URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Submission: On March 22 via api from TR — Scanned from DE

Summary

This website contacted 25 IPs in 4 countries across 11 domains to perform 175 HTTP transactions. The main IP is 104.18.5.22, located in and belongs to CLOUDFLARENET, US. The main domain is www.theregister.com. The Cisco Umbrella rank of the primary domain is 148679.
TLS certificate: Issued by E1 on March 10th 2024. Valid for: 3 months.
This is the only time www.theregister.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 33 104.18.5.22 13335 (CLOUDFLAR...)
28 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:3::12 44788 (ASN-CRITE...)
9 2a00:1450:400... 15169 (GOOGLE)
2 52.1.134.154 14618 (AMAZON-AES)
17 2a02:2638:3::3 44788 (ASN-CRITE...)
2 178.250.1.6 44788 (ASN-CRITE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
32 2a02:2638:3::10 44788 (ASN-CRITE...)
3 2a02:2638:3::1a 44788 (ASN-CRITE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:235... 16509 (AMAZON-02)
7 2600:9000:267... 16509 (AMAZON-02)
1 2a02:2638:d::c 44788 (ASN-CRITE...)
1 2a02:2638:3::9 44788 (ASN-CRITE...)
3 2600:9000:205... 16509 (AMAZON-02)
1 2600:9000:275... 16509 (AMAZON-02)
2 52.200.29.213 14618 (AMAZON-AES)
9 35.171.235.242 ()
175 25
Apex Domain
Subdomains
Transfer
52 criteo.net
static.criteo.net — Cisco Umbrella Rank: 898
imageproxy.eu.criteo.net — Cisco Umbrella Rank: 8336
csm.eu.criteo.net — Cisco Umbrella Rank: 7168
374 KB
42 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 143
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 204
647 KB
33 theregister.com
www.theregister.com — Cisco Umbrella Rank: 148679
go.theregister.com — Cisco Umbrella Rank: 488471
195 KB
24 typeform.com
n56vhidqbtj.typeform.com
images.typeform.com — Cisco Umbrella Rank: 68311
renderer-assets.typeform.com — Cisco Umbrella Rank: 57034
font.typeform.com — Cisco Umbrella Rank: 76132
rudderstack-control-plane.cdp.prod.data.typeform.com — Cisco Umbrella Rank: 58679
rudderstack.cdp.prod.data.typeform.com
532 KB
9 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 413
187 KB
6 criteo.com
ads.eu.criteo.com — Cisco Umbrella Rank: 7102
cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 9036
rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 14737
rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13637
112 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
region1.google-analytics.com — Cisco Umbrella Rank: 1728
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
145 KB
1 rudderlabs.com
cdn.rudderlabs.com — Cisco Umbrella Rank: 16014
120 KB
1 regmedia.co.uk
regmedia.co.uk — Cisco Umbrella Rank: 283761
427 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 387
5 KB
175 11
Domain Requested by
32 imageproxy.eu.criteo.net ads.eu.criteo.com
32 www.theregister.com www.theregister.com
28 pagead2.googlesyndication.com pagead2.googlesyndication.com
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
tpc.googlesyndication.com
17 static.criteo.net ads.eu.criteo.com
9 rudderstack.cdp.prod.data.typeform.com n56vhidqbtj.typeform.com
9 s0.2mdn.net www.theregister.com
s0.2mdn.net
8 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
7 renderer-assets.typeform.com n56vhidqbtj.typeform.com
renderer-assets.typeform.com
6 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com pagead2.googlesyndication.com
3 font.typeform.com renderer-assets.typeform.com
font.typeform.com
3 csm.eu.criteo.net ads.eu.criteo.com
2 rudderstack-control-plane.cdp.prod.data.typeform.com n56vhidqbtj.typeform.com
2 cat.nl3.eu.criteo.com ads.eu.criteo.com
2 n56vhidqbtj.typeform.com 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
n56vhidqbtj.typeform.com
2 ads.eu.criteo.com 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
2 region1.google-analytics.com www.googletagmanager.com
2 www.google-analytics.com www.theregister.com
2 www.googletagmanager.com www.theregister.com
www.googletagmanager.com
1 cdn.rudderlabs.com renderer-assets.typeform.com
1 rtb.nl3.eu.criteo.com 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
1 rtb.fr3.eu.criteo.com 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
1 images.typeform.com n56vhidqbtj.typeform.com
1 regmedia.co.uk
1 go.theregister.com 1 redirects
1 cdnjs.cloudflare.com ads.eu.criteo.com
175 25
Subject Issuer Validity Valid
theregister.com
E1
2024-03-10 -
2024-06-08
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
*.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-08 -
2024-05-06
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
typeform.com
Amazon RSA 2048 M02
2023-06-14 -
2024-07-12
a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-17 -
2024-05-17
3 months crt.sh
*.nl3.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-06 -
2024-05-03
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
*.eu.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-28 -
2024-05-31
3 months crt.sh
*.typeform.com
Amazon RSA 2048 M02
2023-08-31 -
2024-09-27
a year crt.sh
*.fr3.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-10 -
2024-05-05
3 months crt.sh
*.rudderlabs.com
Amazon RSA 2048 M02
2023-06-14 -
2024-07-12
a year crt.sh
cdp.prod.data.typeform.com
Amazon RSA 2048 M03
2023-12-04 -
2025-01-01
a year crt.sh

This page contains 13 frames:

Primary Page: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Frame ID: 1EF0260D0A8B62BAB7B4B91D0B178246
Requests: 45 HTTP requests in this frame

Frame: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0AF5085E0561930A08B8726AE72675A7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A70A9FC8D6A2949C965BF48011FED173
Requests: 3 HTTP requests in this frame

Frame: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A1E5BF4F795B60FC5976DFC766A2C27E
Requests: 9 HTTP requests in this frame

Frame: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BE432AA4B81620F95513056EF071647E
Requests: 8 HTTP requests in this frame

Frame: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DF38090586EF3F7609A258DA499E3F00
Requests: 7 HTTP requests in this frame

Frame: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B9093CB956E6509EF415B31D08159AEC
Requests: 7 HTTP requests in this frame

Frame: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8EF65D601E36F9AAA6E6A229A252EC2A
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZfzpogAILSwBdQBjAApN49T2uxeUPiOeC5CBWg&u=%7CxegoyolpfCiiXYDjVj9ZfH63EoQgeDtsvYx0nCvchKk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoLzx4AFin92sMRYroPqV_xB2E55C5w-iXtMMikLYkDPiqZCNzNFOUekANB8ZIxZJPpNVcHIeodVMROFuKgHChhj_Aw-S6GOZ9VLmsl7rx-PAIViuVYdIRQtKAaVxtO8WyXj_UB5YqhszuY78wPt5DXm4YK9o3xPIL1tqi_FH6olmJK9CCeWUV6S7G0zDbz2F14_E4UlHhH8UdrL-Ne8qca8Oj1WDSVUna5svzv9R0DlW2C3CTV9uJEo1hWXzPMiU3Y9ceu12AgJAhbdZUa03VtxxUh0esTnE6sqIzdUM2PdYaMFDFWlE_rGArDbMEUl4jp1eecrsDGapMQ929YB0YXQzmqGH28wmjXwDTe_1xG53V8-MeQDKZoGHuPjYX7bHtBn6U2BceMHVdNY7gNTXZEnnreGveSkIZrlS3f95Vw14iyKYpWvynq4rsLrTc8p4gZ2YfMZe9cVszjxOlLqtFDW_UD1wpruAmNlLQ9fC_xqnJLVUfwrJtT6GcWys2TT-RUACMlJXl5Sd4PIpr4aHG7cW61d9yg3RuFm9UoKOYF4LbI40bNwjta99IOdrCQ_2wRxK7lsn6x7OZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLNWwoun8ZazaIOOA1LsP45upiAXJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzIzMDkzODY5NDEyMDIzNMgBCakCSyvHseQ4sj7gAgCoAwHIAwKqBJgCT9AUwqTcdaiMpMMNp7GoT6YELkyEuIerinUcWQFcG23szERCYLF8fpHqdANvOI0JW_Pw-vpk7IIoJgviOSpEpHLelCxA3w5aLfZ48tS0zeTdWj6802W9iAAoBwNLQXUXEuJUV2M_ZyPccZ1ue8-SmGJVi2HfRg_hr3ZydyCUMFb8FfHVaJbyWLGqHwLg4N84j6maZkbihefzh_Hb4JCrvCWFGLKa8URyWsd2vSZuthR-DyPiSers2ynzvMtPrcfMJiI_lirXn4MxPwxULfZ7w0WjbuZEV9_XpZDCa6eCWtsOf0qfkDN2eyWU4HJ6kTIjV-NenqK56CwG60xQuPE98HmCtnQ5jom3R9N_euPUiU_kUnWWS_WzveAEAYAGq-7fsO7dlNnsAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCoIkeGAcBABMgfri4Dgv4ANOgqAgASAgICAgJQoSL39wTpYmrfvn-aGhQP6CwIIAYAMAeINEwjm8u-f5oaFAxVjAHUBHeNNClHQFQGAFwE%26num%3D1%26sig%3DAOD64_0QWZnny2rqlY2VIBK9DkSLYtDobQ%26client%3Dca-pub-3230938694120234%26adurl%3D
Frame ID: 3E18AEE4209277B586BE91DC672D1977
Requests: 34 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZfzpogAILTABdQBjAApN4wQaBaYK5hAMd85Rng&u=%7CxegoyolpfChI6JsOSX%2BCIEdIeTLlfcUAXxAGgSDFd3M%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoL8ODOuy5afyUT0ttBH0WyPomw2iQPPmfN0jHet-263msp7xpg0EEEWy4q765RaJEs4_FWgxgXK8xlVtOEA0TtZq0ue_vr7pwWclVOgqxjKTakDtql5t-LdWv57XeW55gav7A7pyTgmJgE2NhPbY1cZD5h-a3eKIt6ZY5k_GdpudPdqTgZS7OA_pRLcbepv3Ird3rjL4pSYrXA6MEf_VT7hH59gSa1uiyB3pCOX4P_QUrjD7rD0a-pu_-56sZpgCekvPd1bHEYGtXkXaJshAUOnxiq-VJGsjaQWRfz2nNSGccsxmEKee8ZkvrpId_x9cIE70kIeqw03Gswhha3snaz4fh0D3-KHztKUdPGLWmtUpvinmA-ojwkoX7dPfL5bHBGFP8VjTcl6rYOMBT2S6vtmzNQOsppjF2V3bmjjiZaMpQwHlKwCA56IwYBUTRI_Yaz1lNVxVYT3UvtYu1EQZ6iZcJlQSVWEKdlwNt4OtZ-P4_bP6HzFJGEL1_LhuyHK9puMHOkou7AxtBJs9Fv5OeeL2uOMGjWyR-ZMGc-KXaaPt_WjzT3_vZxkk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPqthoun8ZbDaIOOA1LsP45upiAXJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzIzMDkzODY5NDEyMDIzNMgBCakCSyvHseQ4sj7gAgCoAwHIAwKqBJ4CT9D2dRpe1YC3oY8xoEaJjJr7uuyURJIjVOlxt6we9wnaCcUzp4AZT5KUcK-qBrWwZhu3FUzneXhWw8ZHGT-Nki5qB28rR3e1svQxetM_KuK7FYhcoRzN6wl5XlXjkoPMUuP9Bo37MILiMakwwSwui28v-0rdEgMxsYdN_Dk3NXtZoeaM9fXZz2vughDaCYmqrSAqLxe9gP8vsLHowsQME-fLHty3skLaNkXoP1HYNonqPLl3Qa8nLFzjXyM2w9K_YvofVby3L-eGX75txwlxTjsK4uYiMOMyWzYFHBay2bydiMqw6iJwtryIX_kpqZv72iyWnlBOOCD9_abde1FDbMsy5r5-sHqC_dnH6d2dNIiDULtqO-SZW0vSKBsG1-AEAYAGwa2c6Zvc_7HXAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCoIkeGAcBABMgfri4Dgv4ANOgqAgASAgICAgJQoSL39wTpYmrfvn-aGhQP6CwIIAYAMAeINEwjq8u-f5oaFAxVjAHUBHeNNClHQFQGAFwE%26num%3D1%26sig%3DAOD64_2ENkVWIZh6LvAI_DCAEy_ZfaotHQ%26client%3Dca-pub-3230938694120234%26adurl%3D
Frame ID: 71EFE17F4F6E6D4E9AA97089382BC64C
Requests: 23 HTTP requests in this frame

Frame: https://n56vhidqbtj.typeform.com/to/BXO0jYNp
Frame ID: C48FFBEC48CB5217998B6CA1E962D123
Requests: 20 HTTP requests in this frame

Frame: https://s0.2mdn.net/dfp/296979/4757774554/1700141978681/index.html
Frame ID: B4FA79CF2CDFC44B875A8376E5DCA4D7
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/dfp/296979/4757774554/1700141421435/index.html
Frame ID: 0C5739A9322528DEEB2A76E9EB10B5AF
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

North Korea's Kimsuky gang now exploiting Windows Help files • The Register

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

175
Requests

99 %
HTTPS

79 %
IPv6

11
Domains

25
Subdomains

25
IPs

4
Countries

2337 kB
Transfer

6581 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 108
  • https://go.theregister.com/k/abt_a HTTP 302
  • https://regmedia.co.uk/2007/09/13/tp.gif

175 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
75 KB
14 KB
Document
General
Full URL
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffcd46ba12492283a88b5517bc639676696e7bdedbca280afcce68b4dfd300a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8682abd3ee452675-TXL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 22 Mar 2024 02:14:57 GMT
link
<https://pagead2.googlesyndication.com/tag/js/gpt.js>; rel=preload; as=script;,</design_picker/07d150ec3d6df4af46fa44af9b1540a83d36e310/javascript/_.js>; rel=preload; as=script;,</css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/scaffolding.css>; rel=preload; as=style;,</css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/design.css>; rel=preload; as=style;,</design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,</design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin;
server
cloudflare
vary
Accept-Encoding
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
x-reg-bofh
pfy02gb
gpt.js
pagead2.googlesyndication.com/tag/js/
89 KB
29 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fafb5d310bf8843fb8db4cebd20559f801914f438559282e34e8885292b291cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28990
x-xss-protection
0
server
cafe
etag
620 / 19804 / 31082083 / config-hash: 6691236953179600454
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Mar 2024 02:14:58 GMT
_.js
www.theregister.com/design_picker/07d150ec3d6df4af46fa44af9b1540a83d36e310/javascript/
223 KB
63 KB
Script
General
Full URL
https://www.theregister.com/design_picker/07d150ec3d6df4af46fa44af9b1540a83d36e310/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691039c0ca1a729e36151c8055ad52c560191de2441a3b8f13340752083d2274
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 02 Jan 2024 09:41:56 GMT
server
cloudflare
cf-cache-status
HIT
age
2565600
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd4af0e2675-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 17 Mar 2025 09:32:53 GMT
scaffolding.css
www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/
41 KB
7 KB
Stylesheet
General
Full URL
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/scaffolding.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81135696e2598eec88cbcdde4e7bb2d6b4dbebe1c12537d242781470112c2baf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 19 Mar 2024 09:02:51 GMT
server
cloudflare
cf-cache-status
HIT
age
234010
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd4af0b2675-TXL
alt-svc
h3=":443"; ma=86400
expires
Sun, 13 Apr 2025 09:03:03 GMT
design.css
www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/
58 KB
11 KB
Stylesheet
General
Full URL
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/design.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
359283edc543c5c27c5851988ff042012fcfdf771607e553ed46fd11d4283def
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 19 Mar 2024 09:02:51 GMT
server
cloudflare
cf-cache-status
HIT
age
234010
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd4af0c2675-TXL
alt-svc
h3=":443"; ma=86400
expires
Sun, 13 Apr 2025 09:03:03 GMT
arimo-700.latin.woff2
www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/
25 KB
25 KB
Font
General
Full URL
https://www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Origin
https://www.theregister.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
10114660
alt-svc
h3=":443"; ma=86400
content-length
25628
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 04 Feb 2020 15:35:20 GMT
server
cloudflare
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
https://www.theregister.com
cache-control
max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
cf-ray
8682abd4af0f2675-TXL
expires
Tue, 17 Dec 2024 09:42:25 GMT
arimo-400.latin.woff2
www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/
26 KB
26 KB
Font
General
Full URL
https://www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Origin
https://www.theregister.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
10367462
alt-svc
h3=":443"; ma=86400
content-length
26144
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 04 Feb 2020 15:35:20 GMT
server
cloudflare
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
https://www.theregister.com
cache-control
max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02gb
cf-ray
8682abd4af102675-TXL
expires
Mon, 25 Nov 2024 05:38:28 GMT
story_only.css
www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/
76 KB
11 KB
Stylesheet
General
Full URL
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70c04bd8d86993879d388c6b5939685dd7a7292a5df3ca4e29a9bde2b1d53073
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 19 Mar 2024 09:02:51 GMT
server
cloudflare
cf-cache-status
HIT
age
233808
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd4af112675-TXL
alt-svc
h3=":443"; ma=86400
expires
Sun, 13 Apr 2025 09:03:03 GMT
rows.css
www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/
42 KB
7 KB
Stylesheet
General
Full URL
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/rows.css
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31339f0267540a113f28a27de6f90239957dc4429eb3fcbdf1454413b66c13b2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 19 Mar 2024 09:02:51 GMT
server
cloudflare
cf-cache-status
HIT
age
234010
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd4af122675-TXL
alt-svc
h3=":443"; ma=86400
expires
Sun, 13 Apr 2025 09:03:03 GMT
js
www.googletagmanager.com/gtag/
121 KB
47 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b001fbf3da8819817a4f4a985ad28827eabf6b1dd1447fd3288bfa2e4e8923ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47820
x-xss-protection
0
last-modified
Fri, 22 Mar 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 22 Mar 2024 02:14:58 GMT
arrow_down_grey.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
332 B
523 B
Image
General
Full URL
https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36bce10d171ed5978f6c03925eca36a2cff5da27ad1c9ccba2bb74b7d230b750
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Sat, 18 Apr 2020 08:30:21 GMT
server
cloudflare
cf-cache-status
HIT
age
10114442
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd55b422685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 17 Dec 2024 09:42:12 GMT
user_icon_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/
573 B
555 B
Image
General
Full URL
https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
455442b80b731817ad9e5b615c3ffcedbb9e351dc57b0f0298b77cdb5d11d57d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 02 May 2023 08:25:31 GMT
server
cloudflare
cf-cache-status
HIT
age
1220757
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd55b432685-TXL
alt-svc
h3=":443"; ma=86400
expires
Sun, 22 Dec 2024 08:07:57 GMT
user_icon_filled_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/
630 B
587 B
Image
General
Full URL
https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f1cb4af215bea1d20e63989d2bc87cd3b6daf71af4e59b6ab7875154cecbceb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 02 May 2023 08:25:31 GMT
server
cloudflare
cf-cache-status
HIT
age
702165
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd55b442685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 23 Dec 2024 02:46:52 GMT
reg_logo_no_strapline.svg
www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/
5 KB
2 KB
Image
General
Full URL
https://www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
391022a2690f18db5daf7a3bc0c5ad36f31b094da5a8912d57c775e5add18d57
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
cf-cache-status
HIT
age
10282179
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd55b462685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 03 Dec 2024 01:55:28 GMT
magnifying_glass_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/
368 B
462 B
Image
General
Full URL
https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cbf748e68bf2fb8da497de517cbd7826d44c6b278cec89e22a9e13e193e4ded
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 02 May 2023 08:16:36 GMT
server
cloudflare
cf-cache-status
HIT
age
702165
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd55b472685-TXL
alt-svc
h3=":443"; ma=86400
expires
Wed, 04 Dec 2024 03:13:24 GMT
burger_menu_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/
309 B
462 B
Image
General
Full URL
https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5dd339c31b8ec482e001dad4fb52e6f8f138ad772b74a2d387943e10df3bbc48
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 02 May 2023 08:01:09 GMT
server
cloudflare
cf-cache-status
HIT
age
597589
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd55b482685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 16 Dec 2024 06:59:14 GMT
burger_menu_white_close_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/
379 B
460 B
Image
General
Full URL
https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77a839fdcd5d30ced4fa6ca4dce35057cdb7e31f420b1f89fec3491cdf8c3f84
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Tue, 02 May 2023 08:01:09 GMT
server
cloudflare
cf-cache-status
HIT
age
10185472
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd55b492685-TXL
alt-svc
h3=":443"; ma=86400
expires
Thu, 05 Dec 2024 05:49:05 GMT
bubble_comment_white.svg
www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/
676 B
672 B
Image
General
Full URL
https://www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
cf-cache-status
HIT
age
10366503
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd55b4a2685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 16 Dec 2024 03:37:22 GMT
vulture_red.svg
www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/
1 KB
745 B
Image
General
Full URL
https://www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe083388f76e3adf62d2125ca792e750c814b06694f2362469ac82bb34a8e970
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 09:37:24 GMT
server
cloudflare
cf-cache-status
HIT
age
10448866
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd4af132675-TXL
alt-svc
h3=":443"; ma=86400
expires
Fri, 06 Dec 2024 02:17:40 GMT
social_share_icon.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/
659 B
642 B
Image
General
Full URL
https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Mon, 07 Jun 2021 08:01:18 GMT
server
cloudflare
cf-cache-status
HIT
age
10357209
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd55b4c2685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Nov 2024 04:44:43 GMT
vulture_white.png
www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/
403 B
528 B
Image
General
Full URL
https://www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b711585f391ac5f348dc41253cf4ffba5d49ed997c17170c1fe2498ff13ea817
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1220757
alt-svc
h3=":443"; ma=86400
content-length
403
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
cf-ray
8682abd4cf252675-TXL
expires
Mon, 23 Dec 2024 06:07:02 GMT
arrow_down_grey.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
332 B
488 B
Image
General
Full URL
https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36bce10d171ed5978f6c03925eca36a2cff5da27ad1c9ccba2bb74b7d230b750
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Sat, 18 Apr 2020 08:30:21 GMT
server
cloudflare
cf-cache-status
HIT
age
10114442
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd55b4d2685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 17 Dec 2024 09:42:12 GMT
bubble_comment_white.svg
www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/
676 B
672 B
Image
General
Full URL
https://www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
cf-cache-status
HIT
age
10366503
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd55b502685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 16 Dec 2024 03:37:22 GMT
social_share_icon.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/
659 B
642 B
Image
General
Full URL
https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Mon, 07 Jun 2021 08:01:18 GMT
server
cloudflare
cf-cache-status
HIT
age
10357209
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd55b512685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Nov 2024 04:44:43 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 22 Mar 2024 01:48:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1610
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 22 Mar 2024 03:48:08 GMT
reddit.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/
2 KB
1 KB
Image
General
Full URL
https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/reddit.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccc879574756f32c9592427da6cd1248dd799b84b8ffaa746adcf447b17860a5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 09:36:45 GMT
server
cloudflare
cf-cache-status
HIT
age
1220753
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd57b5d2685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 24 Dec 2024 04:18:00 GMT
twitter.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/
2 KB
932 B
Image
General
Full URL
https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/twitter.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b27718b0495bdcff98dc2358a0cf76271178c7e83b000f336610fc8994316ef1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 09:36:45 GMT
server
cloudflare
cf-cache-status
HIT
age
6651493
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy03gb
cf-ray
8682abd57b5f2685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 24 Dec 2024 08:53:04 GMT
facebook.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/
1 KB
824 B
Image
General
Full URL
https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/facebook.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed1744324b3aad05fe51ed96e388004a4716276884a66b9abd5cef359140d5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 09:36:45 GMT
server
cloudflare
cf-cache-status
HIT
age
10199790
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd57b602685-TXL
alt-svc
h3=":443"; ma=86400
expires
Sun, 24 Nov 2024 07:47:37 GMT
linkedin.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/
2 KB
977 B
Image
General
Full URL
https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/linkedin.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41ef905e7d332a03311b4bb48d3894bccf04d8856a0e0a98ae98683538966025
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 09:36:45 GMT
server
cloudflare
cf-cache-status
HIT
age
697504
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd57b632685-TXL
alt-svc
h3=":443"; ma=86400
expires
Mon, 02 Dec 2024 09:39:17 GMT
whatsapp.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/
2 KB
957 B
Image
General
Full URL
https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/whatsapp.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9d5ce7773dac38eff9082e13c7bc4307a7c4ba5e76cd95a2eb0faa0de662e34
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/story_only.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 09:36:45 GMT
server
cloudflare
cf-cache-status
HIT
age
1220753
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd57b652685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 24 Dec 2024 06:04:22 GMT
bubble_comment_white.svg
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/
676 B
673 B
Image
General
Full URL
https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/bubble_comment_white.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/design.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/design.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
cf-cache-status
HIT
age
10196268
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy01gb
cf-ray
8682abd57b662685-TXL
alt-svc
h3=":443"; ma=86400
expires
Thu, 05 Dec 2024 02:09:10 GMT
bubble_comment_black.svg
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/
892 B
789 B
Image
General
Full URL
https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/bubble_comment_black.svg
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/design.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87d683ea3dda6066a1310b46c0e7bceec150db90ef0f33de34b15270f189479c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/css/f23d8736b372b1dcc8d0a2869f19a378bc0f8cf8/design.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
x-content-type-options
nosniff
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
cf-cache-status
HIT
age
10446353
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=33696000
x-reg-bofh
pfy02gb
cf-ray
8682abd57b682685-TXL
alt-svc
h3=":443"; ma=86400
expires
Tue, 26 Nov 2024 01:48:34 GMT
sitpublogo_2022.png
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/
14 KB
14 KB
Image
General
Full URL
https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
895e89f001dfc3127dd17ddb0cb92ee4f8bd511cb26f1dd89d5cc06f35a2f991
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1220033
alt-svc
h3=":443"; ma=86400
content-length
14369
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Wed, 02 Nov 2022 15:19:53 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy01gb
cf-ray
8682abd59b7f2685-TXL
expires
Tue, 24 Dec 2024 02:51:22 GMT
pubads_impl.js
pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/
439 KB
138 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
df9592b48b705333bf1569635691c5cac45c37b62b12e6d0ac21f85d4bb5254b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 10:08:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
57975
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141349
x-xss-protection
0
server
cafe
etag
11472626096978793655
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 21 Mar 2025 10:08:43 GMT
collect
www.google-analytics.com/
35 B
194 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=115113610&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F03%2F21%2Fkimsuky_chm_file_campaign%2F&ul=en-us&de=UTF-8&dt=North%20Korea%27s%20Kimsuky%20gang%20now%20exploiting%20Windows%20Help%20files%20%E2%80%A2%20The%20Register&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEAAAAABAAAAAAAAIk~&cid=1474713642.1711073698&tid=UA-33330076-1&_gid=343536475.1711073698&cd2=Simon%20Sharwood&cd3=reg_security%2Fresearch&cd4=www%20story&cd5=news&cd6=(reg_unknown)&cd7=%2Capac%2Cmicrosoft%2Coperating%20system%2Csecurity%2C&cd8=noconsent&cd9=noconsent&cd10=noconsent&cd11=noconsent&cd12=noconsent&cd13=noconsent&cd14=noconsent&cd15=noconsent&cd16=noconsent&cd17=noconsent&cd18=232980&cd19=security%2Fresearch&cd20=%2Ccybercrime%2Cmalware%2Cnorth%20korea%2Csouth%20korea%2Cwindows%2C&cd21=noconsent&cd22=noconsent&cd23=noconsent&z=1871461706
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Mar 2024 22:00:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
15249
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
295 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
38ea1d0b7ee623a4e05f836b4587c1eae84b22df4f54fdb88dce07f907aedd6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99683
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 22 Mar 2024 02:14:58 GMT
ads.js
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/
27 B
283 B
XHR
General
Full URL
https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ads.js
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/design_picker/07d150ec3d6df4af46fa44af9b1540a83d36e310/javascript/_.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
10282179
alt-svc
h3=":443"; ma=86400
content-length
27
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy01gb
cf-ray
8682abd6dc622685-TXL
expires
Tue, 26 Nov 2024 01:51:51 GMT
ads
pagead2.googlesyndication.com/gampad/
175 KB
35 KB
Fetch
General
Full URL
https://pagead2.googlesyndication.com/gampad/ads?pvsid=1241717146606912&correlator=3892312185421499&eid=31079956%2C31082083%2C31079527&output=ldjh&gdfp_req=1&vrg=202403200101&ptt=17&impl=fifs&ltd=1&ltd_cs=1&npa=1&iu_parts=6978%2Creg_security%2Cresearch&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1x1%2C320x50%7C970x90%7C970x91%7C970x250%7C970x251%7C1200x270%7C1200x271%7C728x90%7C728x91%2C320x50%7C970x250%7C970x252%7C970x90%7C970x92%7C1200x270%7C1200x272%7C1200x600%7C1200x602%7C728x90%7C728x92%7C300x250%7C300x252%2C300x250%7C300x253%7C300x600%7C300x603%2C320x50%7C970x250%7C970x254%7C970x90%7C970x94%7C1200x270%7C1200x274%7C1200x600%7C1200x604%7C300x250%7C300x254%7C728x90%7C728x94%2C320x50%7C970x250%7C970x255%7C970x90%7C970x95%7C1200x270%7C1200x275%7C1200x600%7C1200x605%7C300x250%7C300x255%7C728x90%7C728x95&fluid=0%2Cheight%2Cheight%2C0%2Cheight%2Cheight&ifi=1&sfv=1-0-40&ists=32&sc=1&abxe=1&dt=1711073698382&lmt=1711073698&adxs=-12245933%2C15%2C15%2C1100%2C15%2C15&adys=-12245933%2C82%2C772%2C1056%2C2430%2C2931&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0%7C0%7C1%7C2&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theregister.com%2F2024%2F03%2F21%2Fkimsuky_chm_file_campaign%2F&vis=1&psz=1200x3305%7C1200x3305%7C662x1682%7C300x633%7C1200x683%7C1200x787&msz=1200x0%7C1570x90%7C1570x250%7C300x600%7C1570x90%7C1570x90&fws=132%2C4%2C4%2C516%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600&ga_vid=1474713642.1711073698&ga_sid=1711073698&ga_hid=115113610&ga_fc=false&dlt=1711073698010&idt=331&prev_scp=pos%3Dtop%26raptor%3Dkite%26unitnum%3D1%7Cpos%3Dtop%26raptor%3Dcondor%26unitnum%3D2%7Cpos%3Dtop%26raptor%3Dfalcon%26unitnum%3D4%7Cpos%3Dmid%26raptor%3Deagle%26unitnum%3D5%7Cpos%3Dbtm%26raptor%3Dhawk%26unitnum%3D8%7Cpos%3Dbtm%26raptor%3Dowl%26unitnum%3D9&cust_params=test%3D0%26li%3Dnull%26uid%3Dnull%26sc%3Dnoconsent%26bwidth%3D16%26bheight%3D12%26orientation%3Dlandscape%26mm_segments%3Dnoconsent%26reg_vfc%3Dnoconsent%26reg_bet%3Dnoconsent%26reg_noz%3Dnoconsent%26tpt%3Dwww%2520story%26pid%3D232980%26pt%3Da%26axc%3Dnull%26kw%3Dcybercrime%252Cmalware%252Cnorth%2520korea%252Csouth%2520korea%252Cwindows%26cat%3Dnews%26tag%3Dnull%26author%3DSimon%252520Sharwood%26year%3D2024%26nsfw%3Dnull%26np%3D18%26eac%3D6%26ct%3Ds-async&adks=2350305695%2C3814916925%2C3428499265%2C2844724745%2C1747228704%2C28022520&frm=20
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25f12f700c3692f25f8a7571319d6e62e7e0d837734202d5122413a9bf1f84bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35352
x-xss-protection
0
google-lineitem-id
-2,-1,6694489661,6556321163,6694489661,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-1,138468611379,138464753345,138468751934,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.theregister.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0AF5
6 KB
3 KB
Document
General
Full URL
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Sat, 22 Mar 2025 02:14:58 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je43k0v887771649za200&_p=1711073698169&gcs=G100&gcd=13p3p3l2l7&npa=1&dma_cps=sypham&dma=1&cid=1474713642.1711073698&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=denied&_eu=Ag&_s=1&sid=1711073698&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F03%2F21%2Fkimsuky_chm_file_campaign%2F&dt=North%20Korea%27s%20Kimsuky%20gang%20now%20exploiting%20Windows%20Help%20files%20%E2%80%A2%20The%20Register&en=page_view&_fv=1&_ss=1&_ee=1&ep.anonymize_ip=true&ep.reg_uid=(reg_unknown)&ep.reg_alm=(reg_unknown)&ep.reg_auth=Simon%20Sharwood&ep.reg_cat=news&ep.reg_pt=www%20story&ep.reg_sec=reg_security%2Fresearch&ep.reg_uls=noconsent&ep.reg_prev_pt=noconsent&ep.reg_prev_ut=noconsent&ep.reg_d11=noconsent&ep.reg_d12=noconsent&ep.reg_d14=noconsent&ep.reg_ded=noconsent&ep.reg_dorg=noconsent&ep.reg_ab_var=noconsent&ep.reg_seg=noconsent&ep.reg_aid=232980&ep.reg_asec=security%2Fresearch&ep.reg_akw=%2Ccybercrime%2Cmalware%2Cnorth%20korea%2Csouth%20korea%2Cwindows%2C&ep.reg_akwp=%2Capac%2Cmicrosoft%2Coperating%20system%2Csecurity%2C&ep.reg_noz=noconsent&ep.reg_vfc=noconsent&ep.reg_bet=noconsent&tfd=688
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Mar 2024 02:14:58 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.theregister.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
257 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je43k0v887771649za200&_p=1711073698169&gcs=G100&gcd=13p3p3l2l7&npa=1&dma_cps=sypham&dma=1&cid=1474713642.1711073698&ul=en-us&sr=1600x1200&pscdl=denied&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=2&sid=1711073698&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F03%2F21%2Fkimsuky_chm_file_campaign%2F&dt=North%20Korea%27s%20Kimsuky%20gang%20now%20exploiting%20Windows%20Help%20files%20%E2%80%A2%20The%20Register&cu=GBP&en=ga4_2019_04_26_homepage___article&_c=1&ep.anonymize_ip=true&ep.reg_uid=(reg_unknown)&ep.reg_alm=(reg_unknown)&ep.reg_auth=Simon%20Sharwood&ep.reg_cat=news&ep.reg_pt=www%20story&ep.reg_sec=reg_security%2Fresearch&ep.reg_uls=noconsent&ep.reg_prev_pt=noconsent&ep.reg_prev_ut=noconsent&ep.reg_d11=noconsent&ep.reg_d12=noconsent&ep.reg_d14=noconsent&ep.reg_ded=noconsent&ep.reg_dorg=noconsent&ep.reg_ab_var=noconsent&ep.reg_seg=noconsent&ep.reg_aid=232980&ep.reg_asec=security%2Fresearch&ep.reg_akw=%2Ccybercrime%2Cmalware%2Cnorth%20korea%2Csouth%20korea%2Cwindows%2C&ep.reg_akwp=%2Capac%2Cmicrosoft%2Coperating%20system%2Csecurity%2C&ep.reg_noz=noconsent&ep.reg_vfc=noconsent&ep.reg_bet=noconsent&epn.value=0&_et=3&tfd=691
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Mar 2024 02:14:58 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.theregister.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202403200101&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6bf0aa2673a4aad8f5b804c94bd8cde46a61c1460517665d222dd3d724260244
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12350
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.theregister.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 22 Mar 2024 02:14:58 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A70A
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
56722
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 21 Mar 2024 10:29:36 GMT
expires
Fri, 21 Mar 2025 10:29:36 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A1E5
6 KB
3 KB
Document
General
Full URL
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Sat, 22 Mar 2025 02:14:58 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BE43
6 KB
3 KB
Document
General
Full URL
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Sat, 22 Mar 2025 02:14:58 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DF38
6 KB
3 KB
Document
General
Full URL
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Sat, 22 Mar 2025 02:14:58 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B909
6 KB
3 KB
Document
General
Full URL
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Sat, 22 Mar 2025 02:14:58 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8EF6
6 KB
3 KB
Document
General
Full URL
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202403200101/pubads_impl.js?cb=31082083
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Sat, 22 Mar 2025 02:14:58 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
afr.php
ads.eu.criteo.com/delivery/r/ Frame 3E18
211 KB
60 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZfzpogAILSwBdQBjAApN49T2uxeUPiOeC5CBWg&u=%7CxegoyolpfCiiXYDjVj9ZfH63EoQgeDtsvYx0nCvchKk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoLzx4AFin92sMRYroPqV_xB2E55C5w-iXtMMikLYkDPiqZCNzNFOUekANB8ZIxZJPpNVcHIeodVMROFuKgHChhj_Aw-S6GOZ9VLmsl7rx-PAIViuVYdIRQtKAaVxtO8WyXj_UB5YqhszuY78wPt5DXm4YK9o3xPIL1tqi_FH6olmJK9CCeWUV6S7G0zDbz2F14_E4UlHhH8UdrL-Ne8qca8Oj1WDSVUna5svzv9R0DlW2C3CTV9uJEo1hWXzPMiU3Y9ceu12AgJAhbdZUa03VtxxUh0esTnE6sqIzdUM2PdYaMFDFWlE_rGArDbMEUl4jp1eecrsDGapMQ929YB0YXQzmqGH28wmjXwDTe_1xG53V8-MeQDKZoGHuPjYX7bHtBn6U2BceMHVdNY7gNTXZEnnreGveSkIZrlS3f95Vw14iyKYpWvynq4rsLrTc8p4gZ2YfMZe9cVszjxOlLqtFDW_UD1wpruAmNlLQ9fC_xqnJLVUfwrJtT6GcWys2TT-RUACMlJXl5Sd4PIpr4aHG7cW61d9yg3RuFm9UoKOYF4LbI40bNwjta99IOdrCQ_2wRxK7lsn6x7OZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLNWwoun8ZazaIOOA1LsP45upiAXJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzIzMDkzODY5NDEyMDIzNMgBCakCSyvHseQ4sj7gAgCoAwHIAwKqBJgCT9AUwqTcdaiMpMMNp7GoT6YELkyEuIerinUcWQFcG23szERCYLF8fpHqdANvOI0JW_Pw-vpk7IIoJgviOSpEpHLelCxA3w5aLfZ48tS0zeTdWj6802W9iAAoBwNLQXUXEuJUV2M_ZyPccZ1ue8-SmGJVi2HfRg_hr3ZydyCUMFb8FfHVaJbyWLGqHwLg4N84j6maZkbihefzh_Hb4JCrvCWFGLKa8URyWsd2vSZuthR-DyPiSers2ynzvMtPrcfMJiI_lirXn4MxPwxULfZ7w0WjbuZEV9_XpZDCa6eCWtsOf0qfkDN2eyWU4HJ6kTIjV-NenqK56CwG60xQuPE98HmCtnQ5jom3R9N_euPUiU_kUnWWS_WzveAEAYAGq-7fsO7dlNnsAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCoIkeGAcBABMgfri4Dgv4ANOgqAgASAgICAgJQoSL39wTpYmrfvn-aGhQP6CwIIAYAMAeINEwjm8u-f5oaFAxVjAHUBHeNNClHQFQGAFwE%26num%3D1%26sig%3DAOD64_0QWZnny2rqlY2VIBK9DkSLYtDobQ%26client%3Dca-pub-3230938694120234%26adurl%3D
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
96322495036b7aa5e7715b8c3bc57510a9d74d200e8340c1a08bbd17644f6d93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=PCOIOi2zL1gkbn1UtMSU6QWwcdxR2VZB3dh6zfL2oJpHUtNqRA6dokchlMME7dfEAlp7CUl_D1UC3FUGvbxAzktxxobLRy8lw3FpT-Af98hE7Fd3BnCtTLlQeblZlcxwUAY2l3tt1vHZecx9tx2P6IKcBROBFbExHwpXvuAJbVi-Tu1UURKQi7-SW0abScqReJQhnXty0gafDeC5UKQ62srIMDFKDonHNZFAenlpTWUdvz6VzFiLAx_eYdiZMqyXBPznfw"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
72774934
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame A1E5
3 KB
1 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/window_focus_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
qs_click_protection_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame A1E5
20 KB
8 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8355
x-xss-protection
0
server
cafe
etag
17564575596476239644
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame A1E5
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 06:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
242620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Mar 2025 06:51:19 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame A1E5
206 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
585
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63909
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Mar 2024 03:05:14 GMT
ClgGLJT-anMFFp_jPcSPgTpNjWBfoBtPLqdYJvwYrrQ.js
pagead2.googlesyndication.com/bg/ Frame A70A
40 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/ClgGLJT-anMFFp_jPcSPgTpNjWBfoBtPLqdYJvwYrrQ.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a58062c94fe6a7305169fe33dc48f813a4d8d605fa01b4f2ea75826fc18aeb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 12:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
50985
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15865
x-xss-protection
0
last-modified
Thu, 14 Mar 2024 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 21 Mar 2025 12:05:14 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame BE43
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9106
x-xss-protection
0
server
cafe
etag
8408112003982630589
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
dfa7banner_html_inpage_rendering_lib_200_268.js
s0.2mdn.net/879366/ Frame BE43
109 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/dfa7banner_html_inpage_rendering_lib_200_268.js
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d28830ef0fdeba41bc402b8b12341e929c6c66db8fe512deb2b1baa9611745b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
Origin
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 17:53:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30099
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38568
x-xss-protection
0
last-modified
Tue, 14 Jan 2020 17:35:50 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 22 Mar 2024 17:53:20 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame BE43
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 06:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
242620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Mar 2025 06:51:19 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame BE43
206 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
585
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63909
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Mar 2024 03:05:14 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame DF38
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 06:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
242620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Mar 2025 06:51:19 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame DF38
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9106
x-xss-protection
0
server
cafe
etag
8408112003982630589
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame DF38
206 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
585
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63909
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Mar 2024 03:05:14 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame B909
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9106
x-xss-protection
0
server
cafe
etag
8408112003982630589
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
dfa7banner_html_inpage_rendering_lib_200_268.js
s0.2mdn.net/879366/ Frame B909
109 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/dfa7banner_html_inpage_rendering_lib_200_268.js
Requested by
Host: www.theregister.com
URL: https://www.theregister.com/2024/03/21/kimsuky_chm_file_campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d28830ef0fdeba41bc402b8b12341e929c6c66db8fe512deb2b1baa9611745b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
Origin
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 17:53:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30099
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38568
x-xss-protection
0
last-modified
Tue, 14 Jan 2020 17:35:50 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 22 Mar 2024 17:53:20 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame B909
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 06:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
242620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Mar 2025 06:51:19 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame B909
206 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
585
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63909
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Mar 2024 03:05:14 GMT
afr.php
ads.eu.criteo.com/delivery/r/ Frame 71EF
158 KB
51 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZfzpogAILTABdQBjAApN4wQaBaYK5hAMd85Rng&u=%7CxegoyolpfChI6JsOSX%2BCIEdIeTLlfcUAXxAGgSDFd3M%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoL8ODOuy5afyUT0ttBH0WyPomw2iQPPmfN0jHet-263msp7xpg0EEEWy4q765RaJEs4_FWgxgXK8xlVtOEA0TtZq0ue_vr7pwWclVOgqxjKTakDtql5t-LdWv57XeW55gav7A7pyTgmJgE2NhPbY1cZD5h-a3eKIt6ZY5k_GdpudPdqTgZS7OA_pRLcbepv3Ird3rjL4pSYrXA6MEf_VT7hH59gSa1uiyB3pCOX4P_QUrjD7rD0a-pu_-56sZpgCekvPd1bHEYGtXkXaJshAUOnxiq-VJGsjaQWRfz2nNSGccsxmEKee8ZkvrpId_x9cIE70kIeqw03Gswhha3snaz4fh0D3-KHztKUdPGLWmtUpvinmA-ojwkoX7dPfL5bHBGFP8VjTcl6rYOMBT2S6vtmzNQOsppjF2V3bmjjiZaMpQwHlKwCA56IwYBUTRI_Yaz1lNVxVYT3UvtYu1EQZ6iZcJlQSVWEKdlwNt4OtZ-P4_bP6HzFJGEL1_LhuyHK9puMHOkou7AxtBJs9Fv5OeeL2uOMGjWyR-ZMGc-KXaaPt_WjzT3_vZxkk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPqthoun8ZbDaIOOA1LsP45upiAXJntKxXNWdkfdwwI23ARABIABglQKCARdjYS1wdWItMzIzMDkzODY5NDEyMDIzNMgBCakCSyvHseQ4sj7gAgCoAwHIAwKqBJ4CT9D2dRpe1YC3oY8xoEaJjJr7uuyURJIjVOlxt6we9wnaCcUzp4AZT5KUcK-qBrWwZhu3FUzneXhWw8ZHGT-Nki5qB28rR3e1svQxetM_KuK7FYhcoRzN6wl5XlXjkoPMUuP9Bo37MILiMakwwSwui28v-0rdEgMxsYdN_Dk3NXtZoeaM9fXZz2vughDaCYmqrSAqLxe9gP8vsLHowsQME-fLHty3skLaNkXoP1HYNonqPLl3Qa8nLFzjXyM2w9K_YvofVby3L-eGX75txwlxTjsK4uYiMOMyWzYFHBay2bydiMqw6iJwtryIX_kpqZv72iyWnlBOOCD9_abde1FDbMsy5r5-sHqC_dnH6d2dNIiDULtqO-SZW0vSKBsG1-AEAYAGwa2c6Zvc_7HXAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCoIkeGAcBABMgfri4Dgv4ANOgqAgASAgICAgJQoSL39wTpYmrfvn-aGhQP6CwIIAYAMAeINEwjq8u-f5oaFAxVjAHUBHeNNClHQFQGAFwE%26num%3D1%26sig%3DAOD64_2ENkVWIZh6LvAI_DCAEy_ZfaotHQ%26client%3Dca-pub-3230938694120234%26adurl%3D
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7dda2b46553bb9ffc27d3bc6efa45ceb79fb38dc8f18a6816ae017836e8e7c5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Fri, 22 Mar 2024 02:14:58 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=2GByaS2zL1gkbn1US1tRY1Y0Cl-hB37MQSv-FaIF3eclklAlC6OZ6NNNxYMeLyXWhie8uNCWnD9E2TVioOlOqe3S3ybPJYdQGHCVSDanSvicX9Zv_SL7pv_Ul9x3UYcO0uSD4MHbo_HF6L5s9yDLcSpN5NG2u8TSIpXfoMYq3iF_ypjlf3Qo612H2S5jPrAC_i8kM0vs-gG0-n8BuVFX5k3DDOpWJuHNe0K3OyJSFNDPtWwPz0k94uCIeu0fiO5HIa2h2w"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
49049029
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 8EF6
3 KB
1 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/window_focus_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
qs_click_protection_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 8EF6
20 KB
8 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 22:23:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
13873
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8355
x-xss-protection
0
server
cafe
etag
17564575596476239644
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Apr 2024 22:23:46 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8EF6
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 06:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
242620
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Mar 2025 06:51:19 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 8EF6
206 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
585
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63909
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 22 Mar 2024 03:05:14 GMT
truncated
/ Frame A1E5
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
104a85552642dc0b1a974d08335757fc38981cbf45d2bed844a0aee2fab383a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
image/png
view
pagead2.googlesyndication.com/pcs/ Frame DF38
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsvyOpTDLGbLHymz1Pm08Mz_PsJWcyJjfGvUSaKGqFrtFH9lYY-JBIOxsFiEqz63qf_S-pVc1bdb9QTGUuU3axSyqcggh56xZy9fJevdJFG2GxvuMjLv7E-hYVEvEX1HwBDeCOqpCC_KdJ4usdtkXcAdC0wSU2ATv_SamldCZBWnxQxcZ-9y8-btbLOm8cFnD8hrcm6FdjxPJPGNPH5FJdmf2PrTrsJpiNUyFDPyhOvC94xsXQBuuaydUxhvGO_AG0GpSZd5k72Fk9UGXt0fc1_NX7KH9zcjP6ymwvN77Ffh5iBWNUNpWiYjZwk2uesEso9hdIpunWUzP9WZ9vLEES3s1JUm5Es-P7jsIJaCF9igj6FrAkqY0tgzJLUd0VOFssRI3MzdYYclTG09&sig=Cg0ArKJSzA-JdEYnKc1NEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 02:14:59 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
BXO0jYNp
n56vhidqbtj.typeform.com/to/ Frame C48F
199 KB
64 KB
Document
General
Full URL
https://n56vhidqbtj.typeform.com/to/BXO0jYNp
Requested by
Host: 189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com
URL: https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.134.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-134-154.compute-1.amazonaws.com
Software
istio-envoy / 8916-7.132.0
Resource Hash
f02db617ab9845e52466dd39fd7ae1fc41aa08f90e78ffd380b216bb6891668c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://189660a98e07bca55e2cac8974d8740c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Typeform-Key, Content-Type, Authorization, Typeform-Version, typeform-app
access-control-allow-methods
GET, OPTIONS, POST, PUT, PATCH, DELETE
access-control-expose-headers
Location, X-Request-Id
age
121032
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
63779
content-security-policy-report-only
report-uri https://typeformforms.report-uri.com/r/t/csp/reportOnly; default-src 'self' https: data: blob: chrome-extension: moz-extension: safari-extension:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https:; worker-src 'self' blob:; manifest-src public-assets.typeform.com; form-action 'none'; frame-ancestors 'self' http://localhost:* capacitor: iconic: https:; base-uri 'self'; child-src wvjbscheme: https:; connect-src 'self' wss: https: chrome-extension: moz-extension: safari-extension:; style-src 'self' 'unsafe-inline' https:
content-type
text/html; charset=utf-8
date
Fri, 22 Mar 2024 02:14:59 GMT
pragma
no-cache
server
istio-envoy
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-cache
HIT
x-cache-lookup
HIT
x-envoy-upstream-service-time
0
x-powered-by
8916-7.132.0
x-varnish
93523912 58540210
truncated
/ Frame 8EF6
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc0664f87e8e889a7ab90e82cb599aa7557fd5dd188a79ac8c320640b48b4c7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
image/png
view
pagead2.googlesyndication.com/pcs/ Frame DF38
0
0
Fetch