D%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22cacheKey%22%3A%22text%3D%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2CBelow%20Article%20Thumbnails%20-%20AT%3Dthumbnails-a-6x1%3Apub%3Dcondenast1-network%3Aabp%3D0%22%2C%22_cn%22%3A%22tions_1%22%2C%22lbt%22%3A1697716082314%2C%22wc%22%3Atrue%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cb3c6a5bc33d3a117399eeec983c237f522b07b09c6e8bee029c470d0e3c2c32

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 227
date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.5125000000000001
x-fastly-to-nlb-rtt: 7256
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230123-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1697720395.083373,VS0,VE227
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 pxid Show response
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/v2.0/ 46 B
392 B 44ms
16ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/v2.0/pxid?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 6e6f8951f1ba803727cb0d4513d7a2dc6084d8c6cbadbf9f5563809c2ac7c69d

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66

GET
H2 200 getuidj Show response
ib.adnxs.com/ 11 B
572 B 45ms
13ms XHR
application/json 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 Oct 2023 12:59:55 GMT
an-x-request-uuid: d7e1da97-7b27-43b1-bb01-50d322800904
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.141.152.73; 45.141.152.73; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 0
0 296ms
94ms Preflight 34.224.24.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.224.24.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-224-24-192.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arstechnica.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 19 Oct 2023 12:59:55 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 recordVendorsLoaded Show response
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 0
128 B 94ms
94ms XHR
text/plain 34.224.24.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.224.24.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-224-24-192.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 19 Oct 2023 12:59:55 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
BLOB 200
OK 714d923f-a8ce-4430-8dcc-2298ba85dc9b
https://arstechnica.com/ 529 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/714d923f-a8ce-4430-8dcc-2298ba85dc9b
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 574e672fde70ecc8ae2056445db161deeff93a0a8da82fdf4f8874faeedfe17b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 541375
Content-Type

GET
BLOB 200
OK 52a6bf88-2eb3-4614-b4a5-9366765ce8d0
https://arstechnica.com/ 529 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/52a6bf88-2eb3-4614-b4a5-9366765ce8d0
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 574e672fde70ecc8ae2056445db161deeff93a0a8da82fdf4f8874faeedfe17b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 541375
Content-Type

GET
H/1.1 200
OK 60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093 Show response
player.cnevids.com/script/video/ 69 KB
23 KB 139ms
139ms Script
text/javascript 65.9.95.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-94.prg50.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

0c8c07e82ad5ddc89d7daf1fc82afa3352be27b7a9c479f50e8c42511774a7ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies: none
X-Amz-Cf-Pop: PRG50-C1
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Status: 200 OK
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Request-Id: f2896c71-1d9c-4f1f-b9d0-8f8a3497ffcc
X-Runtime: 0.004174
X-Backend-Node: 10.110.125.120
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"9086d3327bdf41f4dc0650e6eac06a8f"
X-Download-Options: noopen
Vary: Origin,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: uq293Ucc_CyTl6jgJgJlPn7mDbrk_guGeSBpTQKMtwb7GfeqjVy_ZQ==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1621877260/ 11 KB
12 KB 88ms
26ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

0396be2ab58ec30babd0838d7e37d6407475d4361be85ee7451dbac9186add57

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 10 Oct 2023 04:51:49 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 806886
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11625
Last-Modified: Thu, 20 Jan 2022 21:51:37 GMT
Server: Cloudinary
ETag: "0b80752552abdab1277829e7a4b2824a"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: hH4BLCygTjnrzvtHwkr_sN5qycOjAu9-jRd3xKSn_cMuNmCK9u1SQw==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-the-warhammer-40k-universe-answered-by-author-dan-abnett.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1620135390/ 14 KB
15 KB 89ms
27ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1620135390/arstechnica_unsolved-mysteries-unsolved-mysteries-of-the-warhammer-40k-universe-answered-by-author-dan-abnett.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

a2bd43c80adc73ae26472a90ec3bd9df44a5b7d2dafb133b8660efd800c719b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:41:47 GMT
X-Content-Type-Options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293488
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14620
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: Cloudinary
ETag: "7996e22c04be37a8677bb680607e6d12"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: oQx3YIJqRZ1omNWRmtikCAVu17a1_FoP2aIrMfFUhxorlJeBHB2kew==

GET
H/1.1 200
OK arstechnica_sitrep-f-16-replacement-search-a-signal-of-f-35-fail.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1619531614/ 5 KB
6 KB 91ms
29ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1619531614/arstechnica_sitrep-f-16-replacement-search-a-signal-of-f-35-fail.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

85c33811c2b04e4e02babe2fd6bd7ac0035f93e95827116429bbda2cf9c6c95d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:52:43 GMT
x-content-type-options: nosniff
Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292832
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 5242
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: cloudflare
ETag: "cfdeb1a825aca3ca1bf9ab3727325d27"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810a51333bc03837-FRA
timing-allow-origin: *
X-Amz-Cf-Id: ciTYfEQIX6PIVnJ4WXCLfdffw3ScXemkfaGKefmp46Drmjz_J4TS6A==

GET
H/1.1 200
OK arstechnica_sitrep-boeing-707.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1615574323/ 12 KB
12 KB 95ms
34ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1615574323/arstechnica_sitrep-boeing-707.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

571479d52cd675db5573fe46973c62cba6d8224a76136fcefeb90f7dc42a6391

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 19 Sep 2023 19:31:04 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 2568531
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11899
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: cloudflare
ETag: "49fd6cf75b5acbe4ea95126496406585"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 80943f2fee0c364b-FRA
timing-allow-origin: *
X-Amz-Cf-Id: FfsDbVTJFgP3sVtr45gWYB504MHq92OimwA_KmtfpjfcjLCUVMAmng==

GET
H/1.1 200
OK arstechnica_steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1611089409/ 16 KB
17 KB 87ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1611089409/arstechnica_steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

06b33c040105224101afcdaacd82b6dfb3ea1bf9ef3d7478cf5fa163a0ad65e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:48:45 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293070
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 16317
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: Cloudinary
ETag: "4796345150de82db7572da4e13d5fbc1"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: WEeeDnXrCAmeZMGKgyFeuOTZLHOQs4JjzPE_0Hx2smJa72qh0u8wOw==

GET
H/1.1 200
OK arstechnica_modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1607984287/ 14 KB
15 KB 89ms
28ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1607984287/arstechnica_modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

de5e37739b5797e8ba9dba4a2dcb65f37c36a65fe839cb306162e21c74ba166e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:44:59 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293296
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14171
Last-Modified: Thu, 20 Jan 2022 21:51:37 GMT
Server: Cloudinary
ETag: "7f2bf661d68cedfcf91542c6e1dab7c6"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: KPquO-G8w_l_VqNBEmM8B6D8OXTh_-L8z_-pre-RLmtjjhFN-bRHQw==

GET
H/1.1 200
OK arstechnica_war-stories-gail-tilden.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603899385/ 15 KB
16 KB 25ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603899385/arstechnica_war-stories-gail-tilden.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

7d91c04c657709af03f6dad61d375c3208d18ab5ff7851c2472007dc05201342

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:46:48 GMT
x-content-type-options: nosniff
Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293187
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15071
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: cloudflare
ETag: "1f4aa6187c59e6ed79d0c3a2a0bc19d9"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810a6bcf3a716903-FRA
timing-allow-origin: *
X-Amz-Cf-Id: Mt186G8Id3Y0UHluxD_sB0uNGPixD-5azNp51g0Wr3eKK87Ophxnog==

GET
H/1.1 200
OK arstechnica_personal-history-scott-manley.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603123470/ 14 KB
15 KB 24ms
23ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603123470/arstechnica_personal-history-scott-manley.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

1f466b08649eef5ad16c20f6d7207bf8818cb107b6241950dbc568cdffc03d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 14:01:17 GMT
x-content-type-options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292318
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14113
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: cloudflare
ETag: "963bf0b22c745f95a06f32ee1317b872"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 80fccc20f8ac3619-FRA
timing-allow-origin: *
X-Amz-Cf-Id: weoTBXD9EYZ3nJyAjbXt6qZQMWGQqG8wU4_ydqw4Qm_lXf4OsR9v0Q==

GET
H/1.1 200
OK arstechnica_scare-tactics-thomas-grip.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1602524702/ 15 KB
16 KB 25ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1602524702/arstechnica_scare-tactics-thomas-grip.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

617e0f9fee7ef0ca891735246b4b5a61caa3622db4a4256685b061c9f43bd053

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 07 Oct 2023 14:01:54 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1033081
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15079
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: Cloudinary
ETag: "d57f99149a48173e30de572cfa48ed93"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: 3DJjG9cDqn7Srv8W1w_e7WQBUQL7xL72xXBKWu91997TTMyR0aMz8Q==

GET
H/1.1 200
OK arstechnica_personal-history-lgr.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1600711530/ 14 KB
15 KB 26ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1600711530/arstechnica_personal-history-lgr.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

29637e0647104ccc5d5583e652db29ce99e947c858c3d9502960e7ea7f1aea19

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Thu, 05 Oct 2023 04:48:37 GMT
x-content-type-options: nosniff
Via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1239078
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14772
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: cloudflare
ETag: "4049b10cd3281951b01beb4f36134234"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 8112dd45693c3722-FRA
timing-allow-origin: *
X-Amz-Cf-Id: lkrAGFjXK_cHRVEBGgiGRlE6g2xe7-d9Klk9dVbf8Uha3J4Xmoc9Dw==

GET
H/1.1 200
OK arstechnica_the-f-35-s-next-tech-upgrade.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1598890591/ 3 KB
4 KB 27ms
26ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1598890591/arstechnica_the-f-35-s-next-tech-upgrade.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

3b0209841325362235c221628e471145726897e4e1c9b210b6e6b2217fdf2ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 19 Sep 2023 19:31:04 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 2568531
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 3374
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: Cloudinary
ETag: "3f16924a1fdff64e971a0491115fc147"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: YxxKqTdKV2j0Z9OKj2Q3hlzrgcJgQSL-LAUejWl2woOoEIlXiicF0A==

GET
H/1.1 200
OK arstechnica_war-stories-diablo.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1597686086/ 14 KB
15 KB 27ms
26ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1597686086/arstechnica_war-stories-diablo.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

aa3b9513abbbf65a2c8483122648fce1b39b1afa2a69bdf863242f1411baba58

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 19:17:56 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1100519
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14667
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: Cloudinary
ETag: "d4de63ae8b9ef5b77ad58eaae97d7d02"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: Szj9OS42YF-Mf17YdkWrPns1h_bjpsp5PwaC6bCcGpREDj9QtL6Ygg==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-mortal-kombat.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1596476950/ 11 KB
12 KB 25ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1596476950/arstechnica_unsolved-mysteries-unsolved-mysteries-mortal-kombat.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

0b5c6a8d4a856db56da956eced8af9a5eb6e0a89dc67de5ffc4c83513472a3cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:58:04 GMT
x-content-type-options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292511
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11486
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: cloudflare
ETag: "7a8a596aae95c9a900261808554523e6"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810a655d8e128ff8-FRA
timing-allow-origin: *
X-Amz-Cf-Id: rbYkjcZuKFiknJN1p4dsqx-Di54pH2nqK52Xl0NDhMg78mNI4bOLUg==

GET
H/1.1 200
OK arstechnica_us-navy-gets-an-italian-accent.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1595427354/ 6 KB
7 KB 25ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1595427354/arstechnica_us-navy-gets-an-italian-accent.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

85db95dbe15c810a710ca6d9094a2a29f2eeea05791cc7aaab7af8939684b978

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 29 Sep 2023 17:38:15 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1711300
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 6124
Last-Modified: Thu, 20 Jan 2022 21:51:46 GMT
Server: Cloudinary
ETag: "51113bf4443c0cf453d0e8bf60489ac7"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: yqAYlU15F3Me1BG_Hp6O3XaGvuzJ4flJ9oNqCfXAhTcuQ4q5hlKb9w==

GET
H/1.1 200
OK arstechnica_war-stories-war-stories-undone-w-slash-hisko-hulsing.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1594656439/ 10 KB
11 KB 26ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1594656439/arstechnica_war-stories-war-stories-undone-w-slash-hisko-hulsing.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

e74b9cb9d8871d300d2a1d36ce2cd00dfbfe0c5d8066d1d415c4ce620a919d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:51:49 GMT
X-Content-Type-Options: nosniff
Via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292886
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10345
Last-Modified: Thu, 20 Jan 2022 21:52:15 GMT
Server: Cloudinary
ETag: "60622b64688dbb49917234d4091856fb"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: HKlivIoL7D2I9qAxeb-E2tdsBWpTjaMO_wPeXk5shWQT1rgjKtSxhw==

GET
H/1.1 200
OK arstechnica_fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1593453234/ 15 KB
16 KB 27ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1593453234/arstechnica_fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

9431bc6d1a6d036a70c92dfc9000d7965f939671a59705bdd01c3e652048ed9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 06:53:53 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 540362
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15307
Last-Modified: Thu, 20 Jan 2022 21:49:07 GMT
Server: cloudflare
ETag: "324e15e8b7d3edd23ffbf5df0a1a9e77"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 8155ab08ae009164-FRA
timing-allow-origin: *
X-Amz-Cf-Id: gIeEuaosPM2Q4oZ6NUna0hDTtgFp-eQdHV8VRu-208m4x2jF464VQQ==

GET
H/1.1 200
OK arstechnica_war-stories-war-stories-nba-jam.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1592315288/ 14 KB
15 KB 29ms
27ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1592315288/arstechnica_war-stories-war-stories-nba-jam.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

5be5b0170ad4bbd2be91182d137933e7de9c7e86b09ec855a4bac015ebfd746f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:41:48 GMT
x-content-type-options: nosniff
Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293487
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14149
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: cloudflare
ETag: "bd63326fa81d10df9e2da1245d3c122c"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810a6bd13ca81d8a-FRA
timing-allow-origin: *
X-Amz-Cf-Id: er3UxJfDLZeXZIKMccbckwPuzlNOk_UUz3Xeop3P1u4KDPPR7p_IDQ==

GET
H/1.1 200
OK arstechnica_linus-tech-tips-reacts-to-his-top-1000-youtube-comments.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1591804041/ 9 KB
10 KB 27ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1591804041/arstechnica_linus-tech-tips-reacts-to-his-top-1000-youtube-comments.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

e8830a414dfeb4c0e0f519d3419f69849df9226f329357c938333dbf2c956f63

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:48:48 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293067
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 9054
Last-Modified: Thu, 20 Jan 2022 21:49:07 GMT
Server: Cloudinary
ETag: "b17d3aab70cb56fbf2df892c8415ab16"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: 4b13TenQObD25BlRwiKXyY99IQbTVDoGhCZr-0H5XEM1u6JotdXF6A==

GET
H/1.1 200
OK arstechnica_war-stories-how-alan-wake-was-rebuilt-3-years-into-development.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1589408118/ 11 KB
11 KB 23ms
21ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1589408118/arstechnica_war-stories-how-alan-wake-was-rebuilt-3-years-into-development.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

3f2cf5f857c617761a251ceef8f6ed452a7690e21f16eff0a70dddf9beea8633

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:41:48 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293487
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10817
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: Cloudinary
ETag: "9417ada34c9b6b07ccd41a463b717969"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: n1ebIDuKjQSRzSAFlQbnIHMr5W0J1VwkZLnc6ekv7ArD5l2WfivARw==

GET
H/1.1 200
OK arstechnica_war-stories-prince-of-persia.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1584454477/ 15 KB
16 KB 26ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1584454477/arstechnica_war-stories-prince-of-persia.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

56f8838a24cb0cc47dc34a19d6b84d6ce8bf8086b1682bbb990abc13b1e2da65

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 04:28:54 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1240261
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15682
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: Cloudinary
ETag: "e9cccef2a4a4cf217be0ba162f6b4296"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: KSZR9zX26SwKQI_SVSlxavV6FrSXFTY3tvC1Cfy94wLunliVLiyPcg==

GET
H/1.1 200
OK arstechnica_war-stories-how-crash-bandicoot-hacked-the-playstation-to-run.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582755533/ 17 KB
18 KB 32ms
31ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582755533/arstechnica_war-stories-how-crash-bandicoot-hacked-the-playstation-to-run.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

46a9ddb1f206a46900872e0a832750ae06925528f81883a3d3517fdb42aefb6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 19:17:56 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1100519
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 17475
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "7588b83c6eb2a1165344abad7e12e715"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: h6OiOulryCzw-Byzj7S6OA20hyVFJTElfFbM2Lem41FrB45AYYRJlw==

GET
H/1.1 200
OK arstechnica_war-stories-myst.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1580223113/ 13 KB
14 KB 24ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1580223113/arstechnica_war-stories-myst.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

1bf55bc00dbf13180884211c3d301729e67b81f3456225c1fbf97d271d636509

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Sun, 08 Oct 2023 08:16:26 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 967409
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13522
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "ed8c6a9aa19e7d5c7aa46a3aead23a87"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: hX6fKXAZfN_cPzic2LjIEvad-XFyQUreRB0pjKpMiTaGERUkcch4zA==

GET
H/1.1 200
OK arstechnica_markiplier-reacts-to-his-top-1000-youtube-comments.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1579194313/ 9 KB
9 KB 23ms
22ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1579194313/arstechnica_markiplier-reacts-to-his-top-1000-youtube-comments.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

e336ff50623cff960c2396944be4392139f63dcc032e5f3428d81489fdfe697a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:52:58 GMT
x-content-type-options: nosniff
Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292817
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 8832
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "2bad386c14ac040d530ceb2ae89c8bbb"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 8109b1ccaa379119-FRA
timing-allow-origin: *
X-Amz-Cf-Id: opQDEtqpJKJSff4ud5NnenwSM-bWl2Wf6TATg7k6hNyVNyBRGN_wrg==

GET
H/1.1 200
OK arstechnica_war-stories-war-stories-oddworld.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582815531/ 12 KB
13 KB 23ms
22ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582815531/arstechnica_war-stories-war-stories-oddworld.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

1097abb6f0992cccc79428374463e7f23b99dae5eb85d7317b20bd57c96031bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:51:49 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292886
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 12614
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "4a7903cbe66890b5688d843661943ccd"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: Ssa_si4RS1M0F2bTLoLRWLIdZaFj08wfUnPoAxOFaoonH0CnN7G4Kg==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1573140819/ 11 KB
12 KB 25ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1573140819/arstechnica_unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

de24551bd4396fc8579b2d87ce01944553dd48fb52775d14373725a50efa0c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:50:43 GMT
x-content-type-options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292952
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11417
Last-Modified: Thu, 20 Jan 2022 21:52:15 GMT
Server: cloudflare
ETag: "3e8509d06c6610d54babcac0d91e5d93"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 8109ba70a86d1c40-FRA
timing-allow-origin: *
X-Amz-Cf-Id: SbJpswrkvDnX1QdDhJWyJ6gzVMQdB6-7m_KlpH1W9MlG-zpERm6zEg==

GET
H/1.1 200
OK arstechnica_war-stories-civilization.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1569003425/ 16 KB
17 KB 28ms
28ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1569003425/arstechnica_war-stories-civilization.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

1c7dcc8216c6f82da2998ceeac2523632c7f9bffe510824b6d082621201f2012

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:50:40 GMT
x-content-type-options: nosniff
Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292955
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 16236
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "72002610618f7bf8bf0e52c760e39897"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810540518f6e37d1-FRA
timing-allow-origin: *
X-Amz-Cf-Id: 7i7eTMdda7JrEssA3mQ9NG11baQP0b23kw-BV8Exwc4GGxHWuRBVOw==

GET
H/1.1 200
OK arstechnica_sitrep-dod-resets-ballistic-missile-interceptor-program.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1568662260/ 11 KB
11 KB 23ms
22ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1568662260/arstechnica_sitrep-dod-resets-ballistic-missile-interceptor-program.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

7fc88c65d46e83b3f3e9f098f05fd639480332fc3718cd714725e2e4633af4e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 27 Sep 2023 22:15:46 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1867449
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10793
Last-Modified: Thu, 20 Jan 2022 21:51:46 GMT
Server: cloudflare
ETag: "0e1ff58ccf6d97759de3d774a7ff835a"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 80d71b758ce43735-FRA
timing-allow-origin: *
X-Amz-Cf-Id: sMSRYT5kZMKkQNyw6_cjbfTW567PdE4T2fwOeQWz4d4m0i0-KQt-og==

GET
H/1.1 200
OK arstechnica_warframe-reviews.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1561556730/ 14 KB
15 KB 24ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1561556730/arstechnica_warframe-reviews.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

83a366075eb2387c6d9f848f42b08df0546027333eccf5813edf95ba45709be2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:50:40 GMT
x-content-type-options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292955
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14837
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "1d90d6aef7585f963e1270a1a02a4dd4"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810a66b7ff05364e-FRA
timing-allow-origin: *
X-Amz-Cf-Id: JtuIIxO25cl8BqnCniYnQcJaamWowrooTad6Op6UCWt7Q53iSXXfWg==

GET
H/1.1 200
OK arstechnica_war-stories-subnautica.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1559747425/ 15 KB
16 KB 23ms
23ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1559747425/arstechnica_war-stories-subnautica.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

20660a9ef7ec454c15b2dc62b3db084e0cc9f74c5bb6de71a96fb1a54aef00f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Thu, 05 Oct 2023 02:51:41 GMT
x-content-type-options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1246093
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15222
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "8c45b6c645caba59f4b14d3fbdc09062"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 81124c1afd359018-FRA
timing-allow-origin: *
X-Amz-Cf-Id: vCJUEH2UU8DswYP6M6kTab1Y4duPnJD9Xg95x5FZc6s4YY2tZlSxAg==

GET
H/1.1 200
OK arstechnica_war-stories-slay-the-spire-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1556741487/ 15 KB
16 KB 25ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1556741487/arstechnica_war-stories-slay-the-spire-war-stories.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

f9d9e96c4439beeca49a1a10f9dffe6f5cd0b604d13aa13af170d0bc62d8ca1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:40:35 GMT
X-Content-Type-Options: nosniff
Via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293560
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15634
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "abee90e53f29ba0127fca9442ab50902"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: CPVsZfuO03xqdFKqvrQIPWCFfnM4IAmoC49P1KLnTITCuDLBWUlmKA==

GET
H/1.1 200
OK arstechnica_war-stories-amnesia-the-dark-descent-the-horror-facade.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1555359865/ 15 KB
16 KB 24ms
23ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1555359865/arstechnica_war-stories-amnesia-the-dark-descent-the-horror-facade.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

1defb6bc54a7ee9c066136908360e8455c23ee9ad0dec9924e7255d7948cd4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Sat, 07 Oct 2023 11:32:27 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1042048
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15251
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "3e7cdc13e718680bf5e1efa64468b560"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: KVNdEfpae2VvNfvrnHZ2kRaHS8Bw5TOb-nQ3pqjhk4W2eRvB-6D6AQ==

GET
H/1.1 200
OK arstechnica_war-stories-c-and-c-tiberian-sun.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1551193450/ 19 KB
19 KB 25ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1551193450/arstechnica_war-stories-c-and-c-tiberian-sun.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

27348ba4b98bd80f1038496ec5dea6ad865680540058fb085b8ca199b8aaf4c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 14:09:05 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1291850
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 19022
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "fe52b9acd391d8bee8de15a0f429b377"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: PkpjQsFWp9pUOkZfSCwub-PYHyRUD9aRGpmi-bPLK0VFfGMQ8MZqYg==

GET
H/1.1 200
OK arstechnica_war-stories-blade-runner-skinjobs-voxels-and-future-noir.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1550244434/ 18 KB
19 KB 25ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1550244434/arstechnica_war-stories-blade-runner-skinjobs-voxels-and-future-noir.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

8b72952d3fd656ee6594f0d9735d928113ad1d590705b14f77abf75f1d4d5d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:40:35 GMT
x-content-type-options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293560
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 18172
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "32f1b8954559c8d598e9861f5b8360b9"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 810540519bfe9b7a-FRA
timing-allow-origin: *
X-Amz-Cf-Id: C_fPPv3tsTCntRRkyxyJeFJGCUgYzMs71dsWOOmQVxdKiPJoHG4qVw==

GET
H/1.1 200
OK arstechnica_war-stories-dead-space-the-drag-tentacle.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/ 7 KB
8 KB 22ms
22ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/arstechnica_war-stories-dead-space-the-drag-tentacle.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 29 Sep 2023 17:38:15 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1711300
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 7393
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "17a6e4b5eb75eb12f5d8c89eb3d0ace8"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: gdCW6HVu98KgFXgDxBZeay4qOglnuEMXusvlDbvoq7ehFknqil8Q6Q==

GET
H/1.1 200
OK arstechnica_teach-the-controversy-flat-earthers.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/ 10 KB
11 KB 24ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/arstechnica_teach-the-controversy-flat-earthers.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:53:09 GMT
X-Content-Type-Options: nosniff
Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292806
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10595
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: Cloudinary
ETag: "6c0c4f8a9d61ed2b5863a8058c624a37"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: CHqi8kwgKj2-Ug-UK8VOjvy-nJ5t0CQYYzwbDW2ZDWjqKLEie3PPgw==

GET
H/1.1 200
OK arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/ 12 KB
13 KB 25ms
25ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 19:17:57 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1100518
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 12509
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: Cloudinary
ETag: "b9c502ffc902b60d0eb13698b37a945d"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: fcCPz_HcfqpN13lac9Y0yHnWD0gf4LYns6iegIkdyvsKeC7Fd1mBOg==

GET
H/1.1 200
OK arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/ 7 KB
8 KB 22ms
22ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

cloudflare /

Resource Hash

3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 10:58:33 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1994482
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 7181
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: cloudflare
ETag: "0549828edcecd339d8d10ebe6119de70"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 80cafe0f0bec18e6-FRA
timing-allow-origin: *
X-Amz-Cf-Id: 1tvaQOyVSC0vAJm_If1TIztNPLQVllEAKmlFyFpYdRim1wljV0c4Lw==

GET
H/1.1 200
OK arstechnica_apollo-mission-episode-1.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/ 14 KB
14 KB 24ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/arstechnica_apollo-mission-episode-1.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 14:04:40 GMT
X-Content-Type-Options: nosniff
Via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1292115
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14040
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: Cloudinary
ETag: "ecc047c6eed3dc571a78eab647201220"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: qwxtewI0TR8NUZ_yFFcVBXFoxSMVoSEG5UV1xFFVp-TCwhoCatqlNw==

GET
H/1.1 200
OK arstechnica_richard-garriot-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/ 14 KB
14 KB 24ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/arstechnica_richard-garriot-war-stories.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 13:45:39 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1293256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13885
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "13d45a1733ad4d2f3ae707584d6a8a32"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: 5OjUL2t6aW7SqdWqvFRnaq8cZj-Hw_7n505r3noCgjvuL2fni1QHMw==

GET
H2 200 geoip Show response
permutive.arstechnica.com/v2.0/ 254 B
363 B 92ms
15ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 6a2bb1023400cca8ae0171e8789a54ccac0cc4e10eb8908b7d51eb10a45ce1b9

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170

POST
H2 200 watson Show response
permutive.arstechnica.com/v2.0/ 483 B
353 B 93ms
16ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/watson?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: fcc123da3f9e6bae17bdf90095e0195a633a56fb312a49eaad731594b6f073dc

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 287

GET
DATA 200
OK truncated
/ 408 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK n Show response
elsa.memoinsights.com/ 371 B
1 KB 413ms
99ms Script
application/javascript 35.173.112.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://elsa.memoinsights.com/n?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&author%5B%5D=Dan%20Goodin&title=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&date=2023-10-19T04%3A50%3A35Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cb=MEMO.API.callbacks.cbfxwwsyah&v=v3.0.6
Requested by: Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.112.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-112-203.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: f0c8f43da8b86a152ddcd6dbfe674781757e9fb536f74a4c8dc413616d4de7d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64, Sec-CH-UA-Form-Factor
server: istio-envoy
content-type: application/javascript
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 255

GET
H2 200 1dfc40bb-d155-4f15-970e-99450dbfa0e2-models.bin Show response
cdn.permutive.com/models/v2/ 352 KB
240 KB 69ms
37ms XHR
application/x-binary 2606:4700::6811:7611
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/models/v2/1dfc40bb-d155-4f15-970e-99450dbfa0e2-models.bin
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7611 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33df84feb984549e7bd1a9bbc0acc1a6dc524aefcd9cc856501a60ae85879cab

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-oid: bd1cec50-00d1-4ce9-9572-785857419a1e
age: 0
x-guploader-uploadid: ADPycdt50cfqZPOldychgmlKRBWbPTpPbbJrWCq56uqN5InJYRqxrWdolemCyIUEAlZ_wO_w8wYNFlugZJwm2pj32BdRgnzm8p9h
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 244439
last-modified: Thu, 19 Oct 2023 11:16:37 GMT
server: cloudflare
etag: "a697dd564b2d70b28f77831ffcee953a"
vary: Accept-Encoding
x-goog-generation: 1697714197761517
content-type: application/x-binary
access-control-allow-origin: *
x-goog-hash: crc32c=OU8+dg==, md5=ppfdVkstcLKPd4Mf/O6VOg==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=900, no-transform
x-goog-stored-content-length: 244439
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 818933766a7b5d80-FRA
expires: Thu, 19 Oct 2023 12:57:56 GMT

POST
H2 200 identify Show response
permutive.arstechnica.com/v2.0/ 50 B
352 B 36ms
21ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/identify?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 8f1c2790892b813bd61cfd4de2806aead296679e8daf7e15155f8f8a428fd7e0

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70

POST
H2 200 segment Show response
permutive.arstechnica.com/adv/v2/ 14 B
78 B 32ms
26ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/adv/v2/segment?new-session=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Thu, 19 Oct 2023 12:59:55 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/condenast1-network/ 309 KB
79 KB 25ms
7ms Fetch
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef6ff5f0c4b32cd4482ed02e3b1b80194dbd1fa477675008b793b71e31074f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: czxR6vvv47MyHGcO1tLBoIAauPOUg42g
content-encoding: gzip
via: 1.1 varnish
date: Thu, 19 Oct 2023 12:59:55 GMT
x-amz-request-id: CJ5F1VVDRJTC5VBZ
age: 4307
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 80221
x-amz-id-2: yMEWiSEq2IFzfkW80xS1j89WClpMvROi9fWkb74EkTrmgq+/UxIBr2P1zjeYuZt4zgkbdFa1WL4=
x-served-by: cache-fra-eddf8230114-FRA
last-modified: Thu, 19 Oct 2023 11:48:08 GMT
server: AmazonS3
x-timer: S1697720395.354459,VS0,VE0
etag: "8dac1f2fa7bae80f8dc1b861ac450e14"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 92
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 49

POST
H2 204 metrics
am-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
245 B 57ms
16ms Ping
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-trc-events.taboola.com/condenast-arstechnica/log/3/metrics?route=AM%3AAM%3AV&lti=trecs
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arstechnica.com
pragma: no-cache
date: Thu, 19 Oct 2023 12:59:55 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 204 abtests
am-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
246 B 56ms
15ms Ping
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-trc-events.taboola.com/condenast-arstechnica/log/3/abtests?route=AM%3AAM%3AV&lti=trecs&ri=3278f53133d90ff541eb874dd071ed95&sd=v2_a2944b5fb7e1cc3ffc47cc62478d5e9a_699ae44c-5d71-4ad0-b120-81502fa3145a-tuctc2aadcb_1697720395_1697720395_CNawjgYQ1O1cGLrKlcC0MSABKAEwODib4wlAgooQSK652QNQ____________AVgAYABo6M-UzoD43eJUcAA&ui=699ae44c-5d71-4ad0-b120-81502fa3145a-tuctc2aadcb&pi=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&wi=-6957810810529006185&pt=text&vi=1697720395066&tim=14%3A59%3A55.336&id=58886&llvl=2&cv=20231017-7-RELEASE&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22brsd%22%2C%22type%22%3A%7B%22esv%22%3A%22ES2021%22%2C%22c%22%3Atrue%2C%22ss%22%3Atrue%2C%22ls%22%3Atrue%7D%2C%22eventTime%22%3A1697720395336%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arstechnica.com
pragma: no-cache
date: Thu, 19 Oct 2023 12:59:55 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H/1.1 200
OK embed-api.json Show response
player.cnevids.com/ 11 KB
5 KB 84ms
37ms Fetch
application/json 65.9.95.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/embed-api.json?videoId=60abade4dc31e5375248cba6&embedLocation=arstechnica

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-94.prg50.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

d0883dc51f5a465d72c91dc84ff0f9bd25913fe00718e16ce7e18a5c54ed2c50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:58:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 79ba346413d83ce62db11c8d0b05c22c.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies: none
X-Amz-Cf-Pop: PRG50-C1
Age: 94
X-Cache: Hit from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 3808
X-XSS-Protection: 1; mode=block
X-Request-Id: 74dcc568-fbfc-45a6-9486-c5935817432f
X-Runtime: 0.018158
X-Backend-Node: 10.110.12.66
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"77f7608fe0767ed27f010b2d4a1733c7"
X-Download-Options: noopen
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=300, public
Vary: Origin,Accept-Encoding
X-Amz-Cf-Id: samrv-j1CpvMYSjChcTtiWXT9Ozr9WbMga7vCM9nVAofsBTHdp7MRQ==

GET
H/1.1 200
OK onetag Show response
assoc-na.associates-amazon.com/ 64 B
459 B 115ms
115ms XHR
application/json 44.215.116.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://assoc-na.associates-amazon.com/onetag?src=330&pj=%7B%22tracking_id%22%3A%22arstech20-20%22%2C%22assocPayloadId%22%3Anull%2C%22refUrl%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%7D&u=https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Requested by

Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.215.116.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-215-116-28.compute-1.amazonaws.com

Software

Server /

Resource Hash

49d9de0c765f466fdcd458cb6eaf29e1bad75544514caad5a068fba55d2b8b59

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 12:59:55 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: HD16YWCQJ03F5E6VHFFF
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 64

POST
H2 200 1617c2a96611175b2501b4c45b539fd1c05d382485b37dff16b0 Show response
planebasin.com/confirm/ 288 B
795 B 76ms
28ms Fetch
application/json 2600:1901:0:4277::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://planebasin.com/confirm/1617c2a96611175b2501b4c45b539fd1c05d382485b37dff16b0

Requested by

Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:4277::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

eeb77461e8336b8d0b21792aaa25db82e02356e2b1be1f2717d403e5d5095847

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Thu, 19 Oct 2023 12:59:55 GMT
via: 1.1 google
x-buildnumber: 1033761249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
x-hostname: fen-hoothoot-europe-west1-test-cmwb
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Thu, 19 Oct 2023 12:59:54 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
702 B 84ms
51ms Image
image/gif 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2613993160362&event=PermutiveSegmentEntry&ed[segment_id]=%229710%22

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Oct 2023 12:59:55 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.8f6656b8.1697720395.147f2680
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 6b5218ade0d05685881b70d3473495bf89d60013
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
content-length: 35
x-pinterest-rid: 7405186846687253
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 0C94 361 KB
124 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6939afaeb559a7dd48bf40e39170c0f5ca2125984aeaca978d9491801f717bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126235
x-xss-protection: 0
expires: Thu, 19 Oct 2023 12:59:55 GMT

GET
H2 200 vans-adapter-google-ima.js Show response
static.adsafeprotected.com/ Frame 0C94 19 KB
7 KB 23ms
22ms Script
application/javascript 2600:9000:2127:cc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/vans-adapter-google-ima.js
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:cc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1dd93cc3f1638f369af566115ae74546e64bdafc4319d9853b5c15a3d3f4970

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: 4UvdbwUsN2CunQyNARaRw4ABpoiv.VmX
content-encoding: gzip
via: 1.1 b9288402a0a891e0bbaca832ecabae60.cloudfront.net (CloudFront)
date: Fri, 13 Oct 2023 12:07:15 GMT
x-amz-cf-pop: PRG50-C1
age: 521561
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 08 Jul 2021 19:25:58 GMT
server: AmazonS3
etag: W/"8ec0c211dda60907ae57f46e621bc794"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: RkqErpJwhA0V2GqNUi_aCJUGP7mFa6waQ-pwK1e-J19-GqXwDQfIkw==

GET
H2 200 gpt_proxy.js Show response
imasdk.googleapis.com/js/sdkloader/ 81 KB
29 KB 32ms
9ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/gpt_proxy.js

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff4ad771c9bfb45d280e8df735aff7c07deb54774ec16f188a6621b149f81b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 669
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29572
x-xss-protection: 0
last-modified: Tue, 10 Oct 2023 20:32:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=900
accept-ranges: bytes
expires: Thu, 19 Oct 2023 13:03:46 GMT

GET
H/1.1 200
OK player-style-2cf7e3c125f7b0cc5c9e.css
player-frontend.cnevids.com/player/ Frame 0C94 90 KB
13 KB 92ms
22ms Stylesheet
text/css 65.9.95.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-57.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 948c1b95f1dbdcb68ad1c83e789f24968a3e487563b42fd5451f4430791b7e30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Mon, 11 Sep 2023 12:49:05 GMT
Content-Encoding: gzip
Via: 1.1 f3303a5632dc925c26253530523fa328.cloudfront.net (CloudFront)
x-amz-version-id: R5m98vrL8kZelKVVheKBOtelJMEgrmJE
X-Amz-Cf-Pop: PRG50-C1
Age: 3283851
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 13029
Last-Modified: Thu, 07 Sep 2023 20:00:59 GMT
Server: AmazonS3
ETag: "6f3c3978d344c16ec2263748c6106086"
Content-Type: text/css; charset=utf-8
Cache-Control: max-age=63072000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: o7XWhvOl8suYiZ4rnfuOX66gjkot5ENpfxSO7EyB4YHIaVEZW9Tx_Q==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
H/1.1 200
OK main-7f40040d423dc64a5a13.js Show response
player-frontend.cnevids.com/player/ Frame 0C94 977 KB
255 KB 117ms
37ms Script
application/javascript 65.9.95.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady34091093
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-57.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 26ade026aef73d3267f1b1dc06ff74adb6818239ea4512919a791ce1d9c7a4d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 17:33:24 GMT
Content-Encoding: gzip
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
x-amz-version-id: BaGoRXFRbhDIZtJk1nJRizAREYCXmH6t
X-Amz-Cf-Pop: PRG50-C1
Age: 69992
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: PENDING
Connection: keep-alive
Content-Length: 260138
Last-Modified: Wed, 18 Oct 2023 17:21:54 GMT
Server: AmazonS3
ETag: "ad6041d9d62a04b54842444926ab4c42"
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=63072000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Vr0NtThWZkWUDheVytNwXWA8Axx9sOdGH702NwOntcrzPv96d-QgzA==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

POST
H2 200 c00ac6fc52a147fed122304b18b92c0472ef3798 Show response
planebasin.com/582865dc8546/ 3 B
64 B 20ms
20ms Fetch
application/json 2600:1901:0:4277::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://planebasin.com/582865dc8546/c00ac6fc52a147fed122304b18b92c0472ef3798

Requested by

Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:4277::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Thu, 19 Oct 2023 12:59:55 GMT
via: 1.1 google
x-buildnumber: 1033761249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
x-hostname: fen-hoothoot-europe-west1-test-cmwb
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H/1.1 200
OK sf-ui-display-medium-webfont.woff2
player-frontend.cnevids.com/assets/fonts/ Frame 0C94 29 KB
30 KB 502ms
457ms Font
application/font-woff2 65.9.95.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://player-frontend.cnevids.com/assets/fonts/sf-ui-display-medium-webfont.woff2
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-57.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3

Request headers

Referer: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: jNwTnDrOXQCtwNbzpCCrw4_AQmswfr1J
Content-Encoding: gzip
Via: 1.1 d33f640b9793fb0553cc6dbe55988068.cloudfront.net (CloudFront)
Date: Thu, 19 Oct 2023 12:59:57 GMT
X-Amz-Cf-Pop: PRG50-C1
x-amz-server-side-encryption: AES256
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 29632
Last-Modified: Thu, 01 Jun 2023 16:30:06 GMT
Server: AmazonS3
ETag: "7d18db04f980971f2a9c5026bbc34bed"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=63072000, public
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: GZ3W3-2oJrKWcb97EZ_j6GJHIgtKuXzHzuSCW-uFrJ0CEzofuGUvdQ==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
H2 200 bridge3.595.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame A157 726 KB
233 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.595.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9de6cf1275e2335cae4231d25e6119cd5bb53cfadd831de5cdfc411de862c6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://arstechnica.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 161352
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 238136
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 16:10:43 GMT
expires: Wed, 16 Oct 2024 16:10:43 GMT
last-modified: Tue, 10 Oct 2023 20:31:50 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 0C94 44 KB
17 KB 38ms
15ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:59:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 Oct 2023 12:59:55 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 0C94 198 KB
53 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 19 Oct 2023 12:59:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53498
x-xss-protection: 0
pragma: public
x-fb-debug: wFIXvHoUvN296/27fDxYQ4Ckpb6PhKl0qJwg0gMtpwarhkYkwvWfIk6Dv/I6nOcvqjj5mVwCDlXuH/N9XdgjWA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame 0C94 48 B
48 B 394ms
93ms Image
image/gif 35.172.145.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2023-10-19T12%3A59%3A55.768Z&_c=&_t=Player%20Requested&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.145.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-145-232.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 19 Oct 2023 12:59:56 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8363 40 KB
14 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13893
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 15:57:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 19 Oct 2023 13:01:59 GMT

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 0C94 50 KB
51 KB 27ms
27ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 14:06:52 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1291983
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51500
Last-Modified: Tue, 25 May 2021 15:04:45 GMT
Server: Cloudinary
ETag: "1631177d1131925333a3b2b652f3d8b2"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: Xxu32bdH9SmEPhYRVbKJHB5hFWFNqWSLhYP-1gfLcjtun4Jrfe5Fmg==

GET
BLOB 200
OK 02a6d970-896d-4b18-85dd-1ffa69133dbc
https://arstechnica.com/ Frame 0C94 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/02a6d970-896d-4b18-85dd-1ffa69133dbc
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H/1.1 206
Partial Content 1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 0C94 63 KB
0 84ms
24ms Media
video/mp4 65.9.95.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-69.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://arstechnica.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 19 Oct 2023 02:47:24 GMT
Via: 1.1 93fcd07b66eaf26b036f14e2ec9d73ea.cloudfront.net (CloudFront)
Last-Modified: Mon, 24 May 2021 13:51:20 GMT
Server: AmazonS3
X-Amz-Cf-Pop: PRG50-C1
Age: 38468
ETag: "580642a938142bddde48207109f78d2b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-2480938/2480939
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: 7lCtvirw9zONl80lQsX99vZrruNYBA1LsLkoGwBKZab1grUSA5f5MQ==
Content-Length: 2480939

GET
H/1.1 206
Partial Content 1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 0C94 64 KB
0 80ms
21ms Media
video/mp4 65.9.95.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-69.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://arstechnica.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Range: bytes=0-

Response headers

Date: Thu, 19 Oct 2023 02:47:24 GMT
Via: 1.1 b5f551be30f63eca57ca04273cb75994.cloudfront.net (CloudFront)
Last-Modified: Mon, 24 May 2021 13:51:20 GMT
Server: AmazonS3
X-Amz-Cf-Pop: PRG50-C1
Age: 38468
ETag: "580642a938142bddde48207109f78d2b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-2480938/2480939
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: rVKU3kpdgN5YpmZhiG3NXrsE9u5a2E9QlTAqJ7ElRRljAn0lrU8Atg==
Content-Length: 2480939

GET
H/1.1 200
OK 1c5e052d-9221-44ad-9785-4ca784ceb60dmanifest-ios.m3u8 Show response
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 0C94 918 B
1 KB 72ms
24ms XHR
application/x-mpegurl 65.9.95.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dmanifest-ios.m3u8?videoIndex=0&requester=oo
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-69.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 005f315d6f7cf50f04161a51e17287b5040b513267560b083a3cf39d0b892ba8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 19:31:25 GMT
Via: 1.1 4bc1976da553dde6dd59c4ea33001b72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 63000
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 918
Last-Modified: Mon, 24 May 2021 13:49:14 GMT
Server: AmazonS3
ETag: "4300fd3b9bba40f219ea54c572764fe0"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: 5c02hSr-AquWYIYaBv-XBxHLgPVxXGlbJaEvDY0aEkRl3jNht1nP0Q==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 0C94 50 KB
51 KB 69ms
26ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 14:06:52 GMT
X-Content-Type-Options: nosniff
Via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1291984
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51500
Last-Modified: Tue, 25 May 2021 15:04:45 GMT
Server: Cloudinary
ETag: "1631177d1131925333a3b2b652f3d8b2"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: U1R2st6kuU5yyVAkp6r3yz9Fn5PxLF5d70rYafeVxtw3OSMnUNabpg==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 0C94 50 KB
51 KB 24ms
24ms Image
image/jpeg 65.9.94.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.155 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-94-155.prg50.r.cloudfront.net

Software

Cloudinary /

Resource Hash

4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 04 Oct 2023 14:06:52 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 1291983
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51500
Last-Modified: Tue, 25 May 2021 15:04:45 GMT
Server: Cloudinary
ETag: "1631177d1131925333a3b2b652f3d8b2"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: czk5QOT6mv9jmmrm-e6yjp_DBTvOnOOUGTz-JjAbaqMm3Y3cffIwYg==

GET
BLOB 200
OK 0c2d2d8a-4cc2-4e78-a65e-84eb6d9688f7
https://arstechnica.com/ Frame 0C94 5 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/0c2d2d8a-4cc2-4e78-a65e-84eb6d9688f7
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fa4a530da785217eeac7d69df2b2eac2ff8f1a7a05d622d8026bd80bbfcafe8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 4973
Content-Type: application/javascript

GET
BLOB 200
OK dff86335-c7fb-446e-8d49-250954c07a07
https://arstechnica.com/ Frame 0C94 68 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/dff86335-c7fb-446e-8d49-250954c07a07
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 246deaa46e55f47aa7a2be298a475478fcdacb65c6f49264f977b4981f7580aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 70012
Content-Type: application/javascript

GET
BLOB 200
OK caf2462d-f9c0-4a8a-a843-7d8922cf5ebf
https://arstechnica.com/ Frame 0C94 68 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/caf2462d-f9c0-4a8a-a843-7d8922cf5ebf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 246deaa46e55f47aa7a2be298a475478fcdacb65c6f49264f977b4981f7580aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 70012
Content-Type: application/javascript

GET
H/1.1 200
OK 1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768.m3u8 Show response
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 0C94 11 KB
1 KB 21ms
21ms XHR
application/x-mpegurl 65.9.95.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768.m3u8
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-69.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4fb846048afd0ee79141b669572402fc0a024d937c00977e124405d11cd319fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 05:31:24 GMT
Content-Encoding: gzip
Via: 1.1 4bc1976da553dde6dd59c4ea33001b72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 28493
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 24 May 2021 13:54:58 GMT
Server: AmazonS3
ETag: W/"cc4f278863bddb064b3e70268d5f02f8"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,Origin
X-Amz-Cf-Id: Ztro_F55SmMK2mMzvgopxFVxnBW-S7cQPEtAIeghAr6ItlTTCFl5PA==

POST
H3 200 events Show response
permutive.arstechnica.com/v2.0/batch/ 201 B
159 B 17ms
17ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/batch/events?enrich=false&sdkp=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 4247d1b6891a84016b78ce2f3fdea5b3d3da13250eadccf2f170fd10e543a4f4

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:56 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1 200
OK 1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768-00001.ts Show response
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 0C94 821 KB
805 KB 73ms
73ms XHR
application/x-mpegurl 65.9.95.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768-00001.ts
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-69.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e944e6d1b0904bc0c1298fe828ec727bc6a9b46f0b4799e197a1a2acc46fb685

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Thu, 19 Oct 2023 04:09:59 GMT
Content-Encoding: gzip
Via: 1.1 4bc1976da553dde6dd59c4ea33001b72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PRG50-C1
Age: 33706
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 24 May 2021 13:54:44 GMT
Server: AmazonS3
ETag: W/"9c6e79c618e52ccae61fce8e62e8cd50"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,Origin
X-Amz-Cf-Id: 5NCp__94GW8YB9ig9OW67-yZ8rw_TRA_Dl-9Tbg-CpunI4_pl6IPsA==

POST
H3 200 state Show response
permutive.arstechnica.com/v1.0/ 0
34 B 89ms
89ms XHR
text/plain 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v1.0/state?fetch_unseen=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Thu, 19 Oct 2023 12:59:56 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

POST
H3 201 usage Show response
permutive.arstechnica.com/v2.0/tpd/ 0
36 B 19ms
19ms XHR
text/plain 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/tpd/usage?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 19 Oct 2023 12:59:56 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

POST
H2 200 mbox
vidanalytics.taboola.com/putes/ 2 B
151 B 100ms
82ms Ping
text/plain 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidanalytics.taboola.com/putes/mbox
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain

Response headers

x-cache-hits: 0
date: Thu, 19 Oct 2023 12:59:59 GMT
via: 1.1 varnish
x-backend-name: 5i41NEgLZrTBnTzubPzIMu--F_NLB_VIDEO_UI_00101
server: nginx
x-timer: S1697720399.487282,VS0,VE71
x-cache: MISS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 2
x-served-by: cache-fra-eddf8230123-FRA

GET
H/1.1 200
OK t Show response
elsa.memoinsights.com/ 105 B
459 B 99ms
99ms Script
application/javascript 35.173.112.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://elsa.memoinsights.com/t?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&author%5B%5D=Dan%20Goodin&title=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&date=2023-10-19T04%3A50%3A35Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cb=MEMO.API.callbacks.cbmvjnstp&v=v3.0.6&t=5000&e=5000&s=0
Requested by: Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.112.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-112-203.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 435fc6b03750fb5c13d15dec775c8e406162b1e2fdff8e453aa4b7dd295fd0de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 13:00:00 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64, Sec-CH-UA-Form-Factor
Connection: keep-alive
Content-Length: 105
content-type: application/javascript

GET
H2 200 userx.20231017-7-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 17 KB
6 KB 20ms
20ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20231017-7-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a021c4118a8ed18c55e33971fc9eba7bdc07a6c07b43f0c9f421577bf5620acd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: SHuAoyG0vJ5lIIJGZ3YM0cizxxpkNTff
content-encoding: gzip
via: 1.1 varnish
date: Thu, 19 Oct 2023 13:00:00 GMT
x-amz-request-id: ZSS9KSD7S7KAH1R0
age: 390
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5398
x-amz-id-2: 75LkPouioYx3Gl97T5z/SDOwKHrk3ANMhjrAJ/P85POcMbnrtSq6h1yTW81DVpqq+LCJhhk/OkI=
x-served-by: cache-fra-eddf8230123-FRA
last-modified: Thu, 19 Oct 2023 12:53:30 GMT
server: AmazonS3
x-timer: S1697720400.312950,VS0,VE0
etag: "dea341f076963e9a101c869bf34924ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 86
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 211

GET
H2 200 distance-from-article.20231017-7-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
1 KB 19ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/distance-from-article.20231017-7-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 14b27f6996322cc01899e1645fe0d308e474faab17f1936e1340753110d40eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: HLvkFmOtzQjiaOsS.8IFbfZ9LfxsEACx
content-encoding: gzip
via: 1.1 varnish
date: Thu, 19 Oct 2023 13:00:00 GMT
x-amz-request-id: PRH0FARDS6F7P7MQ
age: 424
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1132
x-amz-id-2: Y2LmEkJc9WvQUTFoJaywINsH+KuF0vXhY4+E1ZBbPtDXS8C7IOXqPFjL0qeOuX8AoQMpfRg/PMk=
x-served-by: cache-fra-eddf8230123-FRA
last-modified: Thu, 19 Oct 2023 12:52:57 GMT
server: AmazonS3
x-timer: S1697720400.312931,VS0,VE0
etag: "ad4975a2ba820377c220f5aaf40ac255"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 84
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 1020

GET
H2 200 article-detection.20231017-7-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 3 KB
2 KB 18ms
18ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/article-detection.20231017-7-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9c96c896d339ecd2412561b1cc04a750ddbb798fe446c7d9c7fa1f44cbec81ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: q5Y7IYhcZwXIDIQlPU55TM_lPDILkULI
content-encoding: gzip
via: 1.1 varnish
date: Thu, 19 Oct 2023 13:00:00 GMT
x-amz-request-id: P3HJD5EAT8A7927J
age: 430
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1291
x-amz-id-2: 6t6e+x8ITeHStqFFFflO0yKEjvq983a6TOWcmt1SA5HLgv2woheiv6JBvr/v2KMdT2VFjcAHJA4=
x-served-by: cache-fra-eddf8230123-FRA
last-modified: Thu, 19 Oct 2023 12:52:50 GMT
server: AmazonS3
x-timer: S1697720400.312913,VS0,VE0
etag: "3ab8def42c462057a94a7aa8f711817c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 95
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 1034

GET v5
metrics.getrockerbox.com/track/ 0
0

GET
H2 204 abtests
am-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
230 B 19ms
19ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/condenast-arstechnica/log/3/abtests?route=AM:AM:V&tvi48=-48&tvi50=12238&lti=trecs&ri=3278f53133d90ff541eb874dd071ed95&sd=v2_a2944b5fb7e1cc3ffc47cc62478d5e9a_699ae44c-5d71-4ad0-b120-81502fa3145a-tuctc2aadcb_1697720395_1697720395_CNawjgYQ1O1cGLrKlcC0MSABKAEwODib4wlAgooQSK652QNQ____________AVgAYABo6M-UzoD43eJUcAA&ui=699ae44c-5d71-4ad0-b120-81502fa3145a-tuctc2aadcb&pi=/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&wi=-6957810810529006185&pt=text&vi=1697720395066&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1697720400290%7D&tim=15%3A00%3A00.291&id=4555&llvl=2&cv=20231017-7-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 19 Oct 2023 13:00:00 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 supply-feature
am-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
230 B 14ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/condenast-arstechnica/log/3/supply-feature?route=AM:AM:V&tvi48=-48&tvi50=12238&lti=trecs&ri=3278f53133d90ff541eb874dd071ed95&sd=v2_a2944b5fb7e1cc3ffc47cc62478d5e9a_699ae44c-5d71-4ad0-b120-81502fa3145a-tuctc2aadcb_1697720395_1697720395_CNawjgYQ1O1cGLrKlcC0MSABKAEwODib4wlAgooQSK652QNQ____________AVgAYABo6M-UzoD43eJUcAA&ui=699ae44c-5d71-4ad0-b120-81502fa3145a-tuctc2aadcb&pi=/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&wi=-6957810810529006185&pt=text&vi=1697720395066&d=%7B%22event_type%22%3A%22distance_from_article%22%2C%22event_state%22%3A%22reported%22%2C%22event_value%22%3A%221465.203125%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=15%3A00%3A00.349&id=1353&llvl=2&cv=20231017-7-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 19 Oct 2023 13:00:00 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: metrics.getrockerbox.com
URL: https://metrics.getrockerbox.com/track/v5?source=weight_watchers_subscription_germany&tier_one=taboola&tier_two=28250545&tier_three=3831634844&tier_four=condenast-arstechnica&tier_five=Desktop&auction_id=2023-10-19+12%3A59%3A55&referrer=arstechnica.com&gdpr=1&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
arstechnica.com/	1970-01-21 00:20:56	Name: usprivacy Value: 1---
arstechnica.com/	1970-01-21 00:20:56	Name: OneTrustWPCCPAGoogleOptOut Value: true
.arstechnica.com/	1970-01-21 00:20:56	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Oct+19+2023+14%3A59%3A55+GMT%2B0200+(Central+European+Summer+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=920d9f89-eade-4de6-85be-7b87dfa2d8e4&interactionCount=0&landingPath=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&groups=C0001%3A1%2CC0003%3A0%2CC0004%3A0%2CC0002%3A0%2CSTACK42%3A0
.arstechnica.com/	1970-01-20 19:58:51	Name: permutive-id Value: e1e58052-c3d9-47f4-8f41-4dfac734b07b
arstechnica.com/	1970-01-21 00:20:56	Name: __srret Value: 1
.bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/	1970-01-20 17:47:49	Name: pxid Value: 7820e0a2-0a84-4100-a1b0-63876aeb7603
permutive.arstechnica.com/	1970-01-21 01:11:20	Name: permutive-id-HttpOnly Value: e1e58052-c3d9-47f4-8f41-4dfac734b07b
.arstechnica.com/	1970-01-21 01:04:08	Name: _awl Value: 2.1697720395.5-5c9c929ce397437cd64269901b3ecb8a-6763652d6575726f70652d7765737431-0
.pinterest.com/	1970-01-21 00:20:56	Name: ar_debug Value: 1
.ct.pinterest.com/	1970-01-21 00:20:56	Name: _pinterest_ct_ua Value: "TWc9PSYwSE9VOXdlZFAyMStHdnJmNWxnZnBCMnI5MHNPR2NYQVE0ekpURXpKeW9sQTJ2M1BncFA0eHZUUWI2NzdZMm9kT01OeUhEd1FOQ3ZoZ2xPbVR3eW93cDhNR3F6QVN6YXVZMzhRMzMxVHpxYz0mYnF4UjRoUjE4cVVOQ2RoQ2RhNWYrM1cxRG1ZPQ=="
arstechnica.com/	1970-01-21 00:20:56	Name: __srui Value: 66933ce9-6e7f-11ee-87a0-1eebdf0560b5
arstechnica.com/	1970-01-20 15:35:21	Name: _dd_s Value: logs=0&expire=1697721294991

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads-static.conde.digital
am-trc-events.taboola.com
api.cnevids.com
api.condenast.io
arstechnica.com
assoc-na.associates-amazon.com
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co
c.amazon-adsystem.com
capture.condenastdigital.com
cdn.arstechnica.net
cdn.cookielaw.org
cdn.mediavoice.com
cdn.memo.co
cdn.permutive.app
cdn.permutive.com
cdn.taboola.com
config.aps.amazon-adsystem.com
connect.facebook.net
ct.pinterest.com
dp8hsntg6do36.cloudfront.net
dwgyu36up6iuz.cloudfront.net
elsa.memoinsights.com
geolocation.onetrust.com
gum.criteo.com
ib.adnxs.com
imasdk.googleapis.com
mb.moatads.com
metrics.getrockerbox.com
p.skimresources.com
pagead2.googlesyndication.com
permutive.arstechnica.com
pixel.adsafeprotected.com
planebasin.com
player-frontend.cnevids.com
player.cnevids.com
plugin.mediavoice.com
polarcdn-terrax.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
r.skimresources.com
s.skimresources.com
s0.2mdn.net
securepubads.g.doubleclick.net
segment-data.zqtk.net
shiverscissors.com
static.adsafeprotected.com
t.skimresources.com
trc.taboola.com
vidanalytics.taboola.com
www.datadoghq-browser-agent.com
www.googletagmanager.com
www.googletagservices.com
z-na.associates-amazon.com
z.moatads.com
metrics.getrockerbox.com
104.75.88.209
13.226.89.88
13.32.121.43
130.162.160.243
141.226.228.48
151.101.193.44
151.101.64.239
151.139.128.10
18.202.170.110
18.213.249.75
185.89.210.180
205.234.175.175
23.35.237.151
2600:1901:0:4277::1
2600:1901:0:7416::1
2600:9000:2127:a800:17:b7d9:a700:93a1
2600:9000:2127:cc00:8:48e:53c0:93a1
2606:4700:4400::6812:2089
2606:4700:4400::ac40:9256
2606:4700::6811:7611
2606:4700::6812:7fc0
2606:4700::6812:83ec
2606:4700::6813:9117
2a00:1450:4001:808::2002
2a00:1450:4001:809::2008
2a00:1450:4001:827::2006
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2002
2a02:2638:3::c
2a03:2880:f083:100:face:b00c:0:3
3.131.184.180
34.107.161.9
34.224.24.192
35.172.145.232
35.173.112.203
35.190.59.101
35.190.91.160
35.201.67.47
35.241.9.51
44.215.116.28
52.7.215.88
65.9.89.147
65.9.90.93
65.9.94.155
65.9.95.29
65.9.95.57
65.9.95.69
65.9.95.94
005f315d6f7cf50f04161a51e17287b5040b513267560b083a3cf39d0b892ba8
0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c
030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06
0396be2ab58ec30babd0838d7e37d6407475d4361be85ee7451dbac9186add57
06b33c040105224101afcdaacd82b6dfb3ea1bf9ef3d7478cf5fa163a0ad65e0
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
0b5c6a8d4a856db56da956eced8af9a5eb6e0a89dc67de5ffc4c83513472a3cc
0c8c07e82ad5ddc89d7daf1fc82afa3352be27b7a9c479f50e8c42511774a7ad
1097abb6f0992cccc79428374463e7f23b99dae5eb85d7317b20bd57c96031bb
1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83
11f5637cd1e69c5416520a3f0cb75816b0207728752deb02f7f164fc8e584499
14b27f6996322cc01899e1645fe0d308e474faab17f1936e1340753110d40eb9
16708dda2536b4b3782313db4a6ec8456cd84da7ae0f56d7d2455e68fc9bc4f0
16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
1bf55bc00dbf13180884211c3d301729e67b81f3456225c1fbf97d271d636509
1c7dcc8216c6f82da2998ceeac2523632c7f9bffe510824b6d082621201f2012
1defb6bc54a7ee9c066136908360e8455c23ee9ad0dec9924e7255d7948cd4be
1eb87b27793a8954383be6ea616cd92550b0ed770cd39badd077c6cc5bd118ee
1f466b08649eef5ad16c20f6d7207bf8818cb107b6241950dbc568cdffc03d63
1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378
20660a9ef7ec454c15b2dc62b3db084e0cc9f74c5bb6de71a96fb1a54aef00f8
246deaa46e55f47aa7a2be298a475478fcdacb65c6f49264f977b4981f7580aa
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26ade026aef73d3267f1b1dc06ff74adb6818239ea4512919a791ce1d9c7a4d1
27348ba4b98bd80f1038496ec5dea6ad865680540058fb085b8ca199b8aaf4c5
28ed651acc8b89aa0ff6d9d19d3026c41bf80b05a4a5bfbd9805e68add5e6cdf
29637e0647104ccc5d5583e652db29ce99e947c858c3d9502960e7ea7f1aea19
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
321b6d434acaa0d2b57801f86fb4ad3444a8e946ac7a07453108515456c7fbcb
33df84feb984549e7bd1a9bbc0acc1a6dc524aefcd9cc856501a60ae85879cab
36a6a34c7aecb6ffec0a5abeac30e74bbac96825870de87139ceb8425b4d9b0e
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b0209841325362235c221628e471145726897e4e1c9b210b6e6b2217fdf2ee8
3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c
3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34
3f2cf5f857c617761a251ceef8f6ed452a7690e21f16eff0a70dddf9beea8633
3ffb2898bfdc64f6aa63183418b7c42a529f37505c70f68270abf62d90d6babe
4046579e6e4eb157620e7ed218f64cca8b290ba6269d762df786c3c5e069cc5e
4247d1b6891a84016b78ce2f3fdea5b3d3da13250eadccf2f170fd10e543a4f4
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
435fc6b03750fb5c13d15dec775c8e406162b1e2fdff8e453aa4b7dd295fd0de
46a9ddb1f206a46900872e0a832750ae06925528f81883a3d3517fdb42aefb6d
4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd
49d9de0c765f466fdcd458cb6eaf29e1bad75544514caad5a068fba55d2b8b59
4bc7f443f57d55c7eba98816a3d1054bdcee0cc74f4c1302f82056d118f141bb
4c5f80cce6889f5bd1236ae540178efed729c20bf20c5afaeed6e2fa02d50323
4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105
4d7b91ed4a7804e22b94e4873af273def73469e80b740bd9787e287003058868
4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8
4fb846048afd0ee79141b669572402fc0a024d937c00977e124405d11cd319fe
5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b
560bf130580f795cffabe8de5f2c69ec3f92921e1841ae6e55d516a046805cc7
564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67
56f8838a24cb0cc47dc34a19d6b84d6ce8bf8086b1682bbb990abc13b1e2da65
571479d52cd675db5573fe46973c62cba6d8224a76136fcefeb90f7dc42a6391
574e672fde70ecc8ae2056445db161deeff93a0a8da82fdf4f8874faeedfe17b
59201950b83489808587827b4050ffe0597992825daa88c227476cdbbf8ca282
594fc5814367bca74a6cfa0fcd89df251a05e7e39eb324ce959b5b692354f468
5be5b0170ad4bbd2be91182d137933e7de9c7e86b09ec855a4bac015ebfd746f
5e949e0ba546cccd944b7fc64ebc3f97123638dd1b3af8eec5732cd599c2ed46
5ecbfb541946a9a9437190a21d98e1c7ab7d863837d7d038a9a1e053c649c8ba
617e0f9fee7ef0ca891735246b4b5a61caa3622db4a4256685b061c9f43bd053
61fa63adf47d4b3d236cdff13deaa504de0546485106eaa1f0e98b1786815670
62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
6939afaeb559a7dd48bf40e39170c0f5ca2125984aeaca978d9491801f717bb9
6a2bb1023400cca8ae0171e8789a54ccac0cc4e10eb8908b7d51eb10a45ce1b9
6ae09cd20041ec0f2769082d1a2b11c972b3ba6ab05d21b19a1419b3010b504d
6e6f8951f1ba803727cb0d4513d7a2dc6084d8c6cbadbf9f5563809c2ac7c69d
6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a
7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3
73b4424d2202e9f35bc51ef07a84e4f2ca17e5c73fb20a25869eb92ae379e2b3
7475f5c70d3b6020b6f4621b2e69fba3360bea00a913e60b085af165b93842ec
76a942b00d27a492f8c322bd161121bf2c010d6453ded0cc0788477bc1c7f61d
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207
7abbd200510b514fce325237f0a9149fde8bc489e85934801aea98cf24c3d50c
7d91c04c657709af03f6dad61d375c3208d18ab5ff7851c2472007dc05201342
7f1999dd213ea15813d6e27249169c4d54cfec7150e81ed1e1aad85d7b20202f
7fa4a530da785217eeac7d69df2b2eac2ff8f1a7a05d622d8026bd80bbfcafe8
7fc88c65d46e83b3f3e9f098f05fd639480332fc3718cd714725e2e4633af4e8
807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752
82c48e4f43352a8f0c34f9ad13be89d22a8439ba8e322e2300499871d242aa0c
82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391
83a366075eb2387c6d9f848f42b08df0546027333eccf5813edf95ba45709be2
85c33811c2b04e4e02babe2fd6bd7ac0035f93e95827116429bbda2cf9c6c95d
85db95dbe15c810a710ca6d9094a2a29f2eeea05791cc7aaab7af8939684b978
86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a
89a04f1809b96eca28e1646ccc40bfa7b714142a610b41e40082bbebca8ea6c6
8af9c8b099eb304043231105612df622c8ab8f1cddfa4399f769aecd700ae41e
8b72952d3fd656ee6594f0d9735d928113ad1d590705b14f77abf75f1d4d5d69
8cbe47dffdb2913380b553bde4184a77fbce2a415e8e8405d348fa3bc7bfd6fa
8dc40a5096530714279199bd98ffbe44f3108bf9dd183ec74d85f69705d86e25
8f1c2790892b813bd61cfd4de2806aead296679e8daf7e15155f8f8a428fd7e0
91eb1f5a1d91c121061548cb3e3797421572c15943030ac0a398484b2d86326c
93bea8408610109650029c023b88d039114aa9be5663eeaa1b3fbbc7244ad50d
9431bc6d1a6d036a70c92dfc9000d7965f939671a59705bdd01c3e652048ed9a
948c1b95f1dbdcb68ad1c83e789f24968a3e487563b42fd5451f4430791b7e30
9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab
99c59c29d85c7479fd9560f6322aedd29006e09873d353678a60cfe26644c2dc
9c96c896d339ecd2412561b1cc04a750ddbb798fe446c7d9c7fa1f44cbec81ee
9e679dfa02058332de47b24401e7aa0b6c0bfe61ae2ededc9c937bc2bdb974de
a021c4118a8ed18c55e33971fc9eba7bdc07a6c07b43f0c9f421577bf5620acd
a0ba0ab7576240fc7fa00dee2adb52faccef5a1fb710c3e8e1233c0e1caf5fce
a2bd43c80adc73ae26472a90ec3bd9df44a5b7d2dafb133b8660efd800c719b1
a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01
aa3b9513abbbf65a2c8483122648fce1b39b1afa2a69bdf863242f1411baba58
af06fcd260a5e139f01760a0f507354b2109969432203415e000909695ca849e
b6219572ff2614c0f7b38815e5f2d8bac96c758d0e455152d2afd7f417395dc4
b923c564473d30245b19bc93eaa384225d8ca55118931f89df58e4de539ecb77
c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34
c1dd93cc3f1638f369af566115ae74546e64bdafc4319d9853b5c15a3d3f4970
c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2
c390e14d82304a2d9f01faedb819791a5553764c90bd4830c3a27b6108006644
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220
c46974d8f6030e4888708b18a5d9a32b25eb765a5708896e1899df449d87aab7
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a
cb3c6a5bc33d3a117399eeec983c237f522b07b09c6e8bee029c470d0e3c2c32
cb52c9b5c6b4f30eb9580d4414ecd97d408ffb0579fc9792f379da7e9e43221c
cff4ad771c9bfb45d280e8df735aff7c07deb54774ec16f188a6621b149f81b3
d0883dc51f5a465d72c91dc84ff0f9bd25913fe00718e16ce7e18a5c54ed2c50
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3
d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d7cf19e3d2c9c192e149badd2271c1037d448c18d0e6aeeaba08ae0f95e7efca
d8d9e669ba66861451060f87f8b59bdd5faecf841f98aaa2b0da95d8c0d07d82
dccefe9d1209e85a5edeb399ee2e7ba50d0540f5ce29cc86775090c89dfab1ac
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de24551bd4396fc8579b2d87ce01944553dd48fb52775d14373725a50efa0c37
de5e37739b5797e8ba9dba4a2dcb65f37c36a65fe839cb306162e21c74ba166e
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e213cf8f887633ac8924c0390bb121f259a895ab8432013f5b6e1c37727802aa
e336ff50623cff960c2396944be4392139f63dcc032e5f3428d81489fdfe697a
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74b9cb9d8871d300d2a1d36ce2cd00dfbfe0c5d8066d1d415c4ce620a919d47
e8830a414dfeb4c0e0f519d3419f69849df9226f329357c938333dbf2c956f63
e944e6d1b0904bc0c1298fe828ec727bc6a9b46f0b4799e197a1a2acc46fb685
e9de6cf1275e2335cae4231d25e6119cd5bb53cfadd831de5cdfc411de862c6b
ec1beb5e0e2d6b015b4664703c00979d018257327c147ffb42a74339b542b043
eda376c50be465fcdba41f675393693c3625289c74b025f625722d400ecaafc8
eeb77461e8336b8d0b21792aaa25db82e02356e2b1be1f2717d403e5d5095847
ef6ff5f0c4b32cd4482ed02e3b1b80194dbd1fa477675008b793b71e31074f1e
f0c8f43da8b86a152ddcd6dbfe674781757e9fb536f74a4c8dc413616d4de7d9
f19c74770a3c3b7a1b77b663cc3f4956672bcab87aa84153bb284b480d7bdd94
f75c76aa4b70766651aec7f46e9161fe774810bffac96034dc63e5a9eed10918
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d
f9d9e96c4439beeca49a1a10f9dffe6f5cd0b604d13aa13af170d0bc62d8ca1b
fcc123da3f9e6bae17bdf90095e0195a633a56fb312a49eaad731594b6f073dc
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fde25ad09c5d4bf924bb2bf5b118b68a94ed2124dc5c6fa2182f8415ed935f4a
fff8e490154cb7c1489bcd167245fdeffc9042fb1755dc1c3e824d255ef835cd

arstechnica.com Open in urlscan Pro 3.131.184.180 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

172 Requests

95 %HTTPS

37 %IPv6

38 Domains

53 Subdomains

50 IPs

6 Countries

5514 kBTransfer

14055 kBSize

12 Cookies

60 Outgoing links

Redirected requests

172 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

arstechnica.com Open in urlscan Pro
3.131.184.180 Public Scan

Screenshot
Live screenshot

Full Image

172
Requests

95 %
HTTPS

37 %
IPv6

38
Domains

53
Subdomains

50
IPs

6
Countries

5514 kB
Transfer

14055 kB
Size

12
Cookies

172 HTTP transactions
7 data transactions