URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Submission: On May 18 via api from US

Summary

This website contacted 18 IPs in 3 countries across 13 domains to perform 67 HTTP transactions. The main IP is 2606:4700::6811:3b4c, located in United States and belongs to CLOUDFLARENET, US. The main domain is blog.talosintelligence.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 1st 2020. Valid for: a year.
This is the only time blog.talosintelligence.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
17 1.bp.blogspot.com blog.talosintelligence.com
13 www.talosintelligence.com blog.talosintelligence.com
10 www.blogger.com 1 redirects blog.talosintelligence.com
www.blogger.com
5 open.scdn.co open.spotify.com
3 resources.blogblog.com blog.talosintelligence.com
www.blogger.com
3 fonts.gstatic.com fonts.googleapis.com
3 blog.talosintelligence.com blog.talosintelligence.com
static.cloudflareinsights.com
2 gew-spclient.spotify.com open.scdn.co
2 www.google-analytics.com blog.talosintelligence.com
www.google-analytics.com
2 open.spotify.com blog.talosintelligence.com
open.scdn.co
1 www.google.com www.blogger.com
1 apresolve.spotify.com open.scdn.co
1 o22381.ingest.sentry.io open.scdn.co
1 i.scdn.co open.spotify.com
1 stats.g.doubleclick.net www.google-analytics.com
1 static.cloudflareinsights.com blog.talosintelligence.com
1 accounts.google.com 1 redirects
1 img2.blogblog.com blog.talosintelligence.com
1 fonts.googleapis.com blog.talosintelligence.com
67 19
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-01 -
2021-08-01
a year crt.sh
*.blogger.com
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh
*.google.com
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1
2021-05-03 -
2022-05-03
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.scdn.co
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-09-01
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh
*.ingest.sentry.io
R3
2021-04-27 -
2021-07-26
3 months crt.sh
www.google.com
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh

This page contains 3 frames:

Primary Page: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Frame ID: 3C5438D75755535006F57176D4D26126
Requests: 48 HTTP requests in this frame

Frame: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Frame ID: F973C3B77059B1ED6DBD835B2902A0E4
Requests: 11 HTTP requests in this frame

Frame: https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
Frame ID: 6BA64F2FBE8FCE2062833BEEEE4A4922
Requests: 7 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /^Blogger$/i

Overall confidence: 100%
Detected patterns
  • meta generator /^Blogger$/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

67
Requests

100 %
HTTPS

95 %
IPv6

13
Domains

19
Subdomains

18
IPs

3
Countries

4214 kB
Transfer

5975 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35
  • https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363 HTTP 302
  • https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D1029833275466591797%26postID%3D7666782930518017442%26blogspotRpcToken%3D748363%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D1029833275466591797%26postID%3D7666782930518017442%26blogspotRpcToken%3D748363%26bpli%3D1&passive=true&go=true HTTP 302
  • https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1

67 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request transparent-tribe-infra-and-targeting.html
blog.talosintelligence.com/2021/05/
187 KB
33 KB
Document
General
Full URL
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:3b4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb9b1260c780f395cf92d12a99df8dbef1fc7537a608a6806013ac7bc8373818
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
blog.talosintelligence.com
:scheme
https
:path
/2021/05/transparent-tribe-infra-and-targeting.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:04 GMT
content-type
text/html; charset=UTF-8
expires
Tue, 18 May 2021 08:44:04 GMT
cache-control
private, max-age=0
last-modified
Mon, 17 May 2021 18:01:42 GMT
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
cf-request-id
0a203e92ce00001772500c5000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
server
cloudflare
cf-ray
6513cd314f111772-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
115981500-css_bundle_v2.css
www.blogger.com/static/v1/widgets/
36 KB
37 KB
Stylesheet
General
Full URL
https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
22ca5e3dcd26fa66a4af4b4a5d47a6a3a17f4cb9abdd03707901758b28f5c1d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 23:27:25 GMT
x-content-type-options
nosniff
last-modified
Fri, 14 May 2021 18:28:49 GMT
server
sffe
age
292599
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36990
x-xss-protection
0
expires
Sat, 14 May 2022 23:27:25 GMT
css
fonts.googleapis.com/
15 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,300,400|Exo+2:500,400,300,100,700|Fira+Mono
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2fc708a149338bc9e4af67790f9e19d88a8f9377d6021cf2a0134688162fbe79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 18 May 2021 08:44:04 GMT
server
ESF
date
Tue, 18 May 2021 08:44:04 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 18 May 2021 08:44:04 GMT
authorization.css
www.blogger.com/dyn-css/
1 B
688 B
Stylesheet
General
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1029833275466591797&zx=4e7cabbe-5909-4cb9-8ad3-d179fcac907f
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 May 2021 08:44:04 GMT
server
GSE
date
Tue, 18 May 2021 08:44:04 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
logo_cisco_white.svg
www.talosintelligence.com/assets/
4 KB
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/logo_cisco_white.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:3b4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5d2405df2a95c974d5c0771e3a45b2dea1a2c2824cf6a917a605bf4a967c86d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:04 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81715
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e93c200001772fa3b9000000001
x-request-id
072d5183-6e88-4e43-ace5-c6adee2d8eaf
x-runtime
0.002941
server
cloudflare
etag
W/"e5d2405df2a95c974d5c0771e3a45b2dea1a2c2824cf6a917a605bf4a967c86d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd32d9e71772-FRA
expires
Wed, 19 May 2021 08:44:04 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400|Exo+2:500,400,300,100,700|Fira+Mono
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.talosintelligence.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 04:23:23 GMT
x-content-type-options
nosniff
last-modified
Mon, 05 Apr 2021 21:10:39 GMT
server
sffe
age
188441
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
expires
Mon, 16 May 2022 04:23:23 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400|Exo+2:500,400,300,100,700|Fira+Mono
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.talosintelligence.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:43:32 GMT
x-content-type-options
nosniff
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
age
457232
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
expires
Fri, 13 May 2022 01:43:32 GMT
image17.png
1.bp.blogspot.com/-a73MLoAZdfw/YJwYbCreVUI/AAAAAAAAAQ4/3vTvWfSuUuUyvf0U3Khry-gtVoKCv28aACLcBGAsYHQ/s16000/
370 KB
370 KB
Image
General
Full URL
https://1.bp.blogspot.com/-a73MLoAZdfw/YJwYbCreVUI/AAAAAAAAAQ4/3vTvWfSuUuUyvf0U3Khry-gtVoKCv28aACLcBGAsYHQ/s16000/image17.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
0500c837038a0e76f3cebee1377a80df53a86546add3a4e508a7f11d8afb7e45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 05:34:05 GMT
x-content-type-options
nosniff
age
11400
content-disposition
inline;filename="image17.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
378498
x-xss-protection
0
server
fife
etag
"v10f"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:04 GMT
image12.png
1.bp.blogspot.com/-AqXBjDWCpPg/YJwZEUxqcdI/AAAAAAAAARA/p5t4S7eCuuwtS-Jp19vBtC5eHmeqfJlpQCLcBGAsYHQ/s16000/
87 KB
87 KB
Image
General
Full URL
https://1.bp.blogspot.com/-AqXBjDWCpPg/YJwZEUxqcdI/AAAAAAAAARA/p5t4S7eCuuwtS-Jp19vBtC5eHmeqfJlpQCLcBGAsYHQ/s16000/image12.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4db7e66a4c99c6455baf6b60033a91c65b32c636b2d94655d7882680598202d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image12.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
89335
x-xss-protection
0
server
fife
etag
"v111"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:04 GMT
image15.png
1.bp.blogspot.com/-f3W8XekC6TA/YJwZe7-jmpI/AAAAAAAAARI/iOL2tpsV75Y6NbM7u0r31e-kFQ3b4vsJACLcBGAsYHQ/s16000/
56 KB
56 KB
Image
General
Full URL
https://1.bp.blogspot.com/-f3W8XekC6TA/YJwZe7-jmpI/AAAAAAAAARI/iOL2tpsV75Y6NbM7u0r31e-kFQ3b4vsJACLcBGAsYHQ/s16000/image15.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
75e191bc50cee0e969ccb8dc501916695c4fb16919f5cdb4da6d4b7e0aac4d58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image15.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57067
x-xss-protection
0
server
fife
etag
"v113"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:04 GMT
image9.png
1.bp.blogspot.com/-gSQjDvjSAmE/YJwafkAPuBI/AAAAAAAAARQ/uKPxmYsp3qofIBf19_H_dmST6qcCT0-fwCLcBGAsYHQ/s16000/
357 KB
358 KB
Image
General
Full URL
https://1.bp.blogspot.com/-gSQjDvjSAmE/YJwafkAPuBI/AAAAAAAAARQ/uKPxmYsp3qofIBf19_H_dmST6qcCT0-fwCLcBGAsYHQ/s16000/image9.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9192b16e06a3cd217ee3849187406406ffa7d21aa321ef2e992ad466bc5de869
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image9.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
365792
x-xss-protection
0
server
fife
etag
"v115"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:04 GMT
image3.png
1.bp.blogspot.com/-H8Fh8N9XUiQ/YJwa2e8PJvI/AAAAAAAAARY/vQz9a5cEDcAzeNx0dx-xinxmRYsVPBoLwCLcBGAsYHQ/s16000/
655 KB
656 KB
Image
General
Full URL
https://1.bp.blogspot.com/-H8Fh8N9XUiQ/YJwa2e8PJvI/AAAAAAAAARY/vQz9a5cEDcAzeNx0dx-xinxmRYsVPBoLwCLcBGAsYHQ/s16000/image3.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ea760d3d76b2a6da25e31dc630fcd0e2fe7be91e1a1938308410dfad0a5bbd16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image3.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
671224
x-xss-protection
0
server
fife
etag
"v117"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:04 GMT
image4.png
1.bp.blogspot.com/-EN36MOjGO4Q/YJwbiXRikbI/AAAAAAAAARg/sG3I_Eaezf4wlaztJ0kdAKt54vYahdWvACLcBGAsYHQ/s16000/
144 KB
144 KB
Image
General
Full URL
https://1.bp.blogspot.com/-EN36MOjGO4Q/YJwbiXRikbI/AAAAAAAAARg/sG3I_Eaezf4wlaztJ0kdAKt54vYahdWvACLcBGAsYHQ/s16000/image4.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
385207f20b5339c8de012b93c6a79e86a72ddbb98aa55390b3ab773aa6b76010
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image4.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147195
x-xss-protection
0
server
fife
etag
"v119"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:05 GMT
image2.png
1.bp.blogspot.com/-Ga6ioiS2cZ4/YJwb5YuMEEI/AAAAAAAAARo/UMSff1gkuiM3TkmWJegfrWOaQGFty7t7wCLcBGAsYHQ/s16000/
69 KB
69 KB
Image
General
Full URL
https://1.bp.blogspot.com/-Ga6ioiS2cZ4/YJwb5YuMEEI/AAAAAAAAARo/UMSff1gkuiM3TkmWJegfrWOaQGFty7t7wCLcBGAsYHQ/s16000/image2.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
70283e21b9766b5bdebdc08a89760b935fb99d8bf25695b9dbf8f74553783b0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image2.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70159
x-xss-protection
0
server
fife
etag
"v11d"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:05 GMT
image16.png
1.bp.blogspot.com/-dlfVi7r-Ddg/YJwcEUEfBBI/AAAAAAAAARs/dmQnNgNd8XkONjteZsnO3P-Gd7tVaw2wgCLcBGAsYHQ/s16000/
167 KB
167 KB
Image
General
Full URL
https://1.bp.blogspot.com/-dlfVi7r-Ddg/YJwcEUEfBBI/AAAAAAAAARs/dmQnNgNd8XkONjteZsnO3P-Gd7tVaw2wgCLcBGAsYHQ/s16000/image16.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
784c7a163770aa20e46cb984eeffbded5e6d9d913d36c96da061fa8041749050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image16.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
171005
x-xss-protection
0
server
fife
etag
"v11d"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:05 GMT
image14.png
1.bp.blogspot.com/-ndCWxslxXos/YJwcQje9QkI/AAAAAAAAARw/PaV0w0948xMXbjdrghNWLhdCHA2BFmC9wCLcBGAsYHQ/s16000/
122 KB
122 KB
Image
General
Full URL
https://1.bp.blogspot.com/-ndCWxslxXos/YJwcQje9QkI/AAAAAAAAARw/PaV0w0948xMXbjdrghNWLhdCHA2BFmC9wCLcBGAsYHQ/s16000/image14.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8596fa31e572f4f319150599761f0261bed3edf14a31bfe525395a507d6ac9d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image14.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
124883
x-xss-protection
0
server
fife
etag
"v11d"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:05 GMT
image1.png
1.bp.blogspot.com/-EEvBUzG-lXA/YJwcxG7QNlI/AAAAAAAAAR4/VqSCm0hqhdIXBPJsLJAKL4MorypBgGgkwCLcBGAsYHQ/s16000/
204 KB
204 KB
Image
General
Full URL
https://1.bp.blogspot.com/-EEvBUzG-lXA/YJwcxG7QNlI/AAAAAAAAAR4/VqSCm0hqhdIXBPJsLJAKL4MorypBgGgkwCLcBGAsYHQ/s16000/image1.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
768b1698c212fb73544aef1db15025c5c9fa6d2d409870936edf02a87e39530a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image1.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
209191
x-xss-protection
0
server
fife
etag
"v120"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:05 GMT
image5.png
1.bp.blogspot.com/-8SZNMYkZZ84/YJwc-Mg_1FI/AAAAAAAAAR8/tIyZXEML4i8putLEOqVCvAcrNBvjsHDSgCLcBGAsYHQ/s16000/
380 KB
380 KB
Image
General
Full URL
https://1.bp.blogspot.com/-8SZNMYkZZ84/YJwc-Mg_1FI/AAAAAAAAAR8/tIyZXEML4i8putLEOqVCvAcrNBvjsHDSgCLcBGAsYHQ/s16000/image5.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8eb91515b33b4c717020c8f5c6ba4927b4b8dd018e697c2681f3dcda85d7591a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image5.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
388811
x-xss-protection
0
server
fife
etag
"v122"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:05 GMT
image8.png
1.bp.blogspot.com/-tjpClvrVdHk/YJwdNEYmnJI/AAAAAAAAASE/UUOPdIdDNvwctTjl9FqbHGCHAl4-XTl3wCLcBGAsYHQ/s16000/
145 KB
145 KB
Image
General
Full URL
https://1.bp.blogspot.com/-tjpClvrVdHk/YJwdNEYmnJI/AAAAAAAAASE/UUOPdIdDNvwctTjl9FqbHGCHAl4-XTl3wCLcBGAsYHQ/s16000/image8.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
30d97518efc27c375b5925ba5f87035273c38ea251424c7a10bec927995937cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image8.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
148280
x-xss-protection
0
server
fife
etag
"v124"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:06 GMT
image10.png
1.bp.blogspot.com/-W7qjP2lXtDE/YJwdYk11MAI/AAAAAAAAASM/w-kRAig_7l0ISx7h-KgcKrfRN0w4wJq1QCLcBGAsYHQ/s16000/
21 KB
21 KB
Image
General
Full URL
https://1.bp.blogspot.com/-W7qjP2lXtDE/YJwdYk11MAI/AAAAAAAAASM/w-kRAig_7l0ISx7h-KgcKrfRN0w4wJq1QCLcBGAsYHQ/s16000/image10.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c95c4d412dcab57d6c1788e3133cff83a2eb459c94bde0131e9ed0871039277c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image10.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21569
x-xss-protection
0
server
fife
etag
"v126"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:06 GMT
image13.png
1.bp.blogspot.com/-FXfxomwHEg0/YJwdlG8WTjI/AAAAAAAAASU/gJpX7ilR3VgR1iAiTQKAllc6gA5ubKcXQCLcBGAsYHQ/s16000/
120 KB
120 KB
Image
General
Full URL
https://1.bp.blogspot.com/-FXfxomwHEg0/YJwdlG8WTjI/AAAAAAAAASU/gJpX7ilR3VgR1iAiTQKAllc6gA5ubKcXQCLcBGAsYHQ/s16000/image13.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c768d5a9bdb6c5ce9b4369da088ab5d26c1dffaad1abe212bf99868b6cfde668
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image13.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
123191
x-xss-protection
0
server
fife
etag
"v128"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:06 GMT
image6.png
1.bp.blogspot.com/-oBzmpWi1X-o/YJwdwoGJQpI/AAAAAAAAASc/BtLSmYMkf_gtPqnVdyZNPc_1QFpqL255QCLcBGAsYHQ/s0/
10 KB
10 KB
Image
General
Full URL
https://1.bp.blogspot.com/-oBzmpWi1X-o/YJwdwoGJQpI/AAAAAAAAASc/BtLSmYMkf_gtPqnVdyZNPc_1QFpqL255QCLcBGAsYHQ/s0/image6.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d7992466071814c0f05beaa30522153589bb1c55d198944d3ad7f96763961f57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image6.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10375
x-xss-protection
0
server
fife
etag
"v12a"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:06 GMT
image7.png
1.bp.blogspot.com/-UzmQJqsTdB8/YJwd6gtL0NI/AAAAAAAAASk/ypI0W0jQT34F2iljdz1ZVO2lNnhMWVXkACLcBGAsYHQ/s0/
3 KB
3 KB
Image
General
Full URL
https://1.bp.blogspot.com/-UzmQJqsTdB8/YJwd6gtL0NI/AAAAAAAAASk/ypI0W0jQT34F2iljdz1ZVO2lNnhMWVXkACLcBGAsYHQ/s0/image7.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2f90eee6bf178d6c4d800444f2ece7695b3c0d5a15e1eaa6c00ea229c1f91e5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image7.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3455
x-xss-protection
0
server
fife
etag
"v12c"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:06 GMT
image11.png
1.bp.blogspot.com/-q6cgZnleS8k/YJwjPgTphYI/AAAAAAAAAS4/B82hCpLQMOk6UtsFfTKeH64kfVEU4qOjwCLcBGAsYHQ/w308-h400/
58 KB
58 KB
Image
General
Full URL
https://1.bp.blogspot.com/-q6cgZnleS8k/YJwjPgTphYI/AAAAAAAAAS4/B82hCpLQMOk6UtsFfTKeH64kfVEU4qOjwCLcBGAsYHQ/w308-h400/image11.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
7207c40e773c4db6443285e83073752a89d6b0b138d6365e0552dea3cc4f8386
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 06:35:40 GMT
x-content-type-options
nosniff
age
7705
content-disposition
inline;filename="image11.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58936
x-xss-protection
0
server
fife
etag
"v12f"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 14 May 2021 12:19:06 GMT
icon18_edit_allbkg.gif
img2.blogblog.com/img/
162 B
519 B
Image
General
Full URL
https://img2.blogblog.com/img/icon18_edit_allbkg.gif
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 12 May 2021 19:40:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 11 May 2021 23:11:18 GMT
server
sffe
age
479031
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
162
x-xss-protection
0
expires
Wed, 19 May 2021 19:40:14 GMT
icon_fb-share_grey.svg
www.talosintelligence.com/assets/
851 B
967 B
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_fb-share_grey.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba5753dfae9cdac414e27b1b74973e9041d76173a44fe2151bdecc03e13599da
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9407000005b788ac8000000001
x-request-id
f5668c6e-74da-4651-90d0-5ca943beb5da
x-runtime
0.002391
server
cloudflare
etag
W/"ba5753dfae9cdac414e27b1b74973e9041d76173a44fe2151bdecc03e13599da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd333bc705b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
icon_tw-share_grey.svg
www.talosintelligence.com/assets/
1 KB
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_tw-share_grey.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f23e9081ad69daedd9c1e7c4cd22513ba3ac3160b3a032d55a307c91be730920
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9407000005b7a1a26000000001
x-request-id
a96255d1-4234-4475-aa62-d429223b3e25
x-runtime
0.003282
server
cloudflare
etag
W/"f23e9081ad69daedd9c1e7c4cd22513ba3ac3160b3a032d55a307c91be730920"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd333bc905b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
icon_li-share_grey.svg
www.talosintelligence.com/assets/
808 B
943 B
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_li-share_grey.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf55ba3b96089db93b4bd39967be8f2c908b00382937f8becb560f70bffa0ced
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9407000005b77e353000000001
x-request-id
827f6669-8d23-447c-a633-cb2ebdd13bbb
x-runtime
0.003126
server
cloudflare
etag
W/"cf55ba3b96089db93b4bd39967be8f2c908b00382937f8becb560f70bffa0ced"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd333bcd05b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
icon_re-share_grey.svg
www.talosintelligence.com/assets/
3 KB
2 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_re-share_grey.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0fb32319c8ca714cbddda23041581d8ebae13d6ad925913f5b26e1664d680d5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9409000005b7ac9e1000000001
x-request-id
060cc3cc-f27b-43c2-be08-996aa184dc67
x-runtime
0.002877
server
cloudflare
etag
W/"b0fb32319c8ca714cbddda23041581d8ebae13d6ad925913f5b26e1664d680d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd333bce05b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
icon_em-share_grey.svg
www.talosintelligence.com/assets/
835 B
952 B
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_em-share_grey.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1179f7c2d10f3ea42022f84cca8cadf9cc17acb9d2e928c79961d753b5d89275
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9407000005b7e50ad000000001
x-request-id
ea562760-4b3c-4546-848c-c93cf9f52a55
x-runtime
0.024723
server
cloudflare
etag
W/"1179f7c2d10f3ea42022f84cca8cadf9cc17acb9d2e928c79961d753b5d89275"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd333bc305b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
1706263374-comment_from_post_iframe.js
www.blogger.com/static/v1/jsbin/
13 KB
13 KB
Script
General
Full URL
https://www.blogger.com/static/v1/jsbin/1706263374-comment_from_post_iframe.js
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f357179b3067abfb538e82da01bd7e49c093ff7f0ffe266dd567b30e600fd6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 01:59:48 GMT
x-content-type-options
nosniff
last-modified
Mon, 17 May 2021 01:09:13 GMT
server
sffe
age
24257
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13390
x-xss-protection
0
expires
Wed, 18 May 2022 01:59:48 GMT
7DqBSPHYlnhsNb2Kr1WXI5
open.spotify.com/embed-podcast/episode/ Frame F973
40 KB
10 KB
Document
General
Full URL
https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
20f0d21703a645a80b7eaf2db1fd6f67d6ffc3b2cc7655e4ee1a4947d4123773
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
open.spotify.com
:scheme
https
:path
/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.talosintelligence.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.talosintelligence.com/

Response headers

server
envoy
date
Tue, 18 May 2021 08:44:05 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
e4645f92-36f5-4a96-81cd-ce8de00772a4
set-cookie
sp_t=b9fa43c66a7860a53f09a9cd2bb94d8f; path=/; expires=Wed, 18 May 2022 08:44:05 GMT; domain=.spotify.com; samesite=none; secure sp_landing=https%3A%2F%2Fopen.spotify.com%2Fembed-podcast%2Fepisode%2F7DqBSPHYlnhsNb2Kr1WXI5; path=/; expires=Wed, 19 May 2021 08:44:05 GMT; domain=.spotify.com; samesite=none; secure; httponly
content-encoding
br
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v10/
39 KB
39 KB
Font
General
Full URL
https://fonts.gstatic.com/s/exo2/v10/7cHmv4okm5zmbtYoK-4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400|Exo+2:500,400,300,100,700|Fira+Mono
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b0c93ac0aae114510c15f0e7b1e4973ec408a5b480d3f39f43cd336bc640829
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.talosintelligence.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 00:55:49 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 23:03:01 GMT
server
sffe
age
28095
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39496
x-xss-protection
0
expires
Wed, 18 May 2022 00:55:49 GMT
icon18_wrench_allbkg.png
resources.blogblog.com/img/
475 B
612 B
Image
General
Full URL
https://resources.blogblog.com/img/icon18_wrench_allbkg.png
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 15 May 2021 11:52:27 GMT
x-content-type-options
nosniff
last-modified
Fri, 14 May 2021 12:12:59 GMT
server
sffe
age
247898
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
475
x-xss-protection
0
expires
Sat, 22 May 2021 11:52:27 GMT
icon_rss_orange.svg
www.talosintelligence.com/assets/
1 KB
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_rss_orange.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29ec20506c9a93aaf3444bd98e2ecd22fe41b085002c9cdf1b1e1f8c2dc931f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
76691
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e943c000005b7982c1000000001
x-request-id
5b24af86-cc5c-43a3-b41a-95004668e361
x-runtime
0.003056
server
cloudflare
etag
W/"29ec20506c9a93aaf3444bd98e2ecd22fe41b085002c9cdf1b1e1f8c2dc931f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd339cc105b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
icon_email_orange.svg
www.talosintelligence.com/assets/
839 B
902 B
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_email_orange.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f352db86262c5cbe0af82f15f00b097c7bb8fae116d50cd615540970f03b3da
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e943c000005b78e88a000000001
x-request-id
d3dfd493-8bd7-47af-b953-63f08a6e6220
x-runtime
0.003025
server
cloudflare
etag
W/"3f352db86262c5cbe0af82f15f00b097c7bb8fae116d50cd615540970f03b3da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd339cc405b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
comment-iframe.g
www.blogger.com/ Frame 6BA6
Redirect Chain
  • https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363
  • https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D1029833275466591797%26postID%3D7666782930518017442%26blogspotRpcToken%3D748363%26bpli%3D1&followu...
  • https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
5 KB
2 KB
Document
General
Full URL
https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/jsbin/1706263374-comment_from_post_iframe.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e66d6d2d9a266366bce410f850d3c135adb4ff00cc684e3b11e0cc5936789373
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.blogger.com
:scheme
https
:path
/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.talosintelligence.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
about:blank

Response headers

p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 18 May 2021 08:44:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1748
server
GSE
set-cookie
S=blogger=bZw8FBgUFXwMNM5TcIsubFEpPI_3AM2eJ6vNuPeDmJ8; Domain=.blogger.com; Path=/; Secure; HttpOnly; Priority=LOW; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type
text/html; charset=UTF-8
x-frame-options
DENY
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 18 May 2021 08:44:05 GMT
location
https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
script-src 'report-sample' 'nonce-Cky6NOifEppq/yebC7bxmA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
258
server
GSE
set-cookie
__Host-GAPS=1:vbKvxDSm-S8D_1M6KjQuNRluEpHszg:ETqfhh4ErAAX6_IA;Path=/;Expires=Thu, 18-May-2023 08:44:05 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
authorization.css
www.blogger.com/dyn-css/
1 B
43 B
Stylesheet
General
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1029833275466591797&zx=4e7cabbe-5909-4cb9-8ad3-d179fcac907f
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 May 2021 08:44:05 GMT
server
GSE
date
Tue, 18 May 2021 08:44:05 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
icon_search.svg
www.talosintelligence.com/assets/
1 KB
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/icon_search.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ec2e33c88eec72d7050b474be41d3e79282421602d9120efc96d620b911c60e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e943d000005b7d417f000000001
x-request-id
064d0613-272f-4a8a-ae4b-7c0a47be17fe
x-runtime
0.002766
server
cloudflare
etag
W/"1ec2e33c88eec72d7050b474be41d3e79282421602d9120efc96d620b911c60e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd339cc705b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
footer_icon_tw.svg
www.talosintelligence.com/assets/
1 KB
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/footer_icon_tw.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc0e96790d3264696a88a27c94294f32187c98547bcc5f0aaa422f8ddfb69dd1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
76690
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9455000005b7ef302000000001
x-request-id
df77a6d6-4506-420b-a38e-4aebc36b7e61
x-runtime
0.003501
server
cloudflare
etag
W/"bc0e96790d3264696a88a27c94294f32187c98547bcc5f0aaa422f8ddfb69dd1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd33bd3e05b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
footer_icon_yt.svg
www.talosintelligence.com/assets/
1 KB
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/footer_icon_yt.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b812952e2ecbdd529f7423a246bca7bdba383e2bb484730a7895dc884e87446c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
76690
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9458000005b7a1a2f000000001
x-request-id
f1d26896-0d04-48ad-a057-a4d42cf950fe
x-runtime
0.003130
server
cloudflare
etag
W/"b812952e2ecbdd529f7423a246bca7bdba383e2bb484730a7895dc884e87446c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd33bd4305b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
footer_icon_li.svg
www.talosintelligence.com/assets/
1013 B
1 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/footer_icon_li.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd0ddcd91a27b1c50c11176142adcf7f1f7bd4ab581b1f04518f681674889461
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9455000005b7eb92c000000001
x-request-id
842f50b9-535f-4dfe-9f73-bdfece9baacd
x-runtime
0.002598
server
cloudflare
etag
W/"bd0ddcd91a27b1c50c11176142adcf7f1f7bd4ab581b1f04518f681674889461"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd33bd4405b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
logo_cisco_grey.svg
www.talosintelligence.com/assets/
7 KB
3 KB
Image
General
Full URL
https://www.talosintelligence.com/assets/logo_cisco_grey.svg
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26f5ea290915effad3bcafe2acabaad611aefc3a6ecee6fa50322de01686545c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
HIT
age
81716
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9456000005b7c03c0000000001
x-request-id
6d6a632e-ba2c-411e-9205-855a89c52a66
x-runtime
0.002912
server
cloudflare
etag
W/"26f5ea290915effad3bcafe2acabaad611aefc3a6ecee6fa50322de01686545c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=86400
cf-ray
6513cd33bd4505b7-FRA
expires
Wed, 19 May 2021 08:44:05 GMT
cookienotice.js
blog.talosintelligence.com/js/
6 KB
2 KB
Script
General
Full URL
https://blog.talosintelligence.com/js/cookienotice.js
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:path
/js/cookienotice.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.talosintelligence.com
referer
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
356152
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a203e9456000005b7a69f2000000001
last-modified
Thu, 13 May 2021 21:16:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
x-xss-protection
0
cache-control
public, max-age=604800
cf-ray
6513cd33bd4905b7-FRA
expires
Tue, 25 May 2021 08:44:05 GMT
75914390-widgets.js
www.blogger.com/static/v1/widgets/
145 KB
145 KB
Script
General
Full URL
https://www.blogger.com/static/v1/widgets/75914390-widgets.js
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c733c892b5b0c222708477ba428d1838215af99ef8b04c5934c8a32d07fe82f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:35:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 12 May 2021 01:17:42 GMT
server
sffe
age
457714
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
148194
x-xss-protection
0
expires
Fri, 13 May 2022 01:35:31 GMT
beacon.min.js
static.cloudflareinsights.com/
13 KB
5 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01792efdc4db0e623b6502a69343d848522937f3fd8caa95ebfa1f403fa13808

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
content-encoding
gzip
last-modified
Wed, 12 May 2021 21:46:11 GMT
server
cloudflare
etag
W/"89decaaa-7498-4eb6-ad31-b36c5f88ec19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6513cd33bea163fb-FRA
cf-request-id
0a203e9455000063fb2c9c3000000001
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: blog.talosintelligence.com
URL: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
1033
date
Tue, 18 May 2021 08:26:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Tue, 18 May 2021 10:26:52 GMT
collect
www.google-analytics.com/j/
4 B
24 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=652178805&t=pageview&_s=1&dl=https%3A%2F%2Fblog.talosintelligence.com%2F2021%2F05%2Ftransparent-tribe-infra-and-targeting.html&ul=en-us&de=UTF-8&dt=Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence%3A%20Transparent%20Tribe%20APT%20expands%20its%20Windows%20malware%20arsenal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=185451718&gjid=274935419&cid=1597965766.1621327445&tid=UA-30016562-3&_gid=1126719495.1621327445&_r=1&_slc=1&z=1292160252
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 18 May 2021 08:44:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.talosintelligence.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ Frame F973
71 KB
72 KB
Font
General
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
Last-Modified
Mon, 15 Mar 2021 18:32:45 GMT
Age
5490928
ETag
"c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By
cache-ord1722-ORD, cache-hhn11571-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
72840
X-Cache-Hits
1, 877367
spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ Frame F973
56 KB
56 KB
Font
General
Full URL
https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
Last-Modified
Thu, 25 Feb 2021 09:21:47 GMT
Age
7078264
ETag
"3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By
cache-ord1735-ORD, cache-hhn11555-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
56996
X-Cache-Hits
1, 364795
vendor~embed-podcast.42279b3b.js
open.scdn.co/cdn/build/embed-podcast/ Frame F973
2 MB
477 KB
Script
General
Full URL
https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.42279b3b.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ced3a98cbbf1081607dfdc0f78cd696fcc3f22292fe03ad6177fa02e4e75193a

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 May 2021 17:17:42 GMT
Age
55421
ETag
"49dc09fa24d5b065b99cf026cf6480e0"
X-Served-By
cache-ord1745-ORD, cache-hhn11539-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
487475
X-Cache-Hits
1, 7510
embed-podcast.b557c8b4.js
open.scdn.co/cdn/build/embed-podcast/ Frame F973
221 KB
53 KB
Script
General
Full URL
https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.b557c8b4.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b4b5dffaf6cd0b3c562f6515b117a5086de99beac194b2dc020dba9bba6b16ff

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 May 2021 08:10:43 GMT
Age
1891
ETag
"aad09f6aac6bb5047fc12a42766ee1a1"
X-Served-By
cache-ord1731-ORD, cache-hhn11523-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
53606
X-Cache-Hits
1, 576
collect
stats.g.doubleclick.net/j/
1 B
92 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-30016562-3&cid=1597965766.1621327445&jid=185451718&gjid=274935419&_gid=1126719495.1621327445&_u=IEBAAEAAAAAAAC~&z=561754484
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.talosintelligence.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 18 May 2021 08:44:05 GMT
content-type
text/plain
access-control-allow-origin
https://blog.talosintelligence.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
01abd976210dac70919c813572504190990b83e3
i.scdn.co/image/ Frame F973
43 KB
44 KB
Image
General
Full URL
https://i.scdn.co/image/01abd976210dac70919c813572504190990b83e3
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
defad1aec727564ae5a7da3ed815d0f1ad02152d3c8323ed8fee2d91d10acc4b

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
Last-Modified
Mon, 03 Feb 2020 19:27:31 GMT
Age
422110
ETag
"6f6a75fdc41bd564955677ccbde166bd"
X-Served-By
cache-ord1729-ORD, cache-hhn11554-HHN
X-Cache
HIT, HIT
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
44427
X-Cache-Hits
1, 1
CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ Frame F973
67 KB
68 KB
Font
General
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
Last-Modified
Thu, 17 Dec 2020 03:54:22 GMT
Age
13140292
ETag
"6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By
cache-ord1742-ORD, cache-hhn11571-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
68852
X-Cache-Hits
1, 540849
/
o22381.ingest.sentry.io/api/1409086/envelope/ Frame F973
2 B
406 B
Fetch
General
Full URL
https://o22381.ingest.sentry.io/api/1409086/envelope/?sentry_key=80341f4271be4aec89050e48a0e4553e&sentry_version=7
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.42279b3b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 18 May 2021 08:44:05 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://open.spotify.com
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
/
apresolve.spotify.com/ Frame F973
205 B
226 B
Fetch
General
Full URL
https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.42279b3b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
73a6efa78dbb65b989a88308a2138fb08422feb16e86371ab956a76b7e00edca

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
content-encoding
gzip
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=0
alt-svc
clear
content-length
98
via
1.1 google
get_access_token
open.spotify.com/ Frame F973
188 B
426 B
Fetch
General
Full URL
https://open.spotify.com/get_access_token?reason=transport&productType=embed_podcast
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.42279b3b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
a689cf498a6a7b8dc39c3dd243cb1a0037129b133aae1fa12f52c3153b9b6b14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://open.spotify.com/embed-podcast/episode/7DqBSPHYlnhsNb2Kr1WXI5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 08:44:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
spotify-request-id
428d8009-dded-4a50-91c9-42fc244d55cb
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
via
HTTP/2 edgeproxy, 1.1 google
vary
Accept-Encoding,Accept-Encoding
alt-svc
clear
server
envoy
events
gew-spclient.spotify.com/gabo-receiver-service/v3/ Frame
0
0
Preflight
General
Full URL
https://gew-spclient.spotify.com/gabo-receiver-service/v3/events
Protocol
H2
Server
2600:1901:1:64a:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://open.spotify.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-headers
Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials
true
access-control-max-age
604800
content-length
0
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Tue, 18 May 2021 08:44:05 GMT
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
events
gew-spclient.spotify.com/gabo-receiver-service/v3/ Frame F973
13 B
139 B
Fetch
General
Full URL
https://gew-spclient.spotify.com/gabo-receiver-service/v3/events
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.42279b3b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:64a:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://open.spotify.com/
authorization
Bearer BQDowTfcrWbcRT8kguJCoxNHDbT8J-goN0gqVuQ6HuxX52mcL1O2Tr3XwUQMsDnoXlRU8-W_JTV32KxwjDQ
content-type
application/json

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
access-control-allow-headers
Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date
Tue, 18 May 2021 08:44:05 GMT
access-control-max-age
604800
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
true
alt-svc
clear
content-length
39
via
HTTP/2 edgeproxy, 1.1 google
2621646369-cmtfp.css
www.blogger.com/static/v1/v-css/ Frame 6BA6
13 KB
13 KB
Stylesheet
General
Full URL
https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2529a8451bea93302e41dc0fad03f7550094f4ef5ec4f3800f28c2639d5e2789
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 10:30:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 12 May 2021 21:15:39 GMT
server
sffe
age
425641
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
expires
Fri, 13 May 2022 10:30:04 GMT
2475017415-cmt.js
www.blogger.com/static/v1/jsbin/ Frame 6BA6
91 KB
91 KB
Script
General
Full URL
https://www.blogger.com/static/v1/jsbin/2475017415-cmt.js
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
80dab1233ac272c17ef142797409de5ed066aec94f70706f6fa0af7315a17bbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 02:18:47 GMT
x-content-type-options
nosniff
last-modified
Fri, 14 May 2021 13:14:01 GMT
server
sffe
age
23118
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
92723
x-xss-protection
0
expires
Wed, 18 May 2022 02:18:47 GMT
blank.gif
resources.blogblog.com/img/ Frame 6BA6
43 B
63 B
Image
General
Full URL
https://resources.blogblog.com/img/blank.gif
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blogger.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 00:23:42 GMT
x-content-type-options
nosniff
last-modified
Mon, 17 May 2021 21:40:10 GMT
server
sffe
age
30024
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Tue, 25 May 2021 00:23:42 GMT
XEkuV_KLMWD5Al97iCmkDgjGab_rX-gE6bZrQzRSZUo.js
www.google.com/js/bg/ Frame 6BA6
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/XEkuV_KLMWD5Al97iCmkDgjGab_rX-gE6bZrQzRSZUo.js
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c492e57f28b3160f9025f7b8829a40e08c669bfeb5fe804e9b66b433452654a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blogger.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 16:57:09 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 03 May 2021 11:00:00 GMT
server
sffe
age
56817
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5683
x-xss-protection
0
expires
Tue, 17 May 2022 16:57:09 GMT
comment-iframe-bg.g
www.blogger.com/ Frame 6BA6
10 KB
8 KB
XHR
General
Full URL
https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=XEkuV_KLMWD5Al97iCmkDgjGab_rX-gE6bZrQzRSZUo
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/jsbin/2475017415-cmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5d4a9fef440aa8631741de559d53474c1c93ef64f1e1594c92b2d7fe1a15e3be
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blogger.com/comment-iframe.g?blogID=1029833275466591797&postID=7666782930518017442&blogspotRpcToken=748363&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
date
Tue, 18 May 2021 08:44:06 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8119
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
anon36.png
resources.blogblog.com/img/ Frame 6BA6
2 KB
2 KB
Image
General
Full URL
https://resources.blogblog.com/img/anon36.png
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
19a794aab8d93c3cafd1efa4ae19579369f92ed5f1bb114d05aa0d7c7d1b3c22
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blogger.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 18 May 2021 01:25:59 GMT
x-content-type-options
nosniff
last-modified
Mon, 17 May 2021 14:11:07 GMT
server
sffe
age
26287
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1654
x-xss-protection
0
expires
Tue, 25 May 2021 01:25:59 GMT
rum
blog.talosintelligence.com/cdn-cgi/
0
173 B
XHR
General
Full URL
https://blog.talosintelligence.com/cdn-cgi/rum?req_id=6513cd314f111772
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-fetch-mode
cors
origin
https://blog.talosintelligence.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
_ga=GA1.2.1597965766.1621327445; _gid=GA1.2.1126719495.1621327445; _gat=1
content-length
15652
:path
/cdn-cgi/rum?req_id=6513cd314f111772
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
blog.talosintelligence.com
referer
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json

Response headers

date
Tue, 18 May 2021 08:44:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-frame-options
DENY
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://blog.talosintelligence.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
6513cd39ba9a05b7-FRA
vary
Origin

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| adsbygoogle function| BLOG_CMT_createIframe string| GoogleAnalyticsObject function| ga function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowByEmailView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt object| closure_lm_79832 object| cookieChoices object| google_tag_data object| gaplugins object| gaGlobal object| gaData

6 Cookies

Domain/Path Name / Value
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Fembed-podcast%2Fepisode%2F7DqBSPHYlnhsNb2Kr1WXI5
.talosintelligence.com/ Name: _gat
Value: 1
.talosintelligence.com/ Name: _gid
Value: GA1.2.1126719495.1621327445
.blogger.com/ Name: S
Value: blogger=bZw8FBgUFXwMNM5TcIsubFEpPI_3AM2eJ6vNuPeDmJ8
.spotify.com/ Name: sp_t
Value: b9fa43c66a7860a53f09a9cd2bb94d8f
.talosintelligence.com/ Name: _ga
Value: GA1.2.1597965766.1621327445

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
accounts.google.com
apresolve.spotify.com
blog.talosintelligence.com
fonts.googleapis.com
fonts.gstatic.com
gew-spclient.spotify.com
i.scdn.co
img2.blogblog.com
o22381.ingest.sentry.io
open.scdn.co
open.spotify.com
resources.blogblog.com
static.cloudflareinsights.com
stats.g.doubleclick.net
www.blogger.com
www.google-analytics.com
www.google.com
www.talosintelligence.com
2600:1901:0:524d::
2600:1901:1:64a::
2600:1901:1:c36::
2606:4700::6810:5e41
2606:4700::6811:3b4c
2606:4700::6812:c73a
2a00:1450:4001:802::2003
2a00:1450:4001:802::200d
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2001
2a00:1450:4001:813::2009
2a00:1450:4001:828::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a00:1450:4001:831::2004
2a00:1450:4001:831::2009
2a00:1450:400c:c0c::9c
2a04:4e42:62::760
35.188.42.15
01792efdc4db0e623b6502a69343d848522937f3fd8caa95ebfa1f403fa13808
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0500c837038a0e76f3cebee1377a80df53a86546add3a4e508a7f11d8afb7e45
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
1179f7c2d10f3ea42022f84cca8cadf9cc17acb9d2e928c79961d753b5d89275
19a794aab8d93c3cafd1efa4ae19579369f92ed5f1bb114d05aa0d7c7d1b3c22
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
1ec2e33c88eec72d7050b474be41d3e79282421602d9120efc96d620b911c60e
20f0d21703a645a80b7eaf2db1fd6f67d6ffc3b2cc7655e4ee1a4947d4123773
22ca5e3dcd26fa66a4af4b4a5d47a6a3a17f4cb9abdd03707901758b28f5c1d6
2529a8451bea93302e41dc0fad03f7550094f4ef5ec4f3800f28c2639d5e2789
26f5ea290915effad3bcafe2acabaad611aefc3a6ecee6fa50322de01686545c
29ec20506c9a93aaf3444bd98e2ecd22fe41b085002c9cdf1b1e1f8c2dc931f8
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2f90eee6bf178d6c4d800444f2ece7695b3c0d5a15e1eaa6c00ea229c1f91e5f
2fc708a149338bc9e4af67790f9e19d88a8f9377d6021cf2a0134688162fbe79
30d97518efc27c375b5925ba5f87035273c38ea251424c7a10bec927995937cd
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
385207f20b5339c8de012b93c6a79e86a72ddbb98aa55390b3ab773aa6b76010
3f352db86262c5cbe0af82f15f00b097c7bb8fae116d50cd615540970f03b3da
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4db7e66a4c99c6455baf6b60033a91c65b32c636b2d94655d7882680598202d7
4f357179b3067abfb538e82da01bd7e49c093ff7f0ffe266dd567b30e600fd6e
5c492e57f28b3160f9025f7b8829a40e08c669bfeb5fe804e9b66b433452654a
5d4a9fef440aa8631741de559d53474c1c93ef64f1e1594c92b2d7fe1a15e3be
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70283e21b9766b5bdebdc08a89760b935fb99d8bf25695b9dbf8f74553783b0b
7207c40e773c4db6443285e83073752a89d6b0b138d6365e0552dea3cc4f8386
73a6efa78dbb65b989a88308a2138fb08422feb16e86371ab956a76b7e00edca
75e191bc50cee0e969ccb8dc501916695c4fb16919f5cdb4da6d4b7e0aac4d58
768b1698c212fb73544aef1db15025c5c9fa6d2d409870936edf02a87e39530a
784c7a163770aa20e46cb984eeffbded5e6d9d913d36c96da061fa8041749050
7b0c93ac0aae114510c15f0e7b1e4973ec408a5b480d3f39f43cd336bc640829
80dab1233ac272c17ef142797409de5ed066aec94f70706f6fa0af7315a17bbe
8596fa31e572f4f319150599761f0261bed3edf14a31bfe525395a507d6ac9d2
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
8c733c892b5b0c222708477ba428d1838215af99ef8b04c5934c8a32d07fe82f
8eb91515b33b4c717020c8f5c6ba4927b4b8dd018e697c2681f3dcda85d7591a
9192b16e06a3cd217ee3849187406406ffa7d21aa321ef2e992ad466bc5de869
a689cf498a6a7b8dc39c3dd243cb1a0037129b133aae1fa12f52c3153b9b6b14
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0fb32319c8ca714cbddda23041581d8ebae13d6ad925913f5b26e1664d680d5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4b5dffaf6cd0b3c562f6515b117a5086de99beac194b2dc020dba9bba6b16ff
b812952e2ecbdd529f7423a246bca7bdba383e2bb484730a7895dc884e87446c
ba5753dfae9cdac414e27b1b74973e9041d76173a44fe2151bdecc03e13599da
bc0e96790d3264696a88a27c94294f32187c98547bcc5f0aaa422f8ddfb69dd1
bd0ddcd91a27b1c50c11176142adcf7f1f7bd4ab581b1f04518f681674889461
c768d5a9bdb6c5ce9b4369da088ab5d26c1dffaad1abe212bf99868b6cfde668
c95c4d412dcab57d6c1788e3133cff83a2eb459c94bde0131e9ed0871039277c
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
cb9b1260c780f395cf92d12a99df8dbef1fc7537a608a6806013ac7bc8373818
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ced3a98cbbf1081607dfdc0f78cd696fcc3f22292fe03ad6177fa02e4e75193a
cf55ba3b96089db93b4bd39967be8f2c908b00382937f8becb560f70bffa0ced
d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
d7992466071814c0f05beaa30522153589bb1c55d198944d3ad7f96763961f57
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
defad1aec727564ae5a7da3ed815d0f1ad02152d3c8323ed8fee2d91d10acc4b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5d2405df2a95c974d5c0771e3a45b2dea1a2c2824cf6a917a605bf4a967c86d
e66d6d2d9a266366bce410f850d3c135adb4ff00cc684e3b11e0cc5936789373
ea760d3d76b2a6da25e31dc630fcd0e2fe7be91e1a1938308410dfad0a5bbd16
f23e9081ad69daedd9c1e7c4cd22513ba3ac3160b3a032d55a307c91be730920