securityaffairs.com Open in urlscan Pro
2606:4700:3031::ac43:8cd3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Submission: On May 02 via api (May 2nd 2023, 2:10:12 am UTC) from TR — Scanned from DE

Summary HTTP 159 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 28 IPs in 10 countries across 28 domains to perform 159 HTTP transactions. The main IP is 2606:4700:3031::ac43:8cd3, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.com.
TLS certificate: Issued by GTS CA 1P5 on April 24th 2023. Valid for: 3 months.

This is the only time securityaffairs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	2606:4700:303... 2606:4700:3031::ac43:8cd3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	13.32.99.78 13.32.99.78	16509 (AMAZON-02) (AMAZON-02)
6	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
9	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:6000:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.68.25.145 3.68.25.145	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
3 3	3.124.213.109 3.124.213.109	16509 (AMAZON-02) (AMAZON-02)
2 2	3.123.92.169 3.123.92.169	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	37.157.4.40 37.157.4.40	198622 (ADFORM) (ADFORM)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
159	28

42 2606:4700:3031::ac43:8cd3 (United States)

ASN13335 (CLOUDFLARENET, US)

securityaffairs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-78.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:6000:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.68.25.145 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-25-145.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.158.49 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.124.213.109 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-213-109.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.92.169 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-92-169.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.40 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	securityaffairs.com securityaffairs.com	368 KB
38	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 tpc.googlesyndication.com — Cisco Umbrella Rank: 177	484 KB
21	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 stats.g.doubleclick.net — Cisco Umbrella Rank: 166 cm.g.doubleclick.net — Cisco Umbrella Rank: 313	154 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com	233 KB
8	wp.com i0.wp.com — Cisco Umbrella Rank: 4167 stats.wp.com — Cisco Umbrella Rank: 3510 pixel.wp.com — Cisco Umbrella Rank: 2908	237 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	6 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 130 region1.analytics.google.com — Cisco Umbrella Rank: 2930 www.google.com — Cisco Umbrella Rank: 16	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	196 KB
4	google.de adservice.google.de — Cisco Umbrella Rank: 5261 www.google.de — Cisco Umbrella Rank: 3425	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 427	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	201 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 5368 buttons-config.sharethis.com — Cisco Umbrella Rank: 6788 l.sharethis.com — Cisco Umbrella Rank: 5697	46 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 1037	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 908	1 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 679	2 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 6958	653 B
2	sportradarserving.com 2 redirects a.sportradarserving.com — Cisco Umbrella Rank: 3496	1 KB
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 1223	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1248 s.tribalfusion.com — Cisco Umbrella Rank: 2774	1 KB
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2823	173 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 50702	610 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 744	875 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1063	463 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 1124	339 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 451	265 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1718	256 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1132	609 B
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2802	1 KB
159	28

	Domain	Requested by
42	securityaffairs.com	securityaffairs.com
24	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
14	pagead2.googlesyndication.com	securityaffairs.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
12	cm.g.doubleclick.net	googleads.g.doubleclick.net
8	fonts.gstatic.com	fonts.googleapis.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
8	fonts.googleapis.com	securityaffairs.com googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
6	i0.wp.com	securityaffairs.com
4	www.googletagservices.com	googleads.g.doubleclick.net
3	x.bidswitch.net	3 redirects
3	www.google.com	tpc.googlesyndication.com googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	www.googletagmanager.com	securityaffairs.com www.googletagmanager.com
2	image6.pubmatic.com	2 redirects
2	c1.adform.net	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	d5p.de17a.com	2 redirects
2	a.sportradarserving.com	2 redirects
2	um.simpli.fi	2 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	sync.mathtag.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	onetag-sys.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.de	securityaffairs.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	securityaffairs.com
1	secure.gravatar.com	securityaffairs.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.com
1	platform-api.sharethis.com	securityaffairs.com
159	40

This site contains links to these domains. Also see Links.

Domain
twitter.com
blog.cyble.com
www.lookout.com
i0.wp.com
docs.google.com
www.facebook.com
infosec.exchange
www.linkedin.com
securityaffairs.co
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
securityaffairs.com GTS CA 1P5	`2023-04-24` - `2023-07-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
sharethis.com Amazon RSA 2048 M01	`2023-02-28` - `2023-07-18`	5 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-04-12` - `2023-07-11`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Frame ID: C426017DB2CA5A7D5D6125C47E21DAA7
Requests: 86 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20190131/zrt_lookup.html
Frame ID: A92927427871A5BE318A4851655AD2D3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1682993407&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993407258&bpp=305&bdt=166&idt=548&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5552670351622&frm=20&pv=2&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=578
Frame ID: 076AA7B33ABAFF15A68DBF4AC9EDDC58
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10
Frame ID: 68A9C003A38C34B72E7A71BF32F806C0
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36
Frame ID: 0A206D0B0B225B9D4C5326AA97B03053
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1
Frame ID: 29DAEC706E9C0E62246065EE9B1294E3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1
Frame ID: 9B3A40ADFB475236D47B763A74F75D9A
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5CF698C0E4DA4BBF1766388F0BFAA928
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 739A8000D9E60CCD0DFBDAD869C27DB0
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 676EEB9AE22245563F2D9A1D84C18284
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 16B2BC4B0C27C17F5BD2E6BE0B151B85
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A754E33D1DFEBD2D1240B74219F5C089
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js
Frame ID: D9926D9BFAB12A15A0CFABCAE08FD619
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js
Frame ID: B7A852F502CE15E5BA6C5EE9058E7AF6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js
Frame ID: 15BC6EF17CCC929D2B8CD4299497DDF0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js
Frame ID: 9EA75D36EBC799A567E187C3938D65E4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iranian govt uses BouldSpy Android malware for internal surveillance operationsSecurity Affairs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

twemoji(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

159
Requests

93 %
HTTPS

54 %
IPv6

28
Domains

40
Subdomains

28
IPs

10
Countries

1940 kB
Transfer

4655 kB
Size

33
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/0x6rsk/status/1647289419001475072
Title: 1

Search URL Search Domain Scan URL

URL: https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
Title: 2

Search URL Search Domain Scan URL

URL: https://www.lookout.com/blog/iranian-spyware-bouldspy
Title: report

Search URL Search Domain Scan URL

URL: https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/05/image-1.png?ssl=1

Search URL Search Domain Scan URL

URL: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Title: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@securityaffairs
Title: Mastodon

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/
Title: SecurityAffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&media=https%3A%2F%2Fsecurityaffairs.com%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/70429/deep-web/deep-web-book.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/112244/breaking-news/security-affairs-newsletter-is-back.html

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/132506/breaking-news/securityaffairs-best-european-cybersecurity-blog-2022.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 126

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHdyRkWNXsn_m1k9wOnfJak&google_cver=1&google_push=ATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHdyRkWNXsn_m1k9wOnfJak&google_cver=1&google_push=ATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 127

https://um.simpli.fi/gp_match?google_gid=CAESEIZMflfqS-zs7uNfUSahofg&google_cver=1&google_push=ATf1kGMYPS7VY0aHYU-koodATEjNcaMhacZSJHgOYah5N0L4L_PyzcXVUFhZnzhARrhF8auxv8vW5U9aaopaWx8xQJZ23vViM9q7me4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D3E1EF51DB434C9D8F828160355857EE&google_push=ATf1kGMYPS7VY0aHYU-koodATEjNcaMhacZSJHgOYah5N0L4L_PyzcXVUFhZnzhARrhF8auxv8vW5U9aaopaWx8xQJZ23vViM9q7me4

Request Chain 129

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDw4jtwouT3ECT0SQnFfyIg&google_cver=1&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIXRpoxB1fGIpU HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDw4jtwouT3ECT0SQnFfyIg&google_cver=1&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIXRpoxB1fGIpU HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=1366fdba-6969-4f6a-9755-320f0e05aafa&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIXRpoxB1fGIpU&google_hm=Vk2jvqytTeGuus7W_jsygw==

Request Chain 130

https://d5p.de17a.com/cookies/google?google_gid=CAESEKGoRKez5Bl4sV1nC-hjk54&google_cver=1&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS2php32PE HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKGoRKez5Bl4sV1nC-hjk54&google_cver=1&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS2php32PE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS2php32PE

Request Chain 131

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_cver=1&google_push=ATf1kGMFxKO2AoHXkHFap1lexxcxASNAvAKVvN1vDg-b8TV3iwtDrGP-cTnNoN5RpqFoGBgvKGdz8wprxOI6UQiPZpF-cE3M8j5YFA8 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_push=ATf1kGMFxKO2AoHXkHFap1lexxcxASNAvAKVvN1vDg-b8TV3iwtDrGP-cTnNoN5RpqFoGBgvKGdz8wprxOI6UQiPZpF-cE3M8j5YFA8&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_hm=ZFBxAXHJG8q3qaB3RvFjmwAACF0AAAAB&google_nid=index&google_push=ATf1kGMFxKO2AoHXkHFap1lexxcxASNAvAKVvN1vDg-b8TV3iwtDrGP-cTnNoN5RpqFoGBgvKGdz8wprxOI6UQiPZpF-cE3M8j5YFA8

Request Chain 132

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEESL1brVVdaRtQTG2BOkHBo&google_cver=1&google_push=ATf1kGNCq5UE_MmLI7p9BMoW1VXCDopf9AxcoaIJ5zeXTkTm0_lUvJwI3xLUdreNgKGYOVNbipZJZSdCEHg4qRM5mWDiIl8pdWYJnVw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNCq5UE_MmLI7p9BMoW1VXCDopf9AxcoaIJ5zeXTkTm0_lUvJwI3xLUdreNgKGYOVNbipZJZSdCEHg4qRM5mWDiIl8pdWYJnVw

Request Chain 149

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIStqsNO5Iye-yzUUkProhc&google_cver=1&google_push=ATf1kGMlan3bZWMgFvWfJixZfIkDgYQ3kLWOeCpMPnkaBJcjSUXQWIZBJpP9Tq8cPTwLl0ca_iETteyARhEDXNqohxdTeyvryLI14TM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMlan3bZWMgFvWfJixZfIkDgYQ3kLWOeCpMPnkaBJcjSUXQWIZBJpP9Tq8cPTwLl0ca_iETteyARhEDXNqohxdTeyvryLI14TM

Request Chain 150

https://um.simpli.fi/gp_match?google_gid=CAESEIG69tpf7j4WnGKt4Xm1V8U&google_cver=1&google_push=ATf1kGPZtPhh89so1DnELuhwmxsiRlo4GFYZUwRRhikKEXWmcvk2B_AUMXuEHN6TBxhWExm-TFyRMST4aF6-31kDVt29ChYJiSiji0v6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2C6E79068494B469983CA4F4AD3BF28&google_push=ATf1kGPZtPhh89so1DnELuhwmxsiRlo4GFYZUwRRhikKEXWmcvk2B_AUMXuEHN6TBxhWExm-TFyRMST4aF6-31kDVt29ChYJiSiji0v6

Request Chain 151

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPA36a0pWw1MO7ysTYjjo20&google_cver=1&google_push=ATf1kGPrU3ZcL6R9QBvK9P5vTx6eesKvufpnYLshRKCINrJa8WI8L4-HhJ15tAtq-CD_gtvAnmmIMJboa2F3ZSRd9kAyqXtklVjAXyE6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPrU3ZcL6R9QBvK9P5vTx6eesKvufpnYLshRKCINrJa8WI8L4-HhJ15tAtq-CD_gtvAnmmIMJboa2F3ZSRd9kAyqXtklVjAXyE6&google_hm=v4PFXH5uRWuhkUPjUtJRwLc

Request Chain 153

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKjEu7pYb9yjKq_2bT_5JMg&google_cver=1&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1LQr-WkTXYh4_j9dODNuoBMYNVQ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKjEu7pYb9yjKq_2bT_5JMg&google_cver=1&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1LQr-WkTXYh4_j9dODNuoBMYNVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzA0MTcwNTM0NjA3Mjc4OTMxMw&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1LQr-WkTXYh4_j9dODNuoBMYNVQ

Request Chain 154

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEAJkXPfmdx__r4171MlRAxo&google_cver=1&google_push=ATf1kGM1Ng8qAWeuLUoCYL1jWJcMR2R74Xj4VJmvJGxhJ9LNqNPF3cMXkptEeknqPXC8kSIZ93Kp8EvTwR9g3RHGP2ZMjYyBKp2M_Bfh HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEAJkXPfmdx__r4171MlRAxo&google_cver=1&google_push=ATf1kGM1Ng8qAWeuLUoCYL1jWJcMR2R74Xj4VJmvJGxhJ9LNqNPF3cMXkptEeknqPXC8kSIZ93Kp8EvTwR9g3RHGP2ZMjYyBKp2M_Bfh&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=UGaiES1HRKuAZ3R1D0hltw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM1Ng8qAWeuLUoCYL1jWJcMR2R74Xj4VJmvJGxhJ9LNqNPF3cMXkptEeknqPXC8kSIZ93Kp8EvTwR9g3RHGP2ZMjYyBKp2M_Bfh

159 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request iran-bouldspy-android-spyware.html Show response
securityaffairs.com/145550/hacking/ 87 KB
20 KB 127ms
71ms Document
text/html 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8b9530109e3ca379bd7c1cde54ac839e91af1c00b90fecff552aced3fe13aa5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 7c0cb9d9e8989a2a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 02 May 2023 02:10:07 GMT
link: <https://securityaffairs.com/wp-json/>; rel="https://api.w.org/" <https://securityaffairs.com/wp-json/wp/v2/posts/145550>; rel="alternate"; type="application/json" <https://securityaffairs.com/?p=145550>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCcm9L6k4tTGpWKJIewqo9wdd4SX7U7ZihG%2B1%2FAuxNqg5M56WdNyZXysnvbvZcL8npnUaIG5fNVtITfDtXNoYqweWdw44h8IWjsDDp0N%2FctOtkCMBa77qO6bylWWnQgSU0VaXZD54vJrnc%2FEC1UU3MtS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-pingback: https://securityaffairs.com/xmlrpc.php

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
47 KB 104ms
45ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e55884bd7730ecaf174dfc784ab029b0fc262d93bc299e35fbc80168d04e8691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47454
x-xss-protection: 0
server: cafe
etag: 16195564404900864389
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H2 200 style.css
securityaffairs.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 54ms
49ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/css/dist/block-library/style.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1009b5a8852ca3fdbdacabac3778cf9dea8f91a58d36466a5fe20d0441ead1f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 21070
cf-polished: origSize=104503
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-19837"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BeruY79OZjt%2FV6IRfzjN2YeFo3%2FSTftb508uE8FMPw%2B3l5IyF9x2XwEFoaFQcZVIDWgaNxd26WD6T88erney%2BeMVV04e8IYbhRlPQoNIrClxkeWHYcx8zpslv7QRJqMgCZAOJKHrttskTtSfiLzzjWU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99579a2a-FRA
expires: Mon, 08 May 2023 20:18:57 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.com/wp-includes/js/mediaelement/ 11 KB
3 KB 51ms
46ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 590880
etag: W/"5fd15e34-2bf8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=irdjv3d41qv7e0ADhJklSrWfPQu0y1HwWLoKfAOh0ojMaGKN0X6QXa303nmU7UB9ONG8tVIZlDa9%2B5V%2BUTvl40s6V4aNRURe5y8hUbV94WZE9lfvnFKq9zJqeUoYuwbFKTuGg9yGbQd%2FsXdLudzzHPoZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99599a2a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 02 May 2023 06:02:07 GMT

GET
H2 200 wp-mediaelement.css
securityaffairs.com/wp-includes/js/mediaelement/ 4 KB
1 KB 50ms
45ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/mediaelement/wp-mediaelement.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441901
cf-polished: origSize=4960
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: cloudflare
etag: W/"5dcc9728-1360"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8KN6yiQozTQn8GsGTxvWmq70%2BWpj23V%2BL9ZsbYV%2BdkcAxzFkIvottNqLy3d7z%2FUal90%2FwFUX8ecJafY9%2FR6EFJNLoomp8%2B0rX09T0zlRMtEb0mKEtSxeVv%2BBDoCiFSvNkGs04Dq9KcoiTHFasWUvO%2Fq"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99589a2a-FRA
expires: Wed, 03 May 2023 23:25:06 GMT

GET
H2 200 classic-themes.css
securityaffairs.com/wp-includes/css/ 257 B
573 B 30ms
25ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/css/classic-themes.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5ea1f3c6951b71eb83050cd630f9c7c1c736b5b277d38a0e4465d80a5e53d4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441901
cf-polished: origSize=729
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-2d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3PDGYOzd72pY0tqL61p8L7jkoF4V2dz2jfNF7ieni4Q5SD5v6jzGfTWpSutmUsKKkf%2FNLoDuY3Z8vBxIujwhmRuNMNEbkGrAFw3iVD8ThhgxhcOn6ttRyA6VUAvEgRp346NnzdHpLQnOzSqACRSkmIek"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da893e9a2a-FRA
expires: Wed, 03 May 2023 23:25:06 GMT

GET
H2 200 cookie-law-info-public.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 3 KB
997 B 33ms
28ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.9
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 269958
cf-polished: origSize=3106
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 28 Apr 2023 22:52:14 GMT
server: cloudflare
etag: W/"644c4e1e-c22"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2FhPsSQ7TO7wg%2BhrNFGBYEsNOyDowJogJh81wFC31C%2Fi9Z5qFGrIM2avMwSZIIMlmOwBmKfQDYxcN8gMNIcZHil4YtbQLT0ZoT85MGAPcr466uPBT2Sn4KAhF6S%2FNEbJH7es3NrFk3VfEtGb4VFzjJzG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da893f9a2a-FRA
expires: Fri, 05 May 2023 23:10:49 GMT

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 22 KB
4 KB 31ms
26ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.9
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 269958
cf-polished: origSize=27249
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 28 Apr 2023 22:52:14 GMT
server: cloudflare
etag: W/"644c4e1e-6a71"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hEUNK%2BuSdT0WgV3WNMDSA7zF54B06kqOoBcVYprEwWDyqJ26zGzZZ7Sd%2B%2FpiRfqnOGKdwTb5cC0LB0n%2B%2BGpa0WzTEwP9LCS7v6225kPbAbn5kOYLf9z0wsSmD7S4TWAM2A4pKAjv3oMp0vBIUxnSvAnz"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89419a2a-FRA
expires: Fri, 05 May 2023 23:10:49 GMT

GET
H2 200 custom.css
securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/ 15 KB
3 KB 37ms
33ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 347441
cf-polished: origSize=19858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: cloudflare
etag: W/"56716d33-4d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DyEsLdug0bS51%2BsxReZ8YXcui3t%2FTa1VJVfdzsk%2Fbnef%2BIEV4ZHJXj4jpnkO8AzX5u03tzIw8M3GD6jqKgn2YDejrg8qawUdJKuOzuOdA6qK3Lp6cxghAdqSQYIgIR2wGX7fKNn6M8ugZbf%2BQ1kCyLcQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89429a2a-FRA
expires: Fri, 05 May 2023 01:39:26 GMT

GET
H2 200 tipsy.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 461 B
570 B 32ms
27ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 590880
cf-polished: origSize=539
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: cloudflare
etag: W/"56710b7c-21b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJLFuJgCbFoAjsOIyELwAK%2BaOZcvrQCd62HVC427wBSCQ4B6BgdZg4K8YwDngjan53Oj3mqLV2e8QMjP7zw%2BoKnWPNRcmPygByozJrPYQFbK9OTf9OY4UreRaSXeP0kG3YW8m5dE9oNoWoXwwSNzD4NB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89449a2a-FRA
expires: Tue, 02 May 2023 06:02:07 GMT

GET
H2 200 flexslider.css
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/ 5 KB
2 KB 36ms
32ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 588703
cf-polished: origSize=6225
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: cloudflare
etag: W/"56716d3d-1851"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2NHBWQ80jfOkKbRn%2F7lanO6QwKBfa%2BIXPDssJ7ncL947f8eJtzD7UmBOK66ng6hHdKryvkHNUpFRBcDmGR%2B2N6dkrJWVFBbEzb26GaqT%2FW44ins8ujU6ZAsLIUrh%2Fygq18hftfZCzlu7tLJTEIZZkT29"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89459a2a-FRA
expires: Tue, 02 May 2023 06:38:24 GMT

GET
H2 200 animation.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 1 KB
662 B 33ms
29ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 590880
cf-polished: origSize=1716
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: cloudflare
etag: W/"56710b7a-6b4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKmBc7V0xI7d%2F1ZvbOeuGeFbBwbM%2FwhXEXGt%2FG8awK%2B8QCLEGY3ovHA8%2FVetNhDNWt1W3f1I75ZUmppDlldAnxe9n3%2FSNQ6UJgnMqUD7VUJc2CAMRXRgpcym3lUOCmGin5pCBBY%2Bf5taHX32noFhzQUK"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89469a2a-FRA
expires: Tue, 02 May 2023 06:02:07 GMT

GET
H2 200 font-awesome.min.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 17 KB
4 KB 35ms
31ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 588703
etag: W/"56710b7a-4574"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nC%2FEEz%2B2scePoVzmIr%2Fp84LPfUEJ1j%2BP7i0c9TRAsviHIRenfTB9q2SMmTNBFsBbRCDP6vZ3mDC7yOziCwmOezhGm2HOKtw6eSS%2BXaHkfPzJ5%2FVYtjgwqP2BsHQ2fa0bv89tfkSEScHwYoqbxwyhU40D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89479a2a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 02 May 2023 06:38:24 GMT

GET
H2 200 swipebox.css
securityaffairs.com/wp-content/themes/rigel_old/js/ 3 KB
1 KB 34ms
30ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 588703
cf-polished: origSize=4493
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: cloudflare
etag: W/"56710b8a-118d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dkuk6PxcxK14JygmF3xW0GvBp2ZVdDTnAbnAe8AYDiVYnN3BBbn9QU8VnfSnhylWbFiI2GZTsK7qh8nYWJf9cVxC%2FNuJdpNHkEZve7uANWvmheggc9Rfwt1vYcAMVIcPtUSWO7rsdI9uJ8BIfwrEAwnj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89489a2a-FRA
expires: Tue, 02 May 2023 06:38:24 GMT

GET
H2 200 jquery.circliful.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 264 B
514 B 35ms
32ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 592298
cf-polished: origSize=334
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: cloudflare
etag: W/"56710b7a-14e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dp%2BC9w7bM3hbulK3LZlxkVf83nmsQjV2DOgQZEM4sFuds3yzjA89BoN1tCg2EtfTgFknTEkXeymh%2Bs2fgq3MSXWBKOtU2FF153yfhscCEEEHXpBkU4yyVFaxAZX%2Ff8yBo8sN5t66tYHUjkuS4MCcCcEP"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da89499a2a-FRA
expires: Tue, 02 May 2023 05:38:29 GMT

GET
H2 200 screen.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 95 KB
17 KB 56ms
52ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 351079
cf-polished: origSize=112708
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: cloudflare
etag: W/"56710b7c-1b844"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbzTs%2Fc6VdmbxTzGWaJPZ%2FxPaKM60tWJHexqcObj3HDtl0sf1BxJJiuLvedJM0%2F1hUDmTkiowyAnEI9ElZNxOkJguPHULVEw3662k04oOXHHUPNAd%2BzA9RyXHKEimtKm4Ge%2BoNc1eXlkI42%2BunET49WF"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99529a2a-FRA
expires: Fri, 05 May 2023 00:38:48 GMT

GET
H2 200 custom-css.php
securityaffairs.com/wp-content/themes/rigel_old/templates/ 12 KB
2 KB 427ms
423ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0Jc%2Fd2E2avw%2BKU02ONb0SlC2YdU4W%2FWgxiIEA1zr4m1oQ8U%2Bsk%2FvzPj2o5ML6CikH13ZANpczQbXRlfnFSumMtjZ8odmVhYXz%2BqcULOcJCWHjt1YLm%2FMdpXHu%2Fhk9j9MMZ6WRn2bEYcbxX2NL%2Fy7Buv"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset: UTF-8;charset=UTF-8
cf-ray: 7c0cb9da99539a2a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 9 KB
900 B 88ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=540fd913fdda078d6087769568ea9bcb

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0b0600ad401ae5f2ace6a90c81bb7f4b3a7158e340b7bbb2d7201a20e3f9a17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 01:54:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
891 B 86ms
29ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fcc86dea0b3b9ece4946cad4458ada0662da919a16e710a01ee46a542fa0205a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 01:49:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
649 B 88ms
31ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f2db20f9ae1c9d5f041506e280453c144555f3d12e6cefa3fcb3bc68a41f4897

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 02:10:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
671 B 87ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7084fce45d512adaaf9ff9b48e744751279c0fcb22bfc1f4db28f316bc8793ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 02:10:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H2 200 grid.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 43 KB
8 KB 49ms
46ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/grid.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441901
cf-polished: origSize=50674
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: cloudflare
etag: W/"56710b7b-c5f2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8r1iS2bLIt8weQJsytqCVKW970VOHmUPMlWDkHxUFzpfApX3UwtrhXL2oQofYN3sVf7gdHL22IC%2F5JmMjfeeFv6QZsd3qpYjB8v6pvFqFZZa0ZfnoMcV2FD1ANsu9E%2FK8kZySX4CUwJKAKieqRWZhG2"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99549a2a-FRA
expires: Wed, 03 May 2023 23:25:06 GMT

GET
H2 200 sharing.css
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/ 16 KB
3 KB 50ms
47ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=12.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a93c1ac24fad6ffb0de84e1f56b111e8b177d68a2948ffe1c87d9c02bb68b2d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 110288
cf-polished: origSize=19408
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:58 GMT
server: cloudflare
etag: W/"64330822-4bd0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGi9zz6YQPFT17%2F5%2FBqh7tEPaFw1r7I%2B8qmPLkSXOeyTnjqadea04E1mX3VUVKPzvqGwF%2FBGspw208xA5XOgifIpRX1V747UbDXChERkkTdUdfZHAntKXdmttXCf7%2FOwqgzo6yefEpQAtt%2B17jsYCtAn"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99559a2a-FRA
expires: Sun, 07 May 2023 19:31:59 GMT

GET
H2 200 social-logos.css
securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/ 11 KB
8 KB 59ms
56ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=12.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee86b02e97bfb8f83af87a4f7991c713e1e90dce091524c0c675b393091b6ff7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 110288
cf-polished: origSize=12101
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:57 GMT
server: cloudflare
etag: W/"64330821-2f45"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MmAHgrUo7pIxQOiY%2Bw15sgR4ZfPxPLVXok%2FVFJB2KBazH67LeHuqYDEMuykLht%2FfAGxnEPYL47bm5XfnIlGsBYNTH6J0GMVasaz0dCXFPyQl1C4NFpFyFDG%2BfZI5h87QKX93IPtUgn00ELgBuHK74dz%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7c0cb9da99569a2a-FRA
expires: Sun, 07 May 2023 19:31:59 GMT

GET
H2 200 jquery.js Show response
securityaffairs.com/wp-includes/js/jquery/ 142 KB
42 KB 60ms
57ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/jquery/jquery.js?ver=3.6.3
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73e52be898a7afbbfa119fdb5a95ca82c2b914da8d756404f7e5c7e0b6ff1928

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441901
cf-polished: origSize=292478
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-4767e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xGX3gTl1pEOcPZpFsVU48o%2FUdz1MZUC8cFmsArS4rgzChO4AT6cBqVJeDY4X11Y6xjQTBV3%2Bm7Q2A2lesHXjnl7HzdKr3uPePiDe5uroCib24CTs%2BS%2FVR7ib5O03982Hx4PQ5aJCzfATz3nF6Iqzdsu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9da995a9a2a-FRA
expires: Wed, 03 May 2023 23:25:06 GMT

GET
H2 200 jquery-migrate.js Show response
securityaffairs.com/wp-includes/js/jquery/ 18 KB
6 KB 57ms
54ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c4baf058901663c6879894c0067cf923fa200cb95a0a4c25b1471a62c2a63c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441901
cf-polished: origSize=30789
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-7845"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dx0zzqosqllZ53t1ZRu9%2B83R%2Bb1ejjrJl4LqiAGpAwhCEm3HW2xPzI0clp08zrcCXMC7o%2BGfWfBDcoGEmffG%2BDwlQrnJQqYOde7Jv50sCi3%2BWjDe8NVZLmEnnDZpvt2LfhSBTL6qtVpHTGvHQpzFH26M"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9da995b9a2a-FRA
expires: Wed, 03 May 2023 23:25:06 GMT

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/ 27 KB
7 KB 51ms
48ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.9
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 269958
cf-polished: origSize=34179
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 28 Apr 2023 22:52:14 GMT
server: cloudflare
etag: W/"644c4e1e-8583"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXVJRsaAuEjfMH0EcecmO%2Bh7V3nGWyWSPh6Mqlb%2BZ4N3sFAbRyESvHCHOH9N1batl2OxX9aswIZiNxixdgUbTm1z0HM6TJqFY8Va%2B4cUk%2BNxseDe5cZtAsJpDyxMUoGX%2BFEOb4IVFH8pHKHyMuS3D9r6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9da995c9a2a-FRA
expires: Fri, 05 May 2023 23:10:49 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 201 KB
45 KB 90ms
27ms Script
text/javascript 13.32.99.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-78.fra60.r.cloudfront.net

Software

Resource Hash

47d522563a9f514094ee94ebcee33b1ab88ba91d5639393beecd18be1fd27c15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:09:47 GMT
content-encoding: gzip
via: 1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 20
etag: W/"32234-AoJ3k+MJOOKcahR2z6uk+gkFH+s"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: furyyMCm6vI-mq8vMZybhAHXPduu8Qx5fyhWGmPRECUFhPgTikLUXQ==

GET
H2 200 image-1.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2023/05/ 125 KB
126 KB 79ms
19ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/05/image-1.png?resize=1024%2C423&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

897b485b62853015904f1c32460adbef21919107b2698751ac4362f834cfbcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 May 2023 14:00:06 GMT
server: nginx
etag: "f34ce83380ba0263"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2023/05/image-1.png>; rel="canonical"
content-length: 128070
expires: Thu, 01 May 2025 02:00:06 GMT

GET
H3 200 t-mobile-experian-data-breach.jpg
securityaffairs.com/wp-content/uploads/2015/10/ 41 KB
41 KB 32ms
30ms Image
image/jpeg 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2015/10/t-mobile-experian-data-breach.jpg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd573dd2e1517dc366e78e8b5de070a16c80e5d32cc71d33e24b3455cffa2db1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26268
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41784
last-modified: Wed, 16 Dec 2015 13:28:24 GMT
server: cloudflare
etag: "567166f8-a338"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=avlqK2lKBfQtOcDvKHcQfSyqwn15huaciklc7VvV9%2BYPlGutWI4qDHehXrd%2FzAGGf8Ltn6wr35Ffh2C19eaZeuJsquS09WijpGJyMyXaYzuTcpzLGFcizKPrsimYWixj8GdeVLbF%2Fva0jxA0avkWderX"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 7c0cb9dd4c132c4b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 infoblox-blog-decoy-dog-domain-timelines.png
securityaffairs.com/wp-content/uploads/2023/05/ 72 KB
73 KB 27ms
26ms Image
image/png 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2023/05/infoblox-blog-decoy-dog-domain-timelines.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5abb2baea4406b91db0c70b520aac559e816d0edb8a7acdd8388aacefb8ceea1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 32287
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 73823
last-modified: Mon, 01 May 2023 16:38:57 GMT
server: cloudflare
etag: "644feb21-1205f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUmDm7KCf%2FPOPztyPcAMlExjuJFDalA0spop4I9MWCM6gdkKAXYFIIsUDVy36H6Pb0YG0r80XW4a2RpIT470QQpSjWuXtVCKa926Vo3Ae3ka%2BFi8px06albu1BAdxlsgQO3uQTuAS2KSaJ3M8Ruhx4SC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 7c0cb9dd4c142c4b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 image.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2023/05/ 40 KB
40 KB 134ms
75ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/05/image.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

2b84941259a2fe0e8b9d858f6101c5eac1cc0477ef2c130c38cd22bafd6bb4d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 May 2023 14:00:15 GMT
server: nginx
etag: "1a7c51e561fb9e88"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2023/05/image.png>; rel="canonical"
content-length: 40660
expires: Thu, 01 May 2025 02:00:15 GMT

GET
H3 200 email-decode.min.js Show response
securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 23ms
22ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 25 Apr 2023 11:29:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6447b986-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D0K5tvX%2BfmhmGfpkBwGkCj20yZBpvwd8V0YTJnC1qd8ZxTjf30kTcgzMcySiM1eEK8eUWmRFu2QVyF0tyzLAGGZxJRy%2FZRRJdgCa0f1qQQnNa3nps21bg8dYQ%2Bgze4NXf%2BIITqeQzzDpzFi1sNyzgPaI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7c0cb9db5ae52c4b-FRA
expires: Thu, 04 May 2023 02:10:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 245 KB
83 KB 139ms
75ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

89162e64b338d8f457a1610651a06af141eb9711a5529d993dcc553d3b715c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84677
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H3 200 photon.js Show response
securityaffairs.com/wp-content/plugins/jetpack/modules/photon/ 927 B
957 B 30ms
29ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a37deb9dd04cdebb5a80730395780332c03ec667693b3ddb06d8983157679d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 105627
cf-polished: origSize=1760
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:58 GMT
server: cloudflare
etag: W/"64330822-6e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=90PGb9FMopp4b4I0XkNGSHeIeCYqI8Wz7dB0YYHpxrmFJ0VjXEWgVor%2BJ0wkhbtv0X4zQ1o3o8ef56m1EE3yehTzUL0IPvPB6zpM124aDq4FB%2FVePEfTIOFi4LrzCLxvlZIopARJunUGkZjqYSMyvJuZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9db8b002c4b-FRA
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 ssba.js Show response
securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
1 KB 26ms
26ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1682722338
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 266130
cf-polished: origSize=3110
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 28 Apr 2023 22:52:18 GMT
server: cloudflare
etag: W/"644c4e22-c26"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BFQvi7DPLrNeft3s7KZGj7v4Wxf629WYa3R6Ka0d5tI%2BnWgzZw%2BvaZyATp8nrSJQKKOw6c10DW5efzvGNuMSP52scHS2aLGO5SHmvBCu%2FmWfZLgWgJOwMJZUUAi2ew2S6QxJJe%2F0oXNjzldSbXd5Enw4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dbbb182c4b-FRA
expires: Sat, 06 May 2023 00:14:37 GMT

GET
H3 200 hint.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 467 B
784 B 28ms
27ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 86719
cf-polished: origSize=987
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: cloudflare
etag: W/"56710b89-3db"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64DYZoEyaWvZ9AJYBBj9MPyRWx1gFeGZgCIErAP37MqBLOV2MdzXPGi%2BjNucqLxeCXEf1wj2f4O1%2BlQiopNPigEAxLMK6%2B3bZkqoSHEBpJegepFqjfHSsoXWFPPJ7VMvRvxeJo6iDB4YLvGpkjJeHns8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dbeb382c4b-FRA
expires: Mon, 08 May 2023 02:04:48 GMT

GET
H3 200 jquery.tipsy.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 2 KB
1 KB 27ms
26ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 105627
cf-polished: origSize=4371
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: cloudflare
etag: W/"56710b89-1113"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEwXcMhr9YKrvz%2F9YD4uUoVaCA2a9gkPmHGMafUZdisNTOTJrpRzyzsG4TOQeb30EEig7AXEE8dnd54BhOdXN0z7dJgGeoBPk%2BhBWp0HTbX2VWMxMos7fKGQXcRHhzG3%2FSgJRMmQJX3IrBVWYBMWear1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dc1b572c4b-FRA
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 jquery.easing.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 4 KB
1 KB 28ms
28ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 105627
cf-polished: origSize=8097
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: cloudflare
etag: W/"56710b89-1fa1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2B7t4HR3hfAQSdfMBVA%2BFu5FOIXBZmF9qzX4nxHBt94tQGtDCrE1rTpoNMpOs5IYdAwH7SaP9rUWEJ4rjW%2B%2B27O7bWpBW4AwcSVAM%2FFKMFg3V5FfV%2FkZ48eASeMIUUe17tCgxF2dFFv1Y39uRptSHDmn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dc4b6e2c4b-FRA
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 browser.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 2 KB
1 KB 30ms
29ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 105627
cf-polished: origSize=2614
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: cloudflare
etag: W/"56710b88-a36"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1os5kbuzdXggLhp2r%2Brgs8EUqjLhgSgA5qjfIG3YP7ZZyFt%2B8Hm3w%2Bk9h7XdgMpTTdUj1LaqoNngipZ3aYHb7h6L7LLrmxUYEL%2FSTGZlqRdbTLi6LmTeDm3s1nTRO%2BoH2JpMydI%2F7mG4CMFbdG3FBOAk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dc7b882c4b-FRA
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 jquery.flexslider-min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/ 21 KB
7 KB 33ms
27ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 597868
etag: W/"56716d3e-53ae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ds9mFTtrsOL5La3MIwux4qLCyPYNeSlwPdQUzuOnKOgJbwAfnJC9L%2FPU72ehhqllb7kcCWJM%2BhKUlYDUVlklJdtKIpvw%2FAfPtqEmJJPNjBgvnhz9FDy2X3ZK5ciw0AmpfYUXh17rVd8SBef%2FEbdy4dk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dcbbb82c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 02 May 2023 04:05:39 GMT

GET
H3 200 waypoints.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 8 KB
3 KB 25ms
25ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 105627
etag: W/"56710b8a-1f6c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z8TunsP4BAAvIwNJWWpiMNolRm2DG5idoQZhK7xfv432Vzh3CzDkqtLqQryNnV0BPSiiT7niGeNn3Robs8cHUjqyLDtBCD3dCJxk5svIAYyfs0NxsbTLV35b9ARAHEQslUez%2BjeIC7IAlQHXHqYcExTo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dcebcb2c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 mediaelement-and-player.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
20 KB 29ms
29ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 105627
etag: W/"56716d42-11571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNmWIDk9z6cE1Qv8MxXvopZ9eohTlwSV%2BMkwazBGHKksqtkCZBHH6%2FCLT1aInpSEg8eSg3HpuxD2wqb5ivA8Pwo1SQbrfVT38RnJUUh4ECLQGO5LLqyFGJdSHIQzpGy2nl8AqYN5VsJv9WrKsD58%2F89B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd0be72c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 jquery.swipebox.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 11 KB
4 KB 34ms
34ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 105627
etag: W/"56710b89-2a67"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ubv95Ne5yTTcXaqj6G7mfQJtjrBehEcKCJW5JGX2SPNtBX80FMtxv3ihs24xOLPxpvdcA4zVCM1AoVFPEekJHvW9BdtljUqBGGeOdFXuH3VBQe43bSi8NY8lrcnp7XujCswKCyDrtYQEFZ%2FRqur9cY7T"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd2bf72c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 jquery.circliful.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 3 KB
1 KB 27ms
26ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 105627
etag: W/"56710b89-c18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVf%2B7DjWo5rspUXJTDbv8bBmCfLhAECx4v%2FHuxTY1L7OFq0IF5gRJDSnr2FcIWogPIZwyWTtQ6XIjPNW%2F69Cm%2FAoHs%2BDXT4dt57ALR5tgvAGdqNk1odkwUkrHd5NZITBFnkgp3S5%2BJb%2BjU%2B6ZvxmKin6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd4c0d2c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 jquery.smarticker.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 13 KB
4 KB 50ms
48ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 105627
etag: W/"56710b89-3225"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BHd%2FG6LMMZaRAXg%2BE67%2BJEE29a6OJIH2p16Bg%2BJcQZuQooBP3zrlbqLIUdOJH9vLXQqAtERLDG8X8vYzO2mHjtAlRfS8whmg2URPDsoNeYfDGMJi3wm%2FxRHg7AQV57tHj8S760zjXVmyU46eSphfFfny"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd4c0f2c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H3 200 custom.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 10 KB
3 KB 46ms
44ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17569
cf-polished: origSize=12756
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: cloudflare
etag: W/"56710b88-31d4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=23uaiBwZRoqBlHWD3dJql4deai34shsE9oOFic%2B8AeDoW5atA%2Bj%2F0%2FWoUQ8oR5XwYpeJLOBJlH6hOCtb1oLkirEtwH9SeB6TBuXWOA4DVEaKnrn%2B0vuf1of5AVW%2B3afTuI%2BV3g7pXiO7a2vqCkh5lRY7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd4c112c4b-FRA
expires: Mon, 08 May 2023 21:17:18 GMT

GET
H3 200 sharing.js Show response
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/ 12 KB
4 KB 31ms
29ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=12.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c11433c4dc7cf18972c22ca0f2cf78493b92aaf89bab4dab47c6c9b6c551d50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 105627
cf-polished: origSize=18206
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:58 GMT
server: cloudflare
etag: W/"64330822-471e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5008cbnQFE0gKKco4FjYf%2BdxTtZZ9Cn5uN%2FsIgstvVjd0%2B2qyTbW%2BIatlIqOnly99VUW5hKaC%2BeERqNQ0i7ojk5%2FCX4MlS%2BD7P67zYkAuwHfQG64WS3HCsxAgCHoHi8e3oqgWF4EWqbhaCUtLKmN34U"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd4c122c4b-FRA
expires: Sun, 07 May 2023 20:49:40 GMT

GET
H2 200 e-202318.js Show response
stats.wp.com/ 9 KB
3 KB 73ms
21ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202318.js
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn
date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 22 Apr 2024 22:03:42 GMT

GET
H3 200 twemoji.js Show response
securityaffairs.com/wp-includes/js/ 17 KB
5 KB 75ms
73ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/twemoji.js?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441289
cf-polished: origSize=33089
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-8141"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmUlxPPlNAYuITIH2Z8Sgk5i4BQZqSY59RxxRzWfqCcjfBexDEnswQAAQQNRCiRGtEJZbn6SvMpNVgouW2cxl1y80SmKvgx2UEHUT%2FAsIZBOnP2zCSMGK6eqXG9ovx6ktKu4coiwVHtskYwQ43gN6np4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd4c152c4b-FRA
expires: Wed, 03 May 2023 23:35:18 GMT

GET
H3 200 wp-emoji.js Show response
securityaffairs.com/wp-includes/js/ 4 KB
2 KB 76ms
74ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/wp-emoji.js?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 434775
cf-polished: origSize=8969
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-2309"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8yDIbrilKDUmh4ReBzd4EaloOLcJxhuAJc3n5jo3gIASvn2odSDc66AQ3L7bowdJcg2ox%2FGuE2y7F2SoElEZZAyweqvOU4ZDsj9ddf2ztsNaWU7IHS949N9lR0TkJjZHBTmKNiPii96Xgicl4%2BuF2TzK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7c0cb9dd4c162c4b-FRA
expires: Thu, 04 May 2023 01:23:52 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/ 354 KB
119 KB 91ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f73f10c4cd21cea59b0c0c2fe4ecf1c7879c1e758bcbaa0cad57635c7eac1d17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122007
x-xss-protection: 0
server: cafe
etag: 14190887543009381547
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230426/r20190131/ Frame A929 10 KB
5 KB 74ms
22ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230426/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 69742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 May 2023 06:47:45 GMT
etag: 2378337311435320485
expires: Mon, 15 May 2023 06:47:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 63aa5463b92caa0012f81022.js Show response
buttons-config.sharethis.com/js/ 438 B
883 B 481ms
414ms Script
text/javascript 2600:9000:206f:6000:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/63aa5463b92caa0012f81022.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:6000:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:08 GMT
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Wed, 28 Dec 2022 04:37:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256
etag: "d0446970cab2a3b08a2f4f8bdf2fbef7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 438
x-amz-cf-id: -nN1AuRKBrxYEMjUT9VsCCvq5JKBJKnYTNAyojB9NuxuOPIpZt29Bw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 105 KB
41 KB 107ms
44ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cbd8f24387a9f9e5b964508b65b558b5ce421f53d357dbcbe83201f9625aab55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41496
x-xss-protection: 0
last-modified: Tue, 02 May 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 02 May 2023 02:10:07 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
406 B 109ms
24ms XHR
text/plain 3.68.25.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.com&location=%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Iranian%20govt%20uses%20BouldSpy%20Android%20malware%20for%20internal%20surveillance%20operationsSecurity%20Affairs&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Iranian%20authorities%20have%20been%20spotted%20using%20the%20BouldSpy%20Android%20malware%20to%20spy%20on%20minorities%20and%20traffickers.%20Researchers%20at%20the%C2%A0Lookout%20Threat%20Lab%C2%A0have%20discovered%20a%20new%20Android%20surveillance%20spyware%2C%20dubbed%20BouldSpy%2C%20that%20was%20used%20by%20the%20Law%20Enforcement%20Command%20of%20the%20Islamic%20Republic%20of%20Iran%20(FARAJA).%20The%20researchers%20are%20tracking%20the%20spyware%20since%20March%202020%2C%20starting%20in%20%5B%E2%80%A6%5D&ua=&ua_mobile=false&ua_full_version_list=

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.68.25.145 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-68-25-145.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 02 May 2023 02:10:07 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 97ms
36ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:08:14 GMT
x-content-type-options: nosniff
age: 345713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Apr 2024 02:08:14 GMT

GET
H2 200 TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v49/ 17 KB
18 KB 145ms
85ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 16:07:32 GMT
x-content-type-options: nosniff
age: 208955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17908
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:23:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 16:07:32 GMT

GET
H3 200 fontawesome-webfont.woff
securityaffairs.com/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 56ms
55ms Font
application/font-woff 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7935926
etag: W/"56710b81-ad90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xw%2BEy5%2FRfQ1o2AzBeRAHq2HJuxNSD2RWRE6B74B9Yr8ylDqNeMZ%2FjU2andoLch5I6SjcVzu014akFsPoVQf2KnJIW3EX5Cp8UI1MC0Ww7b0PGdjKhxgRyiCLswP3I3%2BN2ZHrn%2FNX12aOEkrfdch%2FMUDZ"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: public, max-age=315360000
cf-ray: 7c0cb9dd6c272c4b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v30/ 35 KB
35 KB 116ms
56ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 23:53:29 GMT
x-content-type-options: nosniff
age: 180998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35764
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 23:53:29 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v23/ 24 KB
24 KB 86ms
27ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 10:56:53 GMT
x-content-type-options: nosniff
age: 227594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24408
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:50:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 10:56:53 GMT

GET
H2 200 S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v23/ 24 KB
24 KB 140ms
81ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u_w4BMUTPHjxsI5wq_Gwft.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 16:51:53 GMT
x-content-type-options: nosniff
age: 206294
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24448
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:41:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 16:51:53 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 133ms
74ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 15:23:38 GMT
x-content-type-options: nosniff
age: 211589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 15:23:38 GMT

GET
DATA 200
OK truncated
/ 6 KB
6 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51df3ca60fafe5df2786ce34c4b6dff5af9bb0a061f1808783f65bb1016e016d

Request headers

Referer
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 93ms
20ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 02 May 2023 02:10:07 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Tue, 02 May 2023 02:15:07 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/ 30 KB
30 KB 64ms
54ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 01:09:36 GMT
server: nginx
etag: "90081d39f1874091"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 30524
expires: Thu, 26 Dec 2024 13:09:36 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/ 7 KB
7 KB 64ms
54ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 01:09:36 GMT
server: nginx
etag: "f66b518bba6e1555"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7234
expires: Thu, 26 Dec 2024 13:09:36 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/ 19 KB
19 KB 64ms
54ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 01:09:36 GMT
server: nginx
etag: "d8c02e2ccf1e41bf"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 18968
expires: Thu, 26 Dec 2024 13:09:36 GMT

GET
H2 200 EU-Blog-e.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/ 13 KB
13 KB 65ms
55ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 00:56:49 GMT
server: nginx
etag: "a583ea31753e6f10"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length: 13098
expires: Thu, 26 Dec 2024 12:56:49 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 57ms
38ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=29506073&post=145550&tz=0&srv=securityaffairs.com&j=1%3A12.0&host=securityaffairs.com&ref=&fcp=0&rand=0.04174772111287761
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 02 May 2023 02:10:07 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 405 B
609 B 81ms
29ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.com&callback=_gfp_s_&client=ca-pub-4918072057181794

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23a9895ac977d252cdc96613a29bd2cd21c626dd2b604bd17353bceccdcb7095

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 82ms
30ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 81ms
30ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 54ms
53ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=0&y=1130.4

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 076A 313 KB
72 KB 953ms
952ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1682993407&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993407258&bpp=305&bdt=166&idt=548&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5552670351622&frm=20&pv=2&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=578

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c056583ff9e87fa2ae2fb7bb4bc2cc1a268b822d201977e081fbefc0c3f9bb99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 73026
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 02:10:08 GMT
expires: Tue, 02 May 2023 02:10:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
77 KB 40ms
39ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8eee8d3773e9a7a57a8c6fa1b924c41f67955fd3ae781c6463ab5516a43a53b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79157
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 02 May 2023 02:10:07 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 92ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=45je34q0&_p=1337804744&_gaz=1&cid=1934843089.1682993408&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682993407&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&dt=Iranian%20govt%20uses%20BouldSpy%20Android%20malware%20for%20internal%20surveillance%20operationsSecurity%20Affairs&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 101ms
32ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NPN4VEKBTY&cid=1934843089.1682993408&gtm=45je34q0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 84ms
32ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NPN4VEKBTY&cid=1934843089.1682993408&gtm=45je34q0&aip=1&z=561493103

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 81ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=45je34q0&_p=1337804744&cid=1934843089.1682993408&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682993407&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&dt=Iranian%20govt%20uses%20BouldSpy%20Android%20malware%20for%20internal%20surveillance%20operationsSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 37ms
36ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230426&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea76babd83707a24f887db0fc189eabcecea57aaa9b2299b48f2782089880323

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11264
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/ 148 KB
50 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae5df839382d891ca4ed6846b97d98b0647adfbbb90edcf1522ebe758fb496fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51483
x-xss-protection: 0
server: cafe
etag: 618040338475808197
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:08 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 31ms
30ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 32ms
31ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 68A9 89 KB
33 KB 673ms
673ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

345a9418fe47ed3ba7e132907eddefb2e78e5f7af8948ae1f41dbc7f12c4ded9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33882
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 02:10:09 GMT
expires: Tue, 02 May 2023 02:10:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0A20 89 KB
33 KB 722ms
721ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c7a2192dbea2a355f654cb004b78c1dba237ad32e83636c4949502dec4174ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33818
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 02:10:09 GMT
expires: Tue, 02 May 2023 02:10:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 81ms
31ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 02 May 2023 02:10:09 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
32ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 64ms
64ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/ Frame 29DA 10 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 69739
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 May 2023 06:47:49 GMT
etag: 2378337311435320485
expires: Mon, 15 May 2023 06:47:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/ Frame 9B3A 10 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 69739
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 May 2023 06:47:49 GMT
etag: 2378337311435320485
expires: Mon, 15 May 2023 06:47:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 29DA 5 KB
659 B 77ms
32ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

831997ce334905a4fc3c7f0673c30bd34701f9810d87b19335aea228804ae38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 00:13:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:09 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 29DA 205 B
295 B 74ms
26ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 21:15:42 GMT
x-content-type-options: nosniff
age: 17667
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 30 Apr 2024 21:15:42 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 29DA 604 B
918 B 73ms
25ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 01:19:21 GMT
x-content-type-options: nosniff
age: 3048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 01 May 2024 01:19:21 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/elements/html/ Frame 29DA 19 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0761599a569a3a6c03de9e05afc2cf135fb6581abb26c89b3615f46988b31fad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:11:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21545
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8031
x-xss-protection: 0
server: cafe
etag: 4566461469134147509
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:11:04 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 9B3A 2 KB
846 B 20ms
20ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame 9B3A 22 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8751
x-xss-protection: 0
server: cafe
etag: 8024400250147624166
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 9B3A 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 19:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 19:52:57 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 9B3A 19 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7fc4a99ab664906d545b36b310a40b58d9e41986fcd9318ac8f6f90e41d61b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7966
x-xss-protection: 0
server: cafe
etag: 10783182253924109600
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9B3A 160 KB
49 KB 1812ms
1762ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50021
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682940967289926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:10 GMT

GET
H2 200 dc885651c24f3a38cf2b2dda4c5c7197.js Show response
www.gstatic.com/mysidia/ Frame 9B3A 32 KB
14 KB 51ms
20ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dc885651c24f3a38cf2b2dda4c5c7197.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14c77f954be37da1e7fba8efd1279e7ece7e384d33b8375d6e6a1ce013daaf47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 12:11:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13586
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 00:18:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 24 Jul 2023 12:11:33 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5CF6 13 KB
5 KB 22ms
19ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 143829
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 30 Apr 2023 10:13:00 GMT
expires: Mon, 29 Apr 2024 10:13:00 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 739A 783 B
1 KB 83ms
33ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b49c4f3b969b69de96e326754295f29420886ba784496ec0ec5f691febe03335

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YBCKHA1whs-Ft8-EvixZfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-YBCKHA1whs-Ft8-EvixZfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 02:10:09 GMT
expires: Tue, 02 May 2023 02:10:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js Show response
pagead2.googlesyndication.com/bg/ Frame 5CF6 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86763b3f34e35a1e1792c4de31f96a5e23d65544993cd91ba583ee971b43184f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 14:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14132
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Apr 2024 14:05:51 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 676E 9 KB
921 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

400fabe35a47597142482001174f415493a18dc7e1d35f2f66385013b7dd1e02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 00:17:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 676E 2 KB
765 B 21ms
20ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame 676E 22 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8751
x-xss-protection: 0
server: cafe
etag: 8024400250147624166
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 676E 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 19:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 19:52:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 676E 19 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7fc4a99ab664906d545b36b310a40b58d9e41986fcd9318ac8f6f90e41d61b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7966
x-xss-protection: 0
server: cafe
etag: 10783182253924109600
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 676E 160 KB
49 KB 1790ms
1787ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50021
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682940967289926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:10 GMT

GET
H2 200 dc885651c24f3a38cf2b2dda4c5c7197.js Show response
www.gstatic.com/mysidia/ Frame 676E 32 KB
13 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dc885651c24f3a38cf2b2dda4c5c7197.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230426/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14c77f954be37da1e7fba8efd1279e7ece7e384d33b8375d6e6a1ce013daaf47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 12:11:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13586
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 00:18:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 24 Jul 2023 12:11:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 739A 0
0 54ms
54ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230426&jk=3507321903435693&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5CF6 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?wDOB3A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:09 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 68A9 4 KB
645 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12a3831e778d8969aad8052ad463f9ecc63745c97c994c4e8b15c04e46f49b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 00:30:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 68A9 2 KB
765 B 21ms
19ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame 68A9 22 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8751
x-xss-protection: 0
server: cafe
etag: 8024400250147624166
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 68A9 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 19:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 19:52:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 68A9 19 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7fc4a99ab664906d545b36b310a40b58d9e41986fcd9318ac8f6f90e41d61b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7966
x-xss-protection: 0
server: cafe
etag: 10783182253924109600
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 68A9 0
0 28ms
28ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTrKRt2AGX3pJ7eQomzOaAZRU4BPhZ7u8u5n6HxRcR2UVluo7WckMEUpz5LmAwtIX33mB0_Q-PUFmilVPJ9ZeANTEX_Yg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 68A9 0
0 70ms
69ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CxpIAAHFQZJmyOMfs3wPZubawB_jg3t1u663-_6kR-Lfq248OEAEgu6PgmAFglfrwgYwHoAHOwcykA8gBCakCuEm_tTNnsj6oAwHIA8sEqgSOAk_Q6GJAbWtMt3iylC-y0Kerq1zfeEKDSFYSC8zM2xBBWsiy3EEzXdx2iUkOJaCDCGV03dGpEPPAQ_BWDGQONF2wu0efIgX-Sl6qChrjcmzCYrMb0qJQsQ8uWhdigWJmG25XrMva1IgHJgdHIcLggRTfoN4nQyId3o1kBDwedQV0KRnqf9u8nZOBdP8jSfsFiHXY1Zz1hCkuuqry22l2dhAEeEYMMmDyzWVUx8KrzwL2ZCtmNjnS2uyvR3kaSASaYTNQUZDWUo2YKhmWwzoI2CeHo8mDhDrPBi_jBu9OVEbwJaWLGmA94Xz53iW0MbgCyDDV0VyMJNfZfMf88usCSqZeSKeyVP519Pyh0tg2LMAE1riu6Y4EkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5q-s1uoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDdsx3SCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgT5APYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNDkxODA3MjA1NzE4MTc5NBgA&sigh=KY4lRf1nZQo&uach_m=[UACH]&cid=CAQSPABygQiD7btbV1fXq7XFqOQ2q6g-rHeS9oH1AxvL0UES5Jia0lFtyT_NnHzm-efddDZkYsPGTGnoFuMEIhgB&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 02 May 2023 02:10:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 68A9 160 KB
49 KB 1265ms
1264ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50021
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682940967289926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:10 GMT

GET
H3 200 dc885651c24f3a38cf2b2dda4c5c7197.js Show response
www.gstatic.com/mysidia/ Frame 68A9 32 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dc885651c24f3a38cf2b2dda4c5c7197.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14c77f954be37da1e7fba8efd1279e7ece7e384d33b8375d6e6a1ce013daaf47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 12:11:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13586
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 00:18:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 24 Jul 2023 12:11:33 GMT

GET
H3 200 2071870733357889359
tpc.googlesyndication.com/simgad/ Frame 68A9 2 KB
2 KB 21ms
21ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2071870733357889359?w=200&h=200

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03d77cf0c86cd7b4a430582b571f95de7a42c82f9da439f986285dee1a999506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 21:24:44 GMT
x-content-type-options: nosniff
age: 189925
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2475
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 15:59:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Apr 2024 21:24:44 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/13479303726054960395/ Frame 68A9 15 KB
15 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13479303726054960395/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ccb5fdfa33da181822fbe239bb9eaff6deec00bc2376866fbbdfa2f2cd0e8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 19:33:15 GMT
x-content-type-options: nosniff
age: 196614
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15522
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 22:57:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Apr 2024 19:33:15 GMT

GET
DATA 200
OK truncated
/ Frame 68A9 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 16B2 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25784
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 May 2023 19:00:25 GMT
etag: 48472445140208031
expires: Tue, 02 May 2023 19:00:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 68A9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4fb7b8c4ef5e08265ce2004bb3c358a84ab164f2de8fe2382238230fac245ee9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 16B2
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHdyRkWNXsn_m1k9wOnfJak&google_cver=1&google_push=ATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHdyRkWNXsn_m1k9wOnfJak&google_cver=1&google_push=ATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_c...

43 B
443 B

199ms
189ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHdyRkWNXsn_m1k9wOnfJak&google_cver=1&google_push=ATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:10 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c0cb9ebed642bd9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 818
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHdyRkWNXsn_m1k9wOnfJak&google_cver=1&google_push=ATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGM6NbdGjcpXfcjja3KCigutqaPcLmAY8KLEid9b2tRuQvexiD6fmKsPzR9vAF5FItRqsoLcTtgn5A2HgDQHJMgQ-JxwL_cE6ak%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c0cb9eabcd12bd9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 16B2
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIZMflfqS-zs7uNfUSahofg&google_cver=1&google_push=ATf1kGMYPS7VY0aHYU-koodATEjNcaMhacZSJHgOYah5N0L4L_PyzcXVUFhZnzhARrhF8auxv8vW5U9aaopaWx8xQJZ23vViM9q7me4
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D3E1EF51DB434C9D8F828160355857EE&google_push=ATf1kGMYPS7VY0aHYU-koodATEjNcaMhacZSJHgOYah5N0L4L_PyzcXVUFhZnzhARrhF8auxv8vW5U9aaopaWx8...

170 B
232 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D3E1EF51DB434C9D8F828160355857EE&google_push=ATf1kGMYPS7VY0aHYU-koodATEjNcaMhacZSJHgOYah5N0L4L_PyzcXVUFhZnzhARrhF8auxv8vW5U9aaopaWx8xQJZ23vViM9q7me4

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 02 May 2023 02:10:09 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D3E1EF51DB434C9D8F828160355857EE&google_push=ATf1kGMYPS7VY0aHYU-koodATEjNcaMhacZSJHgOYah5N0L4L_PyzcXVUFhZnzhARrhF8auxv8vW5U9aaopaWx8xQJZ23vViM9q7me4
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 01 May 2023 02:10:09 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 16B2 70 B
265 B 154ms
45ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEMZZe-rn5fwc5d2Zj_spBSY&google_cver=1&google_push=ATf1kGOpFx4DMFienhFrt5MAi6s94QWb4Aul3jN-pYvYSAWKQcaAeEkOuh9iL_4MCT-9Y1w630_NwmpgTSkJCfObPPo1-lTH0-Ln_x8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=3&bdt=1798&idt=-M&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0&nras=2&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hyn1OPEhdZ&p=https%3A//securityaffairs.com&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 16B2
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDw4jtwouT3ECT0SQnFfyIg&google_cver=1&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIX...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDw4jtwouT3ECT0SQnFfyIg&google_cver=1&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1...
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=1366fdba-6969-4f6a-9755-320f0e05aafa&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIXRpoxB1fGIpU&google_hm=Vk2jvqytTeGuus7W_jsy...

170 B
188 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIXRpoxB1fGIpU&google_hm=Vk2jvqytTeGuus7W_jsygw==

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPfq-o3SM3CHL_9N2s6MbpNu7KN5jCRE0ayV-N8tYcma17tODuE4S-EzVMqeVd3okQzOGVUFic3A2-gi1oGmnIXRpoxB1fGIpU&google_hm=Vk2jvqytTeGuus7W_jsygw==
date: Tue, 02 May 2023 02:10:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 16B2
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEKGoRKez5Bl4sV1nC-hjk54&google_cver=1&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKGoRKez5Bl4sV1nC-hjk54&google_cver=1&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAX...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS2php32PE

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS2php32PE

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPeiH7FLLu0pqqJ4I8ImdXgYT-Rew8DnqI0HadInalnEHfKMQuyR4zXcFmayF6NUkrA6M4mrghJMRwmKNqzbzoAXwS2php32PE
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 16B2
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_push=AT...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_hm=ZFBxAXHJG8q3qaB3RvFjmwAACF0AAAAB&google_nid=index&google_push=ATf1kGMFxKO2AoHXkHFap1lexxcxASNAvAKVv...

170 B
232 B

35ms
34ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_hm=ZFBxAXHJG8q3qaB3RvFjmwAACF0AAAAB&google_nid=index&google_push=ATf1kGMFxKO2AoHXkHFap1lexxcxASNAvAKVvN1vDg-b8TV3iwtDrGP-cTnNoN5RpqFoGBgvKGdz8wprxOI6UQiPZpF-cE3M8j5YFA8

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 02 May 2023 02:10:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVGTTIG6DcXbUx3H2q3jFc&google_hm=ZFBxAXHJG8q3qaB3RvFjmwAACF0AAAAB&google_nid=index&google_push=ATf1kGMFxKO2AoHXkHFap1lexxcxASNAvAKVvN1vDg-b8TV3iwtDrGP-cTnNoN5RpqFoGBgvKGdz8wprxOI6UQiPZpF-cE3M8j5YFA8
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 16B2
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEESL1brVVdaRtQTG2BOkHBo&google_cver=1&google_push=ATf1kGNCq5UE_MmLI7p9BMoW1VXCDopf9AxcoaIJ5zeXTkTm0_lUvJwI3xLUdreNgKGYOVNbipZJZSdCEHg4...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNCq5UE_MmLI7p9BMoW1VXCDopf9AxcoaIJ5zeXTkTm0_lUvJwI3xLUdreNgKGYOVNbipZJZSdCEHg4qRM5mWDiIl8pdWYJnVw

170 B
329 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNCq5UE_MmLI7p9BMoW1VXCDopf9AxcoaIJ5zeXTkTm0_lUvJwI3xLUdreNgKGYOVNbipZJZSdCEHg4qRM5mWDiIl8pdWYJnVw

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNCq5UE_MmLI7p9BMoW1VXCDopf9AxcoaIJ5zeXTkTm0_lUvJwI3xLUdreNgKGYOVNbipZJZSdCEHg4qRM5mWDiIl8pdWYJnVw
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 16B2 0
139 B 119ms
29ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LEd9Y0D7BKg2RPPNWD2Ok-OaGce58DHy_Qph26_ibkR7IXOjo7AOKXVObg5Fo17uOQGGH0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 css
fonts.googleapis.com/ Frame 0A20 4 KB
645 B 35ms
34ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12a3831e778d8969aad8052ad463f9ecc63745c97c994c4e8b15c04e46f49b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 May 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 May 2023 00:12:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 May 2023 02:10:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 0A20 2 KB
765 B 22ms
22ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame 0A20 22 KB
9 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8751
x-xss-protection: 0
server: cafe
etag: 8024400250147624166
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 0A20 3 KB
1 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 19:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 19:52:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 0A20 19 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7fc4a99ab664906d545b36b310a40b58d9e41986fcd9318ac8f6f90e41d61b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 20:05:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7966
x-xss-protection: 0
server: cafe
etag: 10783182253924109600
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:05:22 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0A20 0
0 43ms
42ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQTL2_8-uOWgHUerivYIIc-g5cO3nNLrorBeRPn7Qb92RWmQbv2oS3dZ8tkAh9XZvNi33YXpJ83wo_6nOY3frl-YFQ6iA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0A20 160 KB
49 KB 1198ms
1197ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50021
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682940967289926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 May 2023 02:10:10 GMT

GET
H3 200 dc885651c24f3a38cf2b2dda4c5c7197.js Show response
www.gstatic.com/mysidia/ Frame 0A20 32 KB
13 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dc885651c24f3a38cf2b2dda4c5c7197.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14c77f954be37da1e7fba8efd1279e7ece7e384d33b8375d6e6a1ce013daaf47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 12:11:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13586
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 00:18:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 24 Jul 2023 12:11:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0A20 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C6TSzAHFQZOCIOoew3gOxxbCADISD8K9s6uTd79sQhs7_lYQbEAEgu6PgmAFglfrwgYwHoAHFyIjxKMgBCakCuEm_tTNnsj6oAwHIA8sEqgSfAk_QSWRaOa3MNKRq-bOFTg-yi7Fp7Do5qU2N4VmQfaE8QKk8cB4dZu6bDtIqq9CeJWLS6fC8ASreMzxphDXgt6rXrVr2eFa3JTtWm0G4UlHF7Rwj2BNHo24cjXau1J_l4aNkMWHNDOYPQQ5M8lpRECugLgsoHUHowqueFQb2WioCzRHn4oBzq7nAREpSCgxfqSqWVT3WbnG9aXMAQbSjud1S2mpxvXTEoPPN0RqGoZiEbStiQEIa6dD89rSAd4jHl6WXPKcINiEICAGFG7FJ6cJa1fTlv4jkHwHasLugs3MlCN5Ylvr1iN46CjsjuibH1ezqJVlhsGPUyTKStZ7QM3CfTWjop9LwSWeSo3_4I3O6m7EUZ0wPRSx2CekMZJRgwATUr4yblASSBQQIBBgBkgUECAUYBKAGLoAHxYDZ0AOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCMv0zSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgT5APYEwrQFQGAFwGyFxwKGggAEhRwdWItNDkxODA3MjA1NzE4MTc5NBgA&sigh=AJJcps9AKeY&uach_m=[UACH]&cid=CAQSPABygQiD2LjShrZuF0LahDYRSClajs33pH1ne3eEunncmaXLUQuHX0HtifpPWpFfs3GV6R1IdMXChkziehgB&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 02 May 2023 02:10:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A754 1 KB
643 B 27ms
26ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25784
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 01 May 2023 19:00:25 GMT
etag: 48472445140208031
expires: Tue, 02 May 2023 19:00:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/14830985580934723343/ Frame 0A20 10 KB
10 KB 31ms
30ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14830985580934723343/14763004658117789537?w=200&h=200

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

618263cefa7d230c8dab3d54ee969d3715832d80866b631b5a6c19bfca423ee3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 22:17:57 GMT
x-content-type-options: nosniff
age: 13932
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10497
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 15:44:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 30 Apr 2024 22:17:57 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1644933647819855795/ Frame 0A20 65 KB
65 KB 34ms
33ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1644933647819855795/14763004658117789537?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fda0696de445ae864a68bc71a2932decf343924edf7084881b28f909d7328d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 22:31:00 GMT
x-content-type-options: nosniff
age: 99549
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66684
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 15:44:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Apr 2024 22:31:00 GMT

GET
DATA 200
OK truncated
/ Frame 0A20 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0A20 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37a832ebe6fa012de57ae9d2adb43568779068011655f72500f2d9fe49b7f418

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame A754 35 B
463 B 82ms
21ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDnXLNmWJbejp3BMOFitRxs&google_cver=1&google_push=ATf1kGNiHAWW5Yt8WgaeY06tuMmhRaMI3QUtSTqX2AzRYEeUm5LbYDZt6zZaHgChL7a3stcrxNgf7DDGmbczLp_xOzwRrLVwqOQkL48

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A754
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIStqsNO5Iye-yzUUkProhc&google_cver=1&google_push=ATf1kGMlan3bZWMgFvWfJixZfIkDgYQ3kLWOeCpMPnkaBJcjSUXQWIZBJpP9Tq8cPTwLl0ca_iETteyARhEDXNqo...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMlan3bZWMgFvWfJixZfIkDgYQ3kLWOeCpMPnkaBJcjSUXQWIZBJpP9Tq8cPTwLl0ca_iETteyARhEDXNqohxdTeyvryLI14TM

170 B
188 B

37ms
36ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMlan3bZWMgFvWfJixZfIkDgYQ3kLWOeCpMPnkaBJcjSUXQWIZBJpP9Tq8cPTwLl0ca_iETteyARhEDXNqohxdTeyvryLI14TM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 02 May 2023 02:10:09 GMT
Server: MT3 830 785530e master zrh-pixel-x8 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGMlan3bZWMgFvWfJixZfIkDgYQ3kLWOeCpMPnkaBJcjSUXQWIZBJpP9Tq8cPTwLl0ca_iETteyARhEDXNqohxdTeyvryLI14TM
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 02 May 2023 02:10:08 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A754
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIG69tpf7j4WnGKt4Xm1V8U&google_cver=1&google_push=ATf1kGPZtPhh89so1DnELuhwmxsiRlo4GFYZUwRRhikKEXWmcvk2B_AUMXuEHN6TBxhWExm-TFyRMST4aF6-31kDVt29ChYJiSiji0v6
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2C6E79068494B469983CA4F4AD3BF28&google_push=ATf1kGPZtPhh89so1DnELuhwmxsiRlo4GFYZUwRRhikKEXWmcvk2B_AUMXuEHN6TBxhWExm-TFyRMST4aF6-31k...

170 B
232 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2C6E79068494B469983CA4F4AD3BF28&google_push=ATf1kGPZtPhh89so1DnELuhwmxsiRlo4GFYZUwRRhikKEXWmcvk2B_AUMXuEHN6TBxhWExm-TFyRMST4aF6-31kDVt29ChYJiSiji0v6

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 02 May 2023 02:10:09 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2C6E79068494B469983CA4F4AD3BF28&google_push=ATf1kGPZtPhh89so1DnELuhwmxsiRlo4GFYZUwRRhikKEXWmcvk2B_AUMXuEHN6TBxhWExm-TFyRMST4aF6-31kDVt29ChYJiSiji0v6
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 01 May 2023 02:10:09 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A754
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPA36a0pWw1MO7ysTYjjo20&google_cver=1&google_push=ATf1kGPrU3ZcL6R9QBvK9P5vTx6eesKvufpnYLshRKCINrJa8WI8L4-HhJ15tAtq-CD_gtvAnmmIMJboa2F...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPrU3ZcL6R9QBvK9P5vTx6eesKvufpnYLshRKCINrJa8WI8L4-HhJ15tAtq-CD_gtvAnmmIMJboa2F3ZSRd9kAyqXtklVjAXyE6&google_hm=v4PFXH5uRWuhkUPj...

170 B
232 B

36ms
34ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPrU3ZcL6R9QBvK9P5vTx6eesKvufpnYLshRKCINrJa8WI8L4-HhJ15tAtq-CD_gtvAnmmIMJboa2F3ZSRd9kAyqXtklVjAXyE6&google_hm=v4PFXH5uRWuhkUPjUtJRwLc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:10 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPrU3ZcL6R9QBvK9P5vTx6eesKvufpnYLshRKCINrJa8WI8L4-HhJ15tAtq-CD_gtvAnmmIMJboa2F3ZSRd9kAyqXtklVjAXyE6&google_hm=v4PFXH5uRWuhkUPjUtJRwLc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame A754 0
173 B 95ms
29ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMW8SHH4a0-u6y0CosyuXzQ&google_cver=1&google_push=ATf1kGMeJwyiEkEvibfKEW1BN0iS8SOpWwSsgYuUCZZq99esolwn4rPBGV-EpGToH-78pzgCP2LLOExYfAUuWzWysIjlhWgyby2SdwCs
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:09 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A754
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKjEu7pYb9yjKq_2bT_5JMg&google_cver=1&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1LQ...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKjEu7pYb9yjKq_2bT_5JMg&google_cver=1&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHY...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzA0MTcwNTM0NjA3Mjc4OTMxMw&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1...

170 B
188 B

31ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzA0MTcwNTM0NjA3Mjc4OTMxMw&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1LQr-WkTXYh4_j9dODNuoBMYNVQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzA0MTcwNTM0NjA3Mjc4OTMxMw&google_push=ATf1kGMxfeKw6av2uBKmlt03-2D6u0OOi2-yNSfkLBEOSTRiY5GoMjgcRBUGuT6WGZW2f2JGjHYKB1LQr-WkTXYh4_j9dODNuoBMYNVQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A754
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=UGaiES1HRKuAZ3R1D0hltw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=UGaiES1HRKuAZ3R1D0hltw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM1Ng8qAWeuLUoCYL1jWJcMR2R74Xj4VJmvJGxhJ9LNqNPF3cMXkptEeknqPXC8kSIZ93Kp8EvTwR9g3RHGP2ZMjYyBKp2M_Bfh

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=UGaiES1HRKuAZ3R1D0hltw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM1Ng8qAWeuLUoCYL1jWJcMR2R74Xj4VJmvJGxhJ9LNqNPF3cMXkptEeknqPXC8kSIZ93Kp8EvTwR9g3RHGP2ZMjYyBKp2M_Bfh
date: Tue, 02 May 2023 02:10:09 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A754 0
49 B 43ms
29ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lg2U5oAv0_XupgN0TZImfpPM1wGEQxF79qmrW0nO7WSm-R3AsKBVm-W_pbMiR8W0s8qtDX

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 02 May 2023 02:10:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0A20 15 KB
16 KB 25ms
21ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 205554
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 17:04:15 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 60ms
56ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230426&jk=3507321903435693&bg=!MjGlMWXNAAb9Sbh13Uk7ADkAdvg8WodZm_lCKh8XGuZ4jAxQi8Pi-d0hXIJgGtaWBh-sBfakVgFcVzGwWiGaTay9qArrOjTZ9d0CAAAAWlIAAAACaAEHmQL33XMgWZgdrJBjKc_2k2Z-QLNvRvaQtSVkG7_fKWuUtTWRjNNG7pioDVI_FTZC2FKMBezzl73usdRBeum_kvP0tsAr8zN8yzyZ4-WL11B3ep_vamILsp3M7iXLC0Upn0ODbMqJ7psigE2ezoeThG6yLJDB0kYEsxulQof5QozIlN66zX8V1EnqTi_OeiA9RyQAXhQNvDLPjsiTnsmKqBSBe8k_DaFWuHPUMXsx2YSUW69nQQT3MvC5COKE2Xr7Lfv0z2f-jckfQauEHXOp4KrX66XatHub_6RwtI7ch2JpAB3742qnPeGWufTzh727DVF9604a25rVCpkTCxXkDruTgXmvDyjgreYgzK_fQtEVdlRE1iv1VJh_bu82LIHBt05zvUndUHcTt-rPQ2FReh6myWgaY1KLxC4Qe7i-8hfsp9Xo_37F4eaEuTVuh-duCZHmifR27sB-U_7RmDr1uSlxa_Vm4n7ARqkjKyrhdf6WGumX8-_ET5xOzPEfg6elt_1_pEQlVJU1oeQGcLMwZaPH-AXWn4YG-jsvf1a_OuW4TIe1E5ViBOxevmtkT4tDKw1-RtqyVgMmLEqm2PcOgVzHcY5KSb53iR6D_AveEhI0r2KxV1ckwQFGjFHbRrb8RBJlk3xAgn5UZHc1h_77T-5eU0bPNsB6Z_6-nDMnV7Fsas14ateqZFNw8uGvLN3ex3e16LApHPFwZTCJBIepYCcMguBRrNorUwzaJdc9Lr6_VjQ6iVVdtRmGGW596IsfikqAax26MXhSq7qeDuGI6jS23jdeTX3BiTXoFbnCnkDXjTW0udWel4W5XM8lgYkKi2hxmDhsqJm01FIPZxFxAGKKp7ERjpl7sRB2OuEvQPPyY3FTkJnjpy317CGHUNfQmGJtkot0uHMSuTsoJ3CT3IE4j36cfqzUj5KMZk6dUkl2XgQWOtP4AuzBey3HxlwdnAxdm9zbuMMtFBVmdQUgKiTmD2CBhSqf3S_PhH-suvOsiMVOV6tCRkF5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 200 hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js Show response
pagead2.googlesyndication.com/bg/ Frame D992 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86763b3f34e35a1e1792c4de31f96a5e23d65544993cd91ba583ee971b43184f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 14:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14132
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Apr 2024 14:05:51 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68A9 15 KB
16 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 205556
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 17:04:15 GMT

GET
H3 200 hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js Show response
pagead2.googlesyndication.com/bg/ Frame B7A8 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/145550/hacking/iran-bouldspy-android-spyware.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86763b3f34e35a1e1792c4de31f96a5e23d65544993cd91ba583ee971b43184f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 14:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14132
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Apr 2024 14:05:51 GMT

GET
H3 200 hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js Show response
pagead2.googlesyndication.com/bg/ Frame 15BC 36 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.29~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1682993408&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F145550%2Fhacking%2Firan-bouldspy-android-spyware.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682993408890&bpp=2&bdt=1799&idt=2&shv=r20230426&mjsv=m202304260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D988454d2fe2f668b-22c027c7b6dd0009%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg&gpic=UID%3D00000bf3c96f6470%3AT%3D1682993407%3ART%3D1682993407%3AS%3DALNI_MZ330guFC3H1O0veC_htXccMPXn5A&prev_fmts=0x0%2C630x280&nras=3&correlator=5552670351622&frm=20&pv=1&ga_vid=1934843089.1682993408&ga_sid=1682993408&ga_hid=1337804744&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2547&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C44773810%2C31071756%2C31073967%2C31073973%2C44788441%2C44789762%2C44789779&oid=2&pvsid=3507321903435693&tmod=1182515026&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Y0TC4ZtS6S&p=https%3A//securityaffairs.com&dtd=36

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86763b3f34e35a1e1792c4de31f96a5e23d65544993cd91ba583ee971b43184f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 14:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14132
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Apr 2024 14:05:51 GMT

GET
H3 200 hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js Show response
pagead2.googlesyndication.com/bg/ Frame 9EA7 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hnY7PzTjWh4XksTeMflqXiPWVUSZPNkbpYPulxtDGE8.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86763b3f34e35a1e1792c4de31f96a5e23d65544993cd91ba583ee971b43184f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 14:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14132
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Apr 2024 14:05:51 GMT

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
securityaffairs.com/	1970-01-20 20:15:29	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.com/	1970-01-20 20:15:29	Name: cookielawinfo-checkbox-non-necessary Value: yes
.securityaffairs.com/	1970-01-20 21:05:53	Name: _ga_NPN4VEKBTY Value: GS1.1.1682993407.1.0.1682993407.60.0.0
.securityaffairs.com/	1970-01-20 21:05:53	Name: _ga Value: GA1.1.1934843089.1682993408
.securityaffairs.com/	1970-01-20 20:51:29	Name: __gads Value: ID=988454d2fe2f668b-22c027c7b6dd0009:T=1682993407:RT=1682993407:S=ALNI_MZE6HD5wOcJ71J3NhGqgTDJ32f0Fg
.securityaffairs.com/	1970-01-20 20:51:29	Name: __gpi Value: UID=00000bf3c96f6470:T=1682993407:RT=1682993407:S=ALNI_MZ330guFC3H1O0veC_htXccMPXn5A
.securityaffairs.com/	1970-01-20 21:05:53	Name: _ga_P62M3QN974 Value: GS1.1.1682993407.1.0.1682993407.0.0.0
.doubleclick.net/	1970-01-20 20:51:29	Name: IDE Value: AHWqTUkSfFQsd4TrpK6NDWaZZft112NXLsioS_Sik-K0RlPQ23UIJAJdL-Z0OEP8QzI
.bidswitch.net/	1970-01-20 20:15:29	Name: tuuid Value: 564da3be-acad-4de1-aeba-ced6fe3b3283
.bidswitch.net/	1970-01-20 20:15:29	Name: c Value: 1682993409
.bidswitch.net/	1970-01-20 20:15:29	Name: tuuid_lu Value: 1682993409
.simpli.fi/	1970-01-20 20:16:55	Name: suid Value: C2C6E79068494B469983CA4F4AD3BF28
.casalemedia.com/	1970-01-20 20:15:29	Name: CMID Value: ZFBxAXHJG8q3qaB3RvFjmwAA
.casalemedia.com/	1970-01-20 13:39:29	Name: CMPS Value: 2141
.casalemedia.com/	1970-01-20 13:39:29	Name: CMPRO Value: 2141
.de17a.com/	1970-01-20 20:08:17	Name: guid Value: 1.5670931007516638453
.quantserve.com/	1970-01-20 13:39:29	Name: d Value: EEIBCQHyKIEA
.quantserve.com/	1970-01-20 21:00:07	Name: mc Value: 64507101-c08c0-19f22-90e2a
.ctnsnet.com/	1970-01-20 20:15:29	Name: gid_CAESEPA36a0pWw1MO7ysTYjjo20 Value: 1
.ctnsnet.com/	1970-01-20 20:15:29	Name: cid_bf83c55c7e6e456ba19143e352d251c0 Value: 1
.blismedia.com/	1970-01-20 20:15:33	Name: b Value: 6450710110FCEFEFC1238D8FBLIS
.mathtag.com/	1970-01-20 20:55:48	Name: uuid Value: 1d3f6450-7102-4400-969f-c2aef7a9422d
.mathtag.com/	1970-01-20 12:13:05	Name: mt_mop Value: 4:1682993410
.pubmatic.com/	1970-01-20 11:31:19	Name: KTPCACOOKIE Value: YES
.adform.net/	1970-01-20 12:14:31	Name: C Value: 1
.pubmatic.com/	1970-01-20 20:15:29	Name: KADUSERCOOKIE Value: 5066A211-2D47-44AB-8067-74750F4865B7
.adform.net/	1970-01-20 12:56:17	Name: uid Value: 7041705346072789313
.sportradarserving.com/	1970-01-20 20:15:29	Name: zuuid Value: 1366fdba-6969-4f6a-9755-320f0e05aafa
.sportradarserving.com/	1970-01-20 20:15:29	Name: c Value: 1682993410
.sportradarserving.com/	1970-01-20 20:15:29	Name: zuuid_lu Value: 1682993410
.sportradarserving.com/	1970-01-20 20:15:29	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 20:15:29	Name: zuuid_k_lu Value: 1682993410
.tribalfusion.com/	1970-01-20 13:39:29	Name: ANON_ID Value: agnseFSkTseAutomjtplVjZasYiT1SqmfWevTZaZdgSgZaOwMHQ6Pa2DcSZb0C5b0SLKNjNTPfGMXdxQMM8LZbZcIbn

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.sportradarserving.com
a.tribalfusion.com
adservice.google.com
adservice.google.de
buttons-config.sharethis.com
c1.adform.net
cm.g.doubleclick.net
cms.quantserve.com
d5p.de17a.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
i0.wp.com
image6.pubmatic.com
l.sharethis.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
platform-api.sharethis.com
region1.analytics.google.com
region1.google-analytics.com
s.tribalfusion.com
secure.gravatar.com
securityaffairs.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
stats.wp.com
sync.mathtag.com
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
13.32.99.78
142.250.185.162
185.29.132.245
185.64.189.115
185.80.39.216
192.0.76.3
192.0.77.2
2001:4860:4802:32::36
2001:4860:4802:34::36
213.155.156.169
2600:9000:206f:6000:c:abe:f440:93a1
2606:4700:3031::ac43:8cd3
2606:4700::6812:18ad
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:801::2001
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:810::2002
2a00:1450:4001:811::2004
2a00:1450:4001:812::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9a
2a04:fa87:fffe::c000:4902
3.123.92.169
3.124.213.109
3.68.25.145
34.96.105.8
35.186.193.173
35.204.158.49
35.71.131.137
37.157.4.40
51.75.86.98
0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b
03d77cf0c86cd7b4a430582b571f95de7a42c82f9da439f986285dee1a999506
0761599a569a3a6c03de9e05afc2cf135fb6581abb26c89b3615f46988b31fad
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1009b5a8852ca3fdbdacabac3778cf9dea8f91a58d36466a5fe20d0441ead1f7
12a3831e778d8969aad8052ad463f9ecc63745c97c994c4e8b15c04e46f49b39
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
14c77f954be37da1e7fba8efd1279e7ece7e384d33b8375d6e6a1ce013daaf47
1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
23a9895ac977d252cdc96613a29bd2cd21c626dd2b604bd17353bceccdcb7095
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431
2b84941259a2fe0e8b9d858f6101c5eac1cc0477ef2c130c38cd22bafd6bb4d3
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
345a9418fe47ed3ba7e132907eddefb2e78e5f7af8948ae1f41dbc7f12c4ded9
3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11
37a832ebe6fa012de57ae9d2adb43568779068011655f72500f2d9fe49b7f418
400fabe35a47597142482001174f415493a18dc7e1d35f2f66385013b7dd1e02
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
47d522563a9f514094ee94ebcee33b1ab88ba91d5639393beecd18be1fd27c15
4ccb5fdfa33da181822fbe239bb9eaff6deec00bc2376866fbbdfa2f2cd0e8d3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4fb7b8c4ef5e08265ce2004bb3c358a84ab164f2de8fe2382238230fac245ee9
51df3ca60fafe5df2786ce34c4b6dff5af9bb0a061f1808783f65bb1016e016d
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5abb2baea4406b91db0c70b520aac559e816d0edb8a7acdd8388aacefb8ceea1
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
618263cefa7d230c8dab3d54ee969d3715832d80866b631b5a6c19bfca423ee3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
7084fce45d512adaaf9ff9b48e744751279c0fcb22bfc1f4db28f316bc8793ae
73e52be898a7afbbfa119fdb5a95ca82c2b914da8d756404f7e5c7e0b6ff1928
751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45
7c11433c4dc7cf18972c22ca0f2cf78493b92aaf89bab4dab47c6c9b6c551d50
7c4baf058901663c6879894c0067cf923fa200cb95a0a4c25b1471a62c2a63c8
7c7a2192dbea2a355f654cb004b78c1dba237ad32e83636c4949502dec4174ca
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
831997ce334905a4fc3c7f0673c30bd34701f9810d87b19335aea228804ae38a
86763b3f34e35a1e1792c4de31f96a5e23d65544993cd91ba583ee971b43184f
89162e64b338d8f457a1610651a06af141eb9711a5529d993dcc553d3b715c52
897b485b62853015904f1c32460adbef21919107b2698751ac4362f834cfbcd9
8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8eee8d3773e9a7a57a8c6fa1b924c41f67955fd3ae781c6463ab5516a43a53b0
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4
914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9fda0696de445ae864a68bc71a2932decf343924edf7084881b28f909d7328d3
a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a37deb9dd04cdebb5a80730395780332c03ec667693b3ddb06d8983157679d64
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ea1f3c6951b71eb83050cd630f9c7c1c736b5b277d38a0e4465d80a5e53d4d
a93c1ac24fad6ffb0de84e1f56b111e8b177d68a2948ffe1c87d9c02bb68b2d1
ae5df839382d891ca4ed6846b97d98b0647adfbbb90edcf1522ebe758fb496fd
aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be
b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31
b49c4f3b969b69de96e326754295f29420886ba784496ec0ec5f691febe03335
b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8b9530109e3ca379bd7c1cde54ac839e91af1c00b90fecff552aced3fe13aa5
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934
c056583ff9e87fa2ae2fb7bb4bc2cc1a268b822d201977e081fbefc0c3f9bb99
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c7fc4a99ab664906d545b36b310a40b58d9e41986fcd9318ac8f6f90e41d61b3
c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cbd8f24387a9f9e5b964508b65b558b5ce421f53d357dbcbe83201f9625aab55
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
d0b0600ad401ae5f2ace6a90c81bb7f4b3a7158e340b7bbb2d7201a20e3f9a17
d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5
d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf
dcef0a2eb37a3d8e32ddf11f664b3375a06980cf33792aa7bfb798b15cb646d1
dd573dd2e1517dc366e78e8b5de070a16c80e5d32cc71d33e24b3455cffa2db1
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55884bd7730ecaf174dfc784ab029b0fc262d93bc299e35fbc80168d04e8691
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ea76babd83707a24f887db0fc189eabcecea57aaa9b2299b48f2782089880323
ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a
ee86b02e97bfb8f83af87a4f7991c713e1e90dce091524c0c675b393091b6ff7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f2db20f9ae1c9d5f041506e280453c144555f3d12e6cefa3fcb3bc68a41f4897
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f73f10c4cd21cea59b0c0c2fe4ecf1c7879c1e758bcbaa0cad57635c7eac1d17
fcc86dea0b3b9ece4946cad4458ada0662da919a16e710a01ee46a542fa0205a

securityaffairs.com Open in urlscan Pro 2606:4700:3031::ac43:8cd3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

159 Requests

93 %HTTPS

54 %IPv6

28 Domains

40 Subdomains

28 IPs

10 Countries

1940 kBTransfer

4655 kBSize

33 Cookies

20 Outgoing links

Redirected requests

159 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securityaffairs.com Open in urlscan Pro
2606:4700:3031::ac43:8cd3 Public Scan

Screenshot
Live screenshot

Full Image

159
Requests

93 %
HTTPS

54 %
IPv6

28
Domains

40
Subdomains

28
IPs

10
Countries

1940 kB
Transfer

4655 kB
Size

33
Cookies

159 HTTP transactions
5 data transactions