www.infosecurity-magazine.com Open in urlscan Pro
108.138.36.26 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Submission: On July 20 via api (July 20th 2023, 4:11:09 am UTC) from TR — Scanned from DE

Summary HTTP 122 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 22 domains to perform 122 HTTP transactions. The main IP is 108.138.36.26, located in United States and belongs to AMAZON-02, US. The main domain is www.infosecurity-magazine.com. The Cisco Umbrella rank of the primary domain is 372856.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on August 16th 2022. Valid for: a year.

This is the only time www.infosecurity-magazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	108.138.36.26 108.138.36.26	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
4	2a02:26f0:310... 2a02:26f0:3100::1735:28f0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28c8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
2	13.32.99.61 13.32.99.61	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6812:aa72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
2	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	52.20.71.154 52.20.71.154	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6812:1d26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
13	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
13	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	185.221.87.23 185.221.87.23	54113 (FASTLY) (FASTLY)
122	31

8 108.138.36.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-26.muc50.r.cloudfront.net

www.infosecurity-magazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3100::1735:28f0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28c8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-61.fra60.r.cloudfront.net

assets.infosecurity-magazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.234.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.71.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-71-154.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.221.87.23 (Ireland)

ASN54113 (FASTLY, US)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	googlesyndication.com 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 153 pagead2.googlesyndication.com — Cisco Umbrella Rank: 132	189 KB
23	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 212 ad.doubleclick.net — Cisco Umbrella Rank: 186 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 355 googleads.g.doubleclick.net — Cisco Umbrella Rank: 54	351 KB
10	infosecurity-magazine.com www.infosecurity-magazine.com — Cisco Umbrella Rank: 372856 assets.infosecurity-magazine.com — Cisco Umbrella Rank: 734144	150 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 211	249 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 369	196 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 556 p.typekit.net — Cisco Umbrella Rank: 690	93 KB
4	gstatic.com csi.gstatic.com	396 B
3	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 322	14 MB
3	ml314.com ml314.com — Cisco Umbrella Rank: 1799 in.ml314.com — Cisco Umbrella Rank: 8964	12 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 69	227 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	244 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 164	155 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 56 region1.google-analytics.com — Cisco Umbrella Rank: 1771	21 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 367	40 KB
1	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 9424	552 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 488	49 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5665	455 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 632	325 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 685	395 B
1	t.co t.co — Cisco Umbrella Rank: 511	375 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 708	15 KB
122	22

	Domain	Requested by
20	pagead2.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com www.infosecurity-magazine.com www.googletagservices.com
13	securepubads.g.doubleclick.net	www.infosecurity-magazine.com 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com www.googletagservices.com
12	tpc.googlesyndication.com	8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com ad.doubleclick.net tpc.googlesyndication.com www.infosecurity-magazine.com
9	www.googletagservices.com	8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com www.googletagservices.com
9	cdn.cookielaw.org	www.infosecurity-magazine.com
8	www.infosecurity-magazine.com	www.infosecurity-magazine.com
6	googleads4.g.doubleclick.net	ad.doubleclick.net
4	csi.gstatic.com	securepubads.g.doubleclick.net
4	8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com	www.infosecurity-magazine.com
4	use.typekit.net	www.infosecurity-magazine.com use.typekit.net
3	s0.2mdn.net	8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com ad.doubleclick.net
3	ad.doubleclick.net	www.googletagservices.com
3	www.googletagmanager.com	www.infosecurity-magazine.com
2	www.google.com	www.infosecurity-magazine.com
2	www.facebook.com	www.infosecurity-magazine.com
2	ml314.com	www.infosecurity-magazine.com
2	connect.facebook.net	www.infosecurity-magazine.com
2	assets.infosecurity-magazine.com	www.infosecurity-magazine.com
2	cdn.jsdelivr.net	www.infosecurity-magazine.com
1	bam.eu01.nr-data.net	www.infosecurity-magazine.com
1	js-agent.newrelic.com	www.infosecurity-magazine.com
1	www.google.de	www.infosecurity-magazine.com
1	googleads.g.doubleclick.net	www.infosecurity-magazine.com
1	geolocation.onetrust.com	www.infosecurity-magazine.com
1	analytics.twitter.com	www.infosecurity-magazine.com
1	t.co	www.infosecurity-magazine.com
1	in.ml314.com	www.infosecurity-magazine.com
1	region1.google-analytics.com	www.googletagmanager.com
1	static.ads-twitter.com	www.infosecurity-magazine.com
1	www.google-analytics.com	www.infosecurity-magazine.com
1	p.typekit.net	use.typekit.net
122	31

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.lookout.com
www.linkedin.com
privacy.reedexpo.com
privacy.rxglobal.com
support.google.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.infosecurity-magazine.com GlobalSign RSA OV SSL CA 2018	`2022-08-16` - `2023-09-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-28` - `2023-07-27`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
ml314.com GTS CA 1D4	`2023-06-07` - `2023-09-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2023-02-27` - `2023-12-14`	10 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Frame ID: CF643477B7DB8DB401139325F56B0FE9
Requests: 55 HTTP requests in this frame

Frame: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5CA95D747DC5AA91FDF74B1BA599E30B
Requests: 1 HTTP requests in this frame

Frame: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C0270FEF51001DDAB2E5830DB615B852
Requests: 18 HTTP requests in this frame

Frame: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1222B9F4E71ADE142E63FBAA6564866E
Requests: 18 HTTP requests in this frame

Frame: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1C2DA0625FF365B5B452720590A90C51
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0D5E9EFAAC9E1F670318C3D60C2E71CA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0BA3D027E815D4DCDC1A58F543A3480D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D2C9DD7919156369503AEE3C6608542D
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: BFCD2951753696C042783502C78A98EF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DD44F59F9F1AE609AE5DB8393817A18C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C0505001DF707341122399F6A862E6CB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware - Infosecurity Magazine Back ButtonSearch IconFilter Icon

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

122
Requests

100 %
HTTPS

63 %
IPv6

22
Domains

31
Subdomains

31
IPs

3
Countries

16402 kB
Transfer

19475 kB
Size

14
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: http://twitter.com/a_mascellino
Title: Follow @a_mascellino

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3a%2f%2fwww.infosecurity-magazine.com%2fnews%2fapt41-linked-wyrmspy-dragonegg%2f

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3a%2f%2fwww.infosecurity-magazine.com%2fnews%2fapt41-linked-wyrmspy-dragonegg%2f

Search URL Search Domain Scan URL

URL: https://www.lookout.com/
Title: Lookout

Search URL Search Domain Scan URL

URL: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
Title: advisory

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pages/Infosecurity-Magazine/210560332330063

Search URL Search Domain Scan URL

URL: https://twitter.com/InfosecurityMag

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/groups?gid=2035794&trk=myg_ugrp_ovr

Search URL Search Domain Scan URL

URL: https://privacy.reedexpo.com/en-gb.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://privacy.reedexpo.com/en-gb/cookie-policy.html
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://privacy.rxglobal.com/en-gb/cookie-policy.html
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://support.google.com/admanager/answer/9012903
Title: Google Ad-Tech Vendors

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

122 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/ 98 KB
25 KB 1256ms
1141ms Document
text/html 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

6dc12f4e2f1e89213f05753303d2842d766ba9e9f40bcbf1a5ad6d1d7600401c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
cache-control: public, proxy-revalidate, max-age=300
content-encoding: br
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
content-type: text/html; charset=utf-8
date: Thu, 20 Jul 2023 04:11:00 GMT
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
last-modified: Wed, 19 Jul 2023 16:00:00 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
referrer-policy: strict-origin
server: RX
vary: Accept-Encoding
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-id: oBuLIwPIhvwpFZ0cVJE26JOOW8oiRSutWuD-JgrvA_76A8Ci5Ld8oA==
x-amz-cf-pop: MUC50-P2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge
x-xss-protection: 1; mode=block

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 225ms
106ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

861911f5f61cc5648263484e53e1731bc4856b7fb5f0f3f8cc9922b387b4858a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27570
x-xss-protection: 0
server: cafe
etag: 807 / 19558 / 31076240 / config-hash: 1636169572614523722
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:11:01 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.7.0/dist/ 85 KB
32 KB 159ms
39ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.7.0/dist/jquery.min.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 20 Jul 2023 04:11:01 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1997581
x-jsd-version: 3.7.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 32087
x-served-by: cache-fra-eddf8230028-FRA, cache-ams21079-AMS
x-jsd-version-type: version
etag: W/"155a6-Wp7qw02G6S5WYOD0+HIE8e0Mj/Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 underscore-min.min.js Show response
cdn.jsdelivr.net/npm/underscore@1.13.6/ 19 KB
8 KB 173ms
53ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/underscore@1.13.6/underscore-min.min.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bb20d24b99fd1eae4fd77c1e833ce0a4536189961ceb1114fd272ca31e8ebd82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 20 Jul 2023 04:11:01 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1389468
x-jsd-version: 1.13.6
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8075
x-served-by: cache-fra-eddf8230089-FRA, cache-ams21079-AMS
x-jsd-version-type: version
etag: W/"4d5b-1Barardb3Bq5uc0bP3wXZk8NDAQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 phq8nwg.css
use.typekit.net/ 11 KB
1 KB 238ms
60ms Stylesheet
text/css 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/phq8nwg.css

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

f7fbb92e03e044b3065bcf2c8e6ee284b8b8c0625c7ce7f33785bdda23a46606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 20 Jul 2023 04:11:01 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1296

GET
H2 200 base.css
www.infosecurity-magazine.com/_common/css/23062601/ 86 KB
12 KB 46ms
45ms Stylesheet
text/css 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/css/23062601/base.css?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

f247341fb469b888a762cfe66b04e7c1397d1c25744988c8e509a0832479bf57

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 10:30:04 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 63656
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:08 GMT
server: RX
etag: W/"e74d8842d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: 6Zmdji7Djt6EDjKLe_AmmZSlPmkIyWLY6NA6Mh0v62wOU_snnh6_oQ==

GET
H2 200 base.min.css
www.infosecurity-magazine.com/_common/css/23062601/ 65 KB
10 KB 53ms
52ms Stylesheet
text/css 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/css/23062601/base.min.css?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

92b8f658f04b2a33f95e91a16ef52e0d7873e147db061dc68fc4faa55cde9856

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 10:30:04 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 63656
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:08 GMT
server: RX
etag: W/"e8438a42d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: b0Mqv2ETvpUXXkUpwUfscZKwrSbFpE8lMI4Pv6hNJV-EYHxXPxXuVQ==

GET
H2 200 article.min.css
www.infosecurity-magazine.com/_common/css/23062601/ 5 KB
3 KB 50ms
49ms Stylesheet
text/css 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/css/23062601/article.min.css?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

778f93243401b2fd6663834b51f4d3f32012d6ee11f40f6169af721331bd1682

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 10:30:43 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 63617
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:09 GMT
server: RX
etag: W/"c165ce42d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: ulF2sLvYshv68i2gXW0y38TXwseey5p-7ziK3CUGmAOz2vt3wmgIvg==

GET
H2 200 ism.js Show response
www.infosecurity-magazine.com/_common/js/23062601/ 10 KB
4 KB 49ms
48ms Script
application/javascript 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/js/23062601/ism.js?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

0f8b805bc586ed61e2124b73fb8ea7951bb654063a39165c9cca36deb13157a9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 10:30:04 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 63656
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:45:20 GMT
server: RX
etag: W/"e9f0268bd7a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/javascript
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: BN7VqV0CCYfrn1ljCusuMuehcsXzzuIEC6JOmZF4yv_hMqp-cnGhtQ==

GET
H2 200 ism.whatshot.es5.min.js Show response
www.infosecurity-magazine.com/_common/js/23062601/ism/ 851 B
2 KB 41ms
41ms Script
application/javascript 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/js/23062601/ism/ism.whatshot.es5.min.js?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

ecde3c0d9f4721fd5bc3989d1e6103966b836786849f65ead031a1c758687ef0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
date: Wed, 19 Jul 2023 10:35:22 GMT
x-content-type-options: nosniff
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 63339
x-cache: Hit from cloudfront
content-length: 851
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:18 GMT
server: RX
etag: "cd781048d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/javascript
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-headers: Content-Type
x-amz-cf-id: swgiqrFriVNukyVRZ4QbTlBocZUUFvwL9DdqiiuXCLATFaxH3JHxpw==

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 243ms
51ms Stylesheet
text/css 2a02:26f0:3100::1735:28c8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=phq8nwg&ht=tk&f=15982.15984.37450.16353.37464.37466.37515.37516.37517.37518.37519.37520.51838.51839.51840.51841&a=6157095&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28c8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
last-modified: Fri, 23 Jun 2023 17:09:47 GMT
server: nginx
etag: "6495d1db-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 207 KB
73 KB 157ms
64ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MJ69SWF

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a9dddb8d0d63b7b9af03b6dcb8ff589496a302a3460623de5e036d4e292a144a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74016
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 20 Jul 2023 04:11:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 134ms
42ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 20 Jul 2023 02:35:19 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5742
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 20 Jul 2023 04:35:19 GMT

GET
H2 200 a57ee461-8f2b-4f33-b3e7-12710c0c124b.jpg
assets.infosecurity-magazine.com/webpage/feat/ 88 KB
88 KB 222ms
94ms Image
image/jpeg 13.32.99.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.infosecurity-magazine.com/webpage/feat/a57ee461-8f2b-4f33-b3e7-12710c0c124b.jpg

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.61 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-61.fra60.r.cloudfront.net

Software

RX /

Resource Hash

5ac6ea903c923a17aefb13bcb82614fd096d820291d23a0cfc25ca821518958a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
server: RX
x-amz-cf-pop: FRA60-P3
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: private, max-age=2764800
x-amz-cf-id: gJ-iPL4EKugWqAcudJku-ZS8QNlLZ19wa9oJr20AtCPcLV4uy_jarQ==
content-length: 90124
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge

GET
H2 200 l
use.typekit.net/af/73dbad/00000000000000007735a197/30/ 24 KB
24 KB 204ms
50ms Font
application/font-woff2 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/73dbad/00000000000000007735a197/30/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4ca1e0e518aaf5d78abd4fc78268ac642cb679dbb56a905d2c57a296566a0bba

Request headers

Referer: https://use.typekit.net/phq8nwg.css
Origin: https://www.infosecurity-magazine.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
server: nginx
etag: "550ca47a88a465c010c13a8c017f04a91a75a9a4"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24168

GET
H2 200 l
use.typekit.net/af/32b0e4/00000000000000007735a185/30/ 44 KB
45 KB 211ms
58ms Font
application/font-woff2 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/32b0e4/00000000000000007735a185/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4f8059cfd6739160b9073e937833a58c728a9791b380f27fcf2d047d76951155

Request headers

Referer: https://use.typekit.net/phq8nwg.css
Origin: https://www.infosecurity-magazine.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
server: nginx
etag: "dead750a1d4bc579636464295fb9e45aa84c4884"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45468

GET
H2 200 l
use.typekit.net/af/2180b4/00000000000000007735a193/30/ 23 KB
23 KB 256ms
103ms Font
application/font-woff2 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2180b4/00000000000000007735a193/30/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a45a4393f8b7ac978e32ac46f58dad43eb83811a4b3d9f7b79cac1f864edd662

Request headers

Referer: https://use.typekit.net/phq8nwg.css
Origin: https://www.infosecurity-magazine.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
server: nginx
etag: "d42a9fe146eae2c4c65475dbd44806c5aed58d8b"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23312

GET
H2 200 605bfdcb-abca-4e31-9902-3a3d746228ce.png
assets.infosecurity-magazine.com/s3/infosec-media/images/profile/ 2 KB
2 KB 155ms
47ms Image
image/webp 13.32.99.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.infosecurity-magazine.com/s3/infosec-media/images/profile/605bfdcb-abca-4e31-9902-3a3d746228ce.png?width=64&height=64&mode=crop&scale=both&format=webp

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.61 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-61.fra60.r.cloudfront.net

Software

RX /

Resource Hash

07ac84596d158248a60c2f747f609a508e6e2f1980a23f0608caee79a30291b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 11:13:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-aspnet-version: 4.0.30319
x-amz-cf-pop: FRA60-P3
age: 61029
x-cache: Hit from cloudfront
content-length: 1686
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
server: RX
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public
x-amz-cf-id: VQWiGJOQI4Uwu05IEZCTK9MsAid-xrz04B_w3aeUWabZhD14Ro5i4A==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/ 385 KB
122 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js?cb=31076240

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1779a49bc11620c55dd5424776fa1e5c44b5cdb705163555ef05afc54e9cde89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13420
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125056
x-xss-protection: 0
server: cafe
etag: 10096237036492005269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 19 Jul 2024 00:27:21 GMT

GET
H2 200 / Show response
www.infosecurity-magazine.com/account-buttons/ 240 B
2 KB 83ms
82ms XHR
application/json 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/account-buttons/?time=1689826261481

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

4e916eb59cd64cce6fc41e3355180f0284ae0edc2602686431e90f2e7f082652

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: Vg8GV1ZVCxACUFBSAgMEV1c=
tracestate: 2916063@nr=0-1-2916063-322535572-5458d3ef0745ed90----1689826261483
traceparent: 00-da54906fc5552132c61eddef837e61fa-5458d3ef0745ed90-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MTYwNjMiLCJhcCI6IjMyMjUzNTU3MiIsImlkIjoiNTQ1OGQzZWYwNzQ1ZWQ5MCIsInRyIjoiZGE1NDkwNmZjNTU1MjEzMmM2MWVkZGVmODM3ZTYxZmEiLCJ0aSI6MTY4OTgyNjI2MTQ4M319
Accept: */*
Referer: https://www.infosecurity-magazine.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
x-cache: Miss from cloudfront
content-length: 240
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
pragma: no-cache
referrer-policy: strict-origin
server: RX
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: EFNZX2e76aWF1adlKWHhQ5YebWA3CD0HbQHPhHKifqpbf3wT8xfDmQ==
expires: -1

GET
H2 200 / Show response
www.infosecurity-magazine.com/nav/mobile/ 4 KB
2 KB 84ms
84ms XHR
text/html 108.138.36.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/nav/mobile/

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.36.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-36-26.muc50.r.cloudfront.net

Software

RX /

Resource Hash

53fc4495c7705b2373e2b73ec881c82dffb40cfbd744d8e5bd8ba7f5a018575b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: Vg8GV1ZVCxACUFBSAgMEV1c=
tracestate: 2916063@nr=0-1-2916063-322535572-087d99fcaa8d7af9----1689826261484
traceparent: 00-bc66ab80474de021a0bf5303c2f01bf5-087d99fcaa8d7af9-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MTYwNjMiLCJhcCI6IjMyMjUzNTU3MiIsImlkIjoiMDg3ZDk5ZmNhYThkN2FmOSIsInRyIjoiYmM2NmFiODA0NzRkZTAyMWEwYmY1MzAzYzJmMDFiZjUiLCJ0aSI6MTY4OTgyNjI2MTQ4NH19
Accept: */*
Referer: https://www.infosecurity-magazine.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d2e8c709d1f79bde6ed8f833f02bdd34.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
server: RX
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: private
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: 13R-_36CsUjSjrPr3l3F5ytqxsyqmmT52NopqQMvqDXnH8hCynQVww==

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ 62 KB
23 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4427770d30ccf8b4e950d8d03a9d4ec0e4976ed6cc85b793aab1c7d9ecf8fda0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:52:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1118
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23841
x-xss-protection: 0
server: cafe
etag: 13335932594914250126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:52:23 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 97 KB
17 KB 89ms
88ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1952557289936230&correlator=2048117429841494&eid=31076240%2C31075594%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202307170101&ptt=17&impl=fifs&iu_parts=1165%2Crx_infosecurity_magazine%2Cnews%2Capt41-linked-wyrmspy-dragonegg&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%2C300x250%2C728x90&ifi=1&adks=1109858289%2C3402167491%2C2611251870&sfv=1-0-40&cust_params=topics%3DApplication%2520Security%252CCybercrime%252CData%2520Protection%252CHuman%2520Factor%252CIndustry%2520Announcements%252CMalware%252CPrivacy%252CMobile%2520Application%2520Security%252CAdvanced%2520Persistent%2520Threats%252CPhishing%252CSocial%2520Engineering%252CSecurity%2520Training%2520and%2520Awareness%252CResearch%2520Reports%252CSurveillance%252CThreats%252C%2520Exploits%2520and%2520Vulnerabilities&sc=1&cookie_enabled=1&abxe=1&dt=1689826261649&lmt=1689782400&dlt=1689826260917&idt=688&adxs=436%2C1046%2C436&adys=8%2C767%2C1142&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&rumc=1952557289936230&rume=1&frm=20&vis=1&psz=1600x50%7C364x329%7C1600x50&msz=728x50%7C300x250%7C728x50&fws=0%2C0%2C512&ohw=0%2C0%2C0&ga_vid=647726670.1689826262&ga_sid=1689826262&ga_hid=968941323&ga_fc=true

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaa981a29af4652e8ffc714853c0aa407a23dab11edd70b5c051760e87db6b45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17384
x-xss-protection: 0
google-lineitem-id: 6347860246,6347860246,6310320204
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138440332000,138439647335,138434961268
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.infosecurity-magazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5CA9 6 KB
3 KB 219ms
50ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 04:11:01 GMT
expires: Fri, 19 Jul 2024 04:11:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 151ms
46ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DflSFdkyRucOaDW0H1U81w==
age: 42531
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Mon, 17 Jul 2023 19:29:58 GMT
server: cloudflare
etag: 0x8DB86FC3568BBB6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ab2db0d6-f01e-0165-3de7-b82fee000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985b98c8be30db-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 143ms
39ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8e22de2f3daa81640b661557e04b0078e450dca1b4ac96005d657c6bc2f3ec28

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 20 Jul 2023 04:11:01 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46993
x-xss-protection: 0
pragma: public
x-fb-debug: qoO/Y6kjaHJkR3KIoO7iv8/lXiaeaYJG4nX6wIn8jLkigWImTwkYUVLHxuvBiE6esjce3B5rdZOcW3ybxoQdTA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 oct.js Show response
static.ads-twitter.com/ 56 KB
15 KB 169ms
42ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100093-IAD, cache-fra-eddf8230043-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
83 KB 66ms
65ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5553375f937eec15235af194cbdbd4043dd882c873e2f1fa7c1555e0cc354e18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85231
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 20 Jul 2023 04:11:01 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
11 KB 167ms
44ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?2062023
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:40:08 GMT
content-encoding: br
age: 1853
x-guploader-uploadid: ADPycdtFTttJXlgdX42pyF9JAz6JwSobLxhMND2TC6qb748d8Y3XAl5wmI_ADpKDKk-fWgM95f7dq5T_DOQlzMJUxDVsSd9K9JQa
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10518
last-modified: Mon, 10 Apr 2023 17:13:24 GMT
server: UploadServer
etag: W/"b0965f051977c0dd95ffe2c736cac352"
vary: Accept-Encoding
x-goog-generation: 1681146804366265
x-goog-hash: crc32c=wVdAwA==, md5=sJZfBRl3wN2V/+LHNsrDUg==
content-type: application/javascript
cache-id: FRA-1209ea83
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 32213
accept-ranges: none

GET
H2 200 container.html Show response
8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C027 6 KB
3 KB 51ms
42ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 04:11:01 GMT
expires: Fri, 19 Jul 2024 04:11:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1222 6 KB
3 KB 61ms
37ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 04:11:01 GMT
expires: Fri, 19 Jul 2024 04:11:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1C2D 6 KB
3 KB 49ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 04:11:01 GMT
expires: Fri, 19 Jul 2024 04:11:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C027 24 KB
7 KB 132ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 19:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30949
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 18 Jul 2024 19:35:13 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame C027 16 KB
7 KB 169ms
42ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:50:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 20 Jul 2023 04:50:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C027 179 KB
56 KB 481ms
354ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57311
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689594152080714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:11:02 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
264 B 137ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8VSXE5KKGM&gtm=45je37h0&_p=968941323&cid=647726670.1689826262&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1689826261&sct=1&seg=0&dl=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&dt=Chinese%20APT41%20Linked%20to%20WyrmSpy%20and%20DragonEgg%20Surveillanceware%20-%20Infosecurity%20Magazine&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.infosecurity-magazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6b575081-117f-49ba-bff7-347875107505.json Show response
cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/ 3 KB
2 KB 140ms
56ms XHR
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/6b575081-117f-49ba-bff7-347875107505.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60a3a7f932316a94621e08b843050b7fa26b89d8ca8a5d99a2e8fb492ead42d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7392
content-md5: alvR47ZcS0B0s8qS2dAF8g==
content-length: 1456
x-ms-lease-status: unlocked
last-modified: Mon, 06 Mar 2023 07:40:28 GMT
server: cloudflare
etag: 0x8DB1E160E4CF493
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: bc717eda-201e-0027-7ae1-5a42af000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985b99f969693d-FRA
expires: Fri, 21 Jul 2023 04:11:02 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1222 24 KB
6 KB 61ms
44ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 19:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30949
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 18 Jul 2024 19:35:13 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 1222 16 KB
7 KB 103ms
45ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:50:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 20 Jul 2023 04:50:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1222 179 KB
56 KB 372ms
314ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57311
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689594152080714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1C2D 24 KB
6 KB 61ms
49ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 19:35:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30949
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 18 Jul 2024 19:35:13 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 1C2D 16 KB
7 KB 103ms
50ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:50:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 20 Jul 2023 04:50:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1C2D 179 KB
56 KB 370ms
318ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57311
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689594152080714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
309 B 69ms
68ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=81370&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&pv=1689826261999_5pqkabefi&bl=en-us&cb=6465848&return=&ht=&d=&dc=&si=1689826261999_5pqkabefi&cid=&s=1600x1200&rp=&v=2.5.3.49
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:02 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/javascript; charset=utf-8
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62
expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 561ms
179ms Script
application/javascript 52.20.71.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=2062023&v=2.5.3.49
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.71.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-71-154.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 04:11:01 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Fri, 21 Jul 2023 04:11:02 GMT

GET
H2 200 adsct
t.co/i/ 43 B
375 B 248ms
153ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=1&eci=1&event_id=2d800d17-4be7-4488-a385-68144248e492&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=006f91c5-7a8a-4cc7-a365-d19ae1b85907&tw_document_href=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o7tzd&type=javascript&version=2.3.29

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-response-time: 110
date: Thu, 20 Jul 2023 04:11:01 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: a6586392986b21ea
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 23d1e99706e8cdeac76a9ea0eba184ba1056f76adf8cc0c66661947faa1c24ee
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 268ms
142ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=1&eci=1&event_id=2d800d17-4be7-4488-a385-68144248e492&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=006f91c5-7a8a-4cc7-a365-d19ae1b85907&tw_document_href=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o7tzd&type=javascript&version=2.3.29

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-response-time: 102
date: Thu, 20 Jul 2023 04:11:01 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 026451d6ef8b1756
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 087c0b7632865af9767ecbc7a477e27def843f35393355198e2166d600228e2b
content-length: 43

GET
H2 200 580638648955413 Show response
connect.facebook.net/signals/config/ 379 KB
108 KB 116ms
115ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/580638648955413?v=2.9.115&r=stable

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3cfb549a2206ff40cd7d94367df91895a057d37218e859e7b4b6506cad7c6241

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 20 Jul 2023 04:11:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 8MCxVXWIBI7bxpm1p8uxmjI7KYwqGxG9N3P95Vbik4Sq1x+5Js8f1MV4fUqcKJtjynQ7cGlPTrjZSb/grCPqLA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C027 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstko07YABVT0y0Xfmzx4O1r1mLMrNboznJFzPoJCJyj3NoK7yN3lyKH1XWt9ujrQKhv6lu_dPG8s4OO191vF2hY40u1TN7xc-07H9v8AA2V49s8jgBnBadNnH8SvujPTG_xzgaVS_9j9FTXAqZ4kfpyHMrLDkiiHZ6gvJdUeTQgmURLNw4CPlnNXqMr6zD6ZTjchRMdfyW97PQp1MyooDmobgGcvcli_QR-JzOdQIiHSrYyJBvNxo_DayYio9aMVntruwaycU1jMm2eYnaMLYdzJvIirV-bkxrLDeWElsNTL8b8bX_tvjfphHlrFvKbNOI-K-VLwllD_gCFMfKOjAIzqyp7s3SNn768J2vD0kubQEgz3s28XOE9mMRbSgdKTJp1m3EODdF5ZMVsie1FuT0&sai=AMfl-YScWgMBt0LU_tKOreQnoRgSIUzA9oMemTNGIGrPUqAIQzDExPEs4O1WHDeW9uj0UQKEGgln1P8rvZ5oqg-NH7FK4zsn6E2wAwu97XoJvdXHvhe6VmUbQtiuMVWDb92fKk1ieZtXqmOaUusNsCA&sig=Cg0ArKJSzAS3XwnWwvknEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1222 0
0 80ms
80ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNGamvmWqoWw1t6QeBw3-mis_TG3ESGEEZEILQO1s7WhHPvd0zA6z0VOZJAD7o20k3M6Va0pYhuHkJneSOwwQAZEiZt_rOg16vM5vcdSEFLrK559OlVNz3Ssttp17xVYtGYYk_W_LekxoDhsBHmRRTDIiGtqkeNDtB5W1hvjViOXGDtYUdSpOhqLyPRNMkutvlS5XDX7sYIxIAh7avatRAB8AcYWGoCIpzePB0TJFufMkTfX4IxjHJxG4Sc9KjtHWVzvpDmP6NrbaPEKY5ekaxc5aQIRig675nfz9VcrtDEKegKTZQ1mKQ48Gn9Qlxx6t3pHNJiOfC5KYOts8lDNzKE-lZe-FzHWG9NrGYuOYsN5xWBJ4c0n9xB7ZvPhTXQS_RvhcOcDkGHKu4pAdLD7I&sai=AMfl-YQjYG5VbfUdIT1tophSij6sG_JeYsxo7t1yBFi4TgwptOFUBde5AVuyWYnNgWhbR9pCOpsQeDHIgGDs4WFl7gVD33MLLvQIG30PeurxG7ijOFh1n7BAm5y0R0gAzaau0QrxBKMahRcKUqWdf5s&sig=Cg0ArKJSzK_Aw7cqS8LtEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1C2D 0
0 78ms
78ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZ9CWrwKA8dR5xhMezCVWhsdNHSOmhAEvZqewQHdt0SVY_xKi5a2LxKlfDSJLLfnDcQOwm-obcAJot8KgattxPvdlConsBQaLCRdlNv2bGtm-tFOJo1A7mH8qV_uRx_wK0AN8Ca-Hw8kLrjFEvROsfdb990jpXUEKY3H9TlrqTcTIzmbrb3iDjNbjs4-k_2RJ7UDilnW7Mt6c41GOKj2Q_dSNtx_EClaQoSzbmiFadKNdq-_jA0X9XUoSoQKZi7DxrJv6HLYt0RPGVnkOR0vAfefWY7YKjr_NEmUFjvmJkGBpyoZSrtRBAK06QwWuewBogkxQ0_C8wj9mjXH6T6WarwZUB39VA-fQ7aZdXYGuH1p1z73mfEAuhBMWVpGyuaegAZiawnJN5eNcg9olJ5tU&sai=AMfl-YT87KzxcaWW5mJDy5-_0BBNm3LSaHwQi-xsIuufsRA9jP3J9p6VPkD3DlS_D7oFUJRBuENuC2phs61_VygjVjftKLE0dtK5d9__7J4nOEX3HfROtAvpfdI9u3LJBiFwFP8vgagqrsE3IAC867c&sig=Cg0ArKJSzBixSOHZQz7DEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H2 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame C027 49 KB
20 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 16:55:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Jul 2024 16:55:27 GMT

GET
H2 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame 1222 49 KB
20 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 16:55:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Jul 2024 16:55:27 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 78 B
325 B 150ms
62ms XHR
application/json 2606:4700::6812:1d26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

792074561f2d94442c8648916f41fc6016817b61d554daa9c67301aeecca14bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.infosecurity-magazine.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7e985b9ad8fabbe5-FRA
access-control-allow-headers: Content-Type

GET
H2 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame 1C2D 49 KB
20 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 16:55:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Jul 2024 16:55:27 GMT

GET
H2 200 B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfOb... Show response
ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/ Frame C027 63 KB
30 KB 263ms
141ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfObJr3ECH70JT6UdgthdBQo45vNPf4WC8O89Lox_yh_uUuVOEBb8putkI98tA05Xo2bsizhrVaKqm8HLEVNWEb4IPBn_eSSp43do4Nial_iEEzm_J8F88a8HZ34NgnhAuMOVkEPCGaNmoP0lxZQiuvkMFiXMKfILaxaM_f8wkfkqfStEwHGG5RESd_YsCt1rEQbYT-GPECer83Bo4LszdYpPKQ9lZKSPQwZ_ecH1gI0wO4JuOLiCzjjN5NFJ8oWjIILnRKaoSO6Ql5kqdCbzEtM45xQskdiWGofnl4gtaNJN16m1aWdbmais-SXhgSJNouZFQ2xjy8GrllYtIDH_W8OnqFjN8IW-mEoNbmltc%26sai%3DAMfl-YTX5EsMMGhSn9af8twDUebgPyqAdsBpXuQLTbbCtLh852-q6LZRg_Paq7u818g_zY4f9SM0xdJi2BLBVHk640vudr-7C7-iDrWCh9rTbKe6t1Hi0cz7GqSPuQhwpTQzSW9tkSo8dLtN_BLnKpQ%26sig%3DCg0ArKJSzPnprilNyuAiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=65;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

859718b1a80c0c9001e0754e52d4ab88358a933b400444bfd317544325b2cf4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30045
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 B29595140.362266528;dc_ver=96.284;sz=300x250;u_sd=1;dc_adk=2539885387;ord=133m3i;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssYCnfpttNTcWS81roD2S94CURLU-RwbmFEFNE1LaF-... Show response
ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/ Frame 1222 63 KB
30 KB 188ms
78ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362266528;dc_ver=96.284;sz=300x250;u_sd=1;dc_adk=2539885387;ord=133m3i;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssYCnfpttNTcWS81roD2S94CURLU-RwbmFEFNE1LaF-cjZ1tUD3Bw4O5GmDr2PFFBPgArY9G7CuEZ18hxTtTMJjcWuChMGzkk4S-b4M8_TwVzGV8v75l0uOPaXc1iwiezc24AqRwCPfb4mJwO0zHJqhzgc2T2rz7GrOIUdkoj9-AawkPyN2LXz2EBtrqDBy0oXyOclcircN_gmQH3G05-7wsbJQeClz31A15CVcY1sdyQg1EzaZMkJ_jhLM141tZCEHHuPZXOWtTRuA4b62VjID5b07z0-FujsbsP9hU0t1f1ycHeGt4uYxYi6OR1H3c3qEtZEfBetQXkBJnh7_HBatDA-BVJnf2-OHnNINFx-VS7xpxmaq7L3-uu_82h6vsOq8KKngmSMRvGNK2Qk%26sai%3DAMfl-YRnihmQJwXITNZA8jlVL7gqoEPeDQSFLNu0HQ_hP5aZLuJRiWVtpxeT77nhum3vwNZCTos11CGEmrTQOhzc5LfUPvRnZnZnjRfZqw82OCJc8ltb_3XJ6frYXyawbQ0nEmCxqoL_oTLxn0CRxAg%26sig%3DCg0ArKJSzLvucyXYE5zCEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=75;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

7c6f31fe5a0d2f30d4abc00e171a9ce25b7cde803232123475536743fba8ab79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29938
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=153458417;ord=ijt201;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssaA_ecM2dzt3l9NYAmMGywznM_wV03uL2UWjrNuCrdTE... Show response
ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/ Frame 1C2D 63 KB
29 KB 183ms
89ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=153458417;ord=ijt201;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssaA_ecM2dzt3l9NYAmMGywznM_wV03uL2UWjrNuCrdTEiLYoha_L-98hXeR8texOo60cBUcfsHvBVCauV4p778U9LJ2jqP5xPFVz5GUX1cfJeHWO5Q2PgGWM3URkDjLS9Ia3Cg7FrgQq1J1Blggsr_4-lEWazhCfrumHs-lLexOWy3ju0JHEoC1erPohyCUMht5KaMDOiLtdm5uPtcXId1JLVWhbNx5w-R29CefZxqj3ipsqZ7V5-b394PztQbLQe9b256OSZOdR844YxSzKT1gwXSUdKNmf2ZjYh6myEIuJ34ZfDxamWPuaLLyclAIkJvqG4jX3aI6gUtHgDAcxBb11Uf-nM56RQS2bf45Zo1OqOPKLswV4GPbPMqyP9-ocy_hwIxV3OgMk0dKko%26sai%3DAMfl-YSegTOPx0MvipGmOic2u72TxrV-undYEXw1HIkfKMtZPfTfY55GvypGjJa3nciDVYNhcM0ic_NgpUWIiiT-3t--8dXIz7QK2_c7yQY1UKaT2KTlvg6OW3wKWxMDzaeiiPfxdTY7s4oR5CjgLcc%26sig%3DCg0ArKJSzOYYutK73cS8EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=62;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

9d61e4834a3eeca1742bb54ebd81c99ea6a8208775e4aff3b67abc28b2c1e118

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29987
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 124ms
40ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=580638648955413&ev=PageView&dl=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&rl=&if=false&ts=1689826262210&sw=1600&sh=1200&v=2.9.115&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1689826262209.300174066&cs_est=true&it=1689826262019&coo=false&rqm=GET

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 20 Jul 2023 04:11:02 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/ 405 KB
98 KB 54ms
53ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/otBannerSdk.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e70be2849f7e7f7f27dc4eb168538ef25474e4799e1a4a4d9aee01f57f4c5a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +3NcDg7IRUqn5oCiPaN6Hg==
age: 35181
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99858
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:12 GMT
server: cloudflare
etag: 0x8DB211B3FF3862E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c029008f-f01e-012a-64e1-5aebf6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985b9b4af330db-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/2ca9783c-e3b0-47d5-889b-bd0759260e50/ 53 KB
14 KB 70ms
70ms Fetch
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/2ca9783c-e3b0-47d5-889b-bd0759260e50/en.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00e70321427a6db08053549dc7efd05e3371b4aaa3db383284295b0da386f950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 39902
content-md5: 8pgIlg/gSXWQIiVQqSHEng==
content-length: 13991
x-ms-lease-status: unlocked
last-modified: Mon, 06 Mar 2023 07:40:29 GMT
server: cloudflare
etag: 0x8DB1E160EFE0466
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 0a7233cc-b01e-010f-13e1-5a7345000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985b9c3b39693d-FRA
expires: Fri, 21 Jul 2023 04:11:02 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230718/r20110914/elements/html/ Frame 1222 11 KB
4 KB 141ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230718/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362266528;dc_ver=96.284;sz=300x250;u_sd=1;dc_adk=2539885387;ord=133m3i;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssYCnfpttNTcWS81roD2S94CURLU-RwbmFEFNE1LaF-cjZ1tUD3Bw4O5GmDr2PFFBPgArY9G7CuEZ18hxTtTMJjcWuChMGzkk4S-b4M8_TwVzGV8v75l0uOPaXc1iwiezc24AqRwCPfb4mJwO0zHJqhzgc2T2rz7GrOIUdkoj9-AawkPyN2LXz2EBtrqDBy0oXyOclcircN_gmQH3G05-7wsbJQeClz31A15CVcY1sdyQg1EzaZMkJ_jhLM141tZCEHHuPZXOWtTRuA4b62VjID5b07z0-FujsbsP9hU0t1f1ycHeGt4uYxYi6OR1H3c3qEtZEfBetQXkBJnh7_HBatDA-BVJnf2-OHnNINFx-VS7xpxmaq7L3-uu_82h6vsOq8KKngmSMRvGNK2Qk%26sai%3DAMfl-YRnihmQJwXITNZA8jlVL7gqoEPeDQSFLNu0HQ_hP5aZLuJRiWVtpxeT77nhum3vwNZCTos11CGEmrTQOhzc5LfUPvRnZnZnjRfZqw82OCJc8ltb_3XJ6frYXyawbQ0nEmCxqoL_oTLxn0CRxAg%26sig%3DCg0ArKJSzLvucyXYE5zCEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=75;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 14:38:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Aug 2023 14:38:04 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1222 0
0 190ms
78ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstrhlv8lAUsrNHsNJxdMUiBoeZ81uPxkHTfQCFsMwUtapLEQZ97nDMwQY2NKeIDXoyoQC6u2sW09LDSDNnBsMWwHuQeWK-E111Ew9oX0eG6gLFFUt9mtkD5345vI7DMY6Z1ZlqrvYETL_6qcmu5H0sKyLsLPjznezNuC7icqCTbbTZqeZtzJ8jQo3CVPn0&sai=AMfl-YTHJftrKl-1bZyCJTfXerhYawsMpsHKTHhjnEMuv2tHc34fA76h3OBdAkm1rYLB5x5AKV_jvlX3AipymAL37v8hIJ99-mYF8gaONQ&sig=Cg0ArKJSzOYOYeZRLPpIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230718.30543&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1222 41 KB
14 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 17:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38496
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jul 2024 17:29:26 GMT

GET
H2 200 17950286638937395694
s0.2mdn.net/simgad/ Frame 1222 5 MB
5 MB 145ms
43ms Image
image/gif 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17950286638937395694

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

746efb160d199709d2c612d0b812b2ff3651aae5b2727b3db37947ad1033543c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 18:02:08 GMT
x-content-type-options: nosniff
age: 36534
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5167099
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 20:00:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jul 2024 18:02:08 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230718/r20110914/elements/html/ Frame 1C2D 11 KB
4 KB 138ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230718/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=153458417;ord=ijt201;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssaA_ecM2dzt3l9NYAmMGywznM_wV03uL2UWjrNuCrdTEiLYoha_L-98hXeR8texOo60cBUcfsHvBVCauV4p778U9LJ2jqP5xPFVz5GUX1cfJeHWO5Q2PgGWM3URkDjLS9Ia3Cg7FrgQq1J1Blggsr_4-lEWazhCfrumHs-lLexOWy3ju0JHEoC1erPohyCUMht5KaMDOiLtdm5uPtcXId1JLVWhbNx5w-R29CefZxqj3ipsqZ7V5-b394PztQbLQe9b256OSZOdR844YxSzKT1gwXSUdKNmf2ZjYh6myEIuJ34ZfDxamWPuaLLyclAIkJvqG4jX3aI6gUtHgDAcxBb11Uf-nM56RQS2bf45Zo1OqOPKLswV4GPbPMqyP9-ocy_hwIxV3OgMk0dKko%26sai%3DAMfl-YSegTOPx0MvipGmOic2u72TxrV-undYEXw1HIkfKMtZPfTfY55GvypGjJa3nciDVYNhcM0ic_NgpUWIiiT-3t--8dXIz7QK2_c7yQY1UKaT2KTlvg6OW3wKWxMDzaeiiPfxdTY7s4oR5CjgLcc%26sig%3DCg0ArKJSzOYYutK73cS8EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=62;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 14:38:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Aug 2023 14:38:04 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1C2D 0
0 185ms
78ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstClOiZUrraKqdUnB4hORf4_F8F7f8yi53iOuJz3ktlgoAN8g59idf2qxrb7oUV6hYDEqPuX7PF_hsDedTOmCdYQ2TNLauATn25BWmzjQyOBzZ7cMyOxdxEvYNqEm2KMZruAnJlOVTuGe_mTD6GeAkievDTFWviYguXIVjlny9KVCMxpXRbPVWflAWvtjE&sai=AMfl-YRIVahvoAwMA_uMZ0rJrlNq_Cd-DWzOR5abvhQzbdRQqGGk_SCHjM_PJP7ECo4owSqVN7sv5is58Sl7mwcBGREM48OByfToHHGOtQ&sig=Cg0ArKJSzIbzc80V297UEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230718.83637&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1C2D 41 KB
13 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 17:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38496
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jul 2024 17:29:26 GMT

GET
H2 200 13854587416233782547
s0.2mdn.net/simgad/ Frame 1C2D 5 MB
5 MB 552ms
456ms Image
image/gif 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13854587416233782547

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 18:02:08 GMT
x-content-type-options: nosniff
age: 36534
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4914069
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 20:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jul 2024 18:02:08 GMT

GET
H2 200 13854587416233782547
s0.2mdn.net/simgad/ Frame C027 5 MB
5 MB 433ms
433ms Image
image/gif 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13854587416233782547

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfObJr3ECH70JT6UdgthdBQo45vNPf4WC8O89Lox_yh_uUuVOEBb8putkI98tA05Xo2bsizhrVaKqm8HLEVNWEb4IPBn_eSSp43do4Nial_iEEzm_J8F88a8HZ34NgnhAuMOVkEPCGaNmoP0lxZQiuvkMFiXMKfILaxaM_f8wkfkqfStEwHGG5RESd_YsCt1rEQbYT-GPECer83Bo4LszdYpPKQ9lZKSPQwZ_ecH1gI0wO4JuOLiCzjjN5NFJ8oWjIILnRKaoSO6Ql5kqdCbzEtM45xQskdiWGofnl4gtaNJN16m1aWdbmais-SXhgSJNouZFQ2xjy8GrllYtIDH_W8OnqFjN8IW-mEoNbmltc%26sai%3DAMfl-YTX5EsMMGhSn9af8twDUebgPyqAdsBpXuQLTbbCtLh852-q6LZRg_Paq7u818g_zY4f9SM0xdJi2BLBVHk640vudr-7C7-iDrWCh9rTbKe6t1Hi0cz7GqSPuQhwpTQzSW9tkSo8dLtN_BLnKpQ%26sig%3DCg0ArKJSzPnprilNyuAiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=65;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 18:02:08 GMT
x-content-type-options: nosniff
age: 36534
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4914069
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 20:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jul 2024 18:02:08 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230718/r20110914/elements/html/ Frame C027 11 KB
4 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230718/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfObJr3ECH70JT6UdgthdBQo45vNPf4WC8O89Lox_yh_uUuVOEBb8putkI98tA05Xo2bsizhrVaKqm8HLEVNWEb4IPBn_eSSp43do4Nial_iEEzm_J8F88a8HZ34NgnhAuMOVkEPCGaNmoP0lxZQiuvkMFiXMKfILaxaM_f8wkfkqfStEwHGG5RESd_YsCt1rEQbYT-GPECer83Bo4LszdYpPKQ9lZKSPQwZ_ecH1gI0wO4JuOLiCzjjN5NFJ8oWjIILnRKaoSO6Ql5kqdCbzEtM45xQskdiWGofnl4gtaNJN16m1aWdbmais-SXhgSJNouZFQ2xjy8GrllYtIDH_W8OnqFjN8IW-mEoNbmltc%26sai%3DAMfl-YTX5EsMMGhSn9af8twDUebgPyqAdsBpXuQLTbbCtLh852-q6LZRg_Paq7u818g_zY4f9SM0xdJi2BLBVHk640vudr-7C7-iDrWCh9rTbKe6t1Hi0cz7GqSPuQhwpTQzSW9tkSo8dLtN_BLnKpQ%26sig%3DCg0ArKJSzPnprilNyuAiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=65;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 14:38:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Aug 2023 14:38:04 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C027 0
0 79ms
79ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsttEcI4BZtRA39-60Gi-h-HQU7Jb1f8gSi4U6_OaRs7ZFh9-IMw2yMN_s1bphSoQpj0jyUg06XBSP9aHkNTrUkWSxarFyDFtPBLb1UputJ1Y8huWzUn6iK_aXYA3iwSNGFqYxjYTzSMaPtc9ctmJhI7mm1Cuofq63kSTmbZStXGO34HE5CSUfAOnSEiOWs&sai=AMfl-YQDP0EiPZe5aGCawg6D5sHG0qa4tEjJKJlRN73dCOYp9nQFK69NDXwXInkUw8rqX5Scwbht9ULdFaiuPhMc_B5jWU-MJKb3vGt9Fg&sig=Cg0ArKJSzFIuhRBpNalJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230718.51765&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfObJr3ECH70JT6UdgthdBQo45vNPf4WC8O89Lox_yh_uUuVOEBb8putkI98tA05Xo2bsizhrVaKqm8HLEVNWEb4IPBn_eSSp43do4Nial_iEEzm_J8F88a8HZ34NgnhAuMOVkEPCGaNmoP0lxZQiuvkMFiXMKfILaxaM_f8wkfkqfStEwHGG5RESd_YsCt1rEQbYT-GPECer83Bo4LszdYpPKQ9lZKSPQwZ_ecH1gI0wO4JuOLiCzjjN5NFJ8oWjIILnRKaoSO6Ql5kqdCbzEtM45xQskdiWGofnl4gtaNJN16m1aWdbmais-SXhgSJNouZFQ2xjy8GrllYtIDH_W8OnqFjN8IW-mEoNbmltc%26sai%3DAMfl-YTX5EsMMGhSn9af8twDUebgPyqAdsBpXuQLTbbCtLh852-q6LZRg_Paq7u818g_zY4f9SM0xdJi2BLBVHk640vudr-7C7-iDrWCh9rTbKe6t1Hi0cz7GqSPuQhwpTQzSW9tkSo8dLtN_BLnKpQ%26sig%3DCg0ArKJSzPnprilNyuAiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=65;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C027 41 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfObJr3ECH70JT6UdgthdBQo45vNPf4WC8O89Lox_yh_uUuVOEBb8putkI98tA05Xo2bsizhrVaKqm8HLEVNWEb4IPBn_eSSp43do4Nial_iEEzm_J8F88a8HZ34NgnhAuMOVkEPCGaNmoP0lxZQiuvkMFiXMKfILaxaM_f8wkfkqfStEwHGG5RESd_YsCt1rEQbYT-GPECer83Bo4LszdYpPKQ9lZKSPQwZ_ecH1gI0wO4JuOLiCzjjN5NFJ8oWjIILnRKaoSO6Ql5kqdCbzEtM45xQskdiWGofnl4gtaNJN16m1aWdbmais-SXhgSJNouZFQ2xjy8GrllYtIDH_W8OnqFjN8IW-mEoNbmltc%26sai%3DAMfl-YTX5EsMMGhSn9af8twDUebgPyqAdsBpXuQLTbbCtLh852-q6LZRg_Paq7u818g_zY4f9SM0xdJi2BLBVHk640vudr-7C7-iDrWCh9rTbKe6t1Hi0cz7GqSPuQhwpTQzSW9tkSo8dLtN_BLnKpQ%26sig%3DCg0ArKJSzPnprilNyuAiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=65;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 17:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38496
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jul 2024 17:29:26 GMT

GET
DATA 200
OK truncated
/ Frame 1222 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 769d94aa9ea698abe4e96a460210aef4400454056e27c136239bae4b060e13ea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1C2D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fa8f3245a5c5a1779d33eda1cd4d347b78a1bd4706038f31d70e855670f7b1b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C027 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e68f85856b8fb6c5b2f66a39edd406dde54d006039c763357c0fccd58694af2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 197 KB
71 KB 58ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-875375440

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2a478ac8761cde54678f70f9589aca9d8f9e78d39defe48963c6e4e1d3562f5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72331
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 20 Jul 2023 04:11:02 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/assets/ 9 KB
3 KB 58ms
58ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/assets/otCenterRounded.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c4f86e9ccc5e942b4003bd9fed721d599fdeb7bcc1a2db63a95cba24de5f828

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ad42vPYfEjbgt2jOvy2ZBw==
age: 39902
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2639
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:05 GMT
server: cloudflare
etag: 0x8DB211B3C080A8D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ce2a6fc0-801e-00a9-60e1-5a0d0e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985b9d9c5a693d-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/assets/ 62 KB
15 KB 52ms
52ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/assets/otPcCenter.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: V5/ea3CdVX7pMOqnWq49VA==
age: 49069
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14749
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:05 GMT
server: cloudflare
etag: 0x8DB211B3BF12A5F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9d53f45f-901e-001c-6fe1-5a00f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985b9d9c5b693d-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/assets/ 21 KB
4 KB 50ms
50ms Fetch
text/css 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/assets/otCommonStyles.css

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 74329
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:17 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 56c6b21b-001e-00de-0ce1-5a884f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7e985b9d9c5c693d-FRA

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0D5E 22 KB
8 KB 173ms
41ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 148214
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 11:00:48 GMT
expires: Wed, 17 Jul 2024 11:00:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0BA3 22 KB
8 KB 172ms
41ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 148214
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 11:00:48 GMT
expires: Wed, 17 Jul 2024 11:00:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D2C9 22 KB
8 KB 58ms
53ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 148214
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 11:00:48 GMT
expires: Wed, 17 Jul 2024 11:00:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 / Show response
www.facebook.com/tr/ Frame BFCD 0
59 B 53ms
51ms Document
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.infosecurity-magazine.com
Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.infosecurity-magazine.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 04:11:02 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/875375440/ 3 KB
2 KB 223ms
121ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/875375440/?random=1689826262772&cv=11&fst=1689826262772&bg=ffffff&guid=ON&async=1&gtm=45be37h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&hn=www.googleadservices.com&frm=0&tiba=Chinese%20APT41%20Linked%20to%20WyrmSpy%20and%20DragonEgg%20Surveillanceware%20-%20Infosecurity%20Magazine&auid=586585172.1689826263&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f35bec75bb860b96016557a312107ee32ccff3b572a13785f6a242ad9f308ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0D5E 37 KB
15 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Jul 2024 03:31:25 GMT

GET
H2 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0BA3 37 KB
14 KB 98ms
97ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Jul 2024 03:31:25 GMT

GET
H2 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame D2C9 37 KB
14 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Jul 2024 03:31:25 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1222 0
0 82ms
81ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstrhlv8lAUsrNHsNJxdMUiBoeZ81uPxkHTfQCFsMwUtapLEQZ97nDMwQY2NKeIDXoyoQC6u2sW09LDSDNnBsMWwHuQeWK-E111Ew9oX0eG6gLFFUt9mtkD5345vI7DMY6Z1ZlqrvYETL_6qcmu5H0sKyLsLPjznezNuC7icqCTbbTZqeZtzJ8jQo3CVPn0&sai=AMfl-YTHJftrKl-1bZyCJTfXerhYawsMpsHKTHhjnEMuv2tHc34fA76h3OBdAkm1rYLB5x5AKV_jvlX3AipymAL37v8hIJ99-mYF8gaONQ&sig=Cg0ArKJSzOYOYeZRLPpIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=609&vt=11&dtpt=608&dett=2&cstd=0&cisv=r20230718.30543&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1222 0
0 179ms
79ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8Up7JlP8BDKmOf1c56MxXU5Or4I7Le2Yj9rikxPJ_xECRssYtvIseJXC1HeTHEA4VlPmOCnabZ9cpepEfHj9hQcZM9qfXkQYqOosOyGyqsz2i8vbKlnaAFW_6JqcH6ZMsMkDbmYheknWLAT4_eMORDNdrLjHXja9fQfNTdSZa56iVBBrEgOSkbGm2mJA0I37TUbFNUjPTWZa-QYBhKr-7xu0eESWy4u6vVfApljlAuquTczDq98SWLKmmi4rZdiQSiR_ENMskw5AdpLWOYnsUqXbRtjZU9UMpg6KH5gLltOSilD05uaZuojjGzyDH5UMcw24dt5aKqC87BB7nYdIrMo26sm4B_ut_Kml8TtxwU7rXHiCaEdt_iibaQOueaOGRbFZEeWcWy_zIgswvjwlKcA&sai=AMfl-YTHwpLVbXapTAu54eij_WK7f9o2iT2R40Rzg-sRrdbpRLp5lKXE4Hm-Nmc1GqSsc2HRhF-IiFTPd6TRS87SC2LiiLuB6-FwVd0kv86D8ojLpzxfvop8BKVNdCYhj7NXn5w5TnRK1eP_nbwRsJQ&sig=Cg0ArKJSzHd0CQR9QbYzEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 1222 62 KB
23 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4427770d30ccf8b4e950d8d03a9d4ec0e4976ed6cc85b793aab1c7d9ecf8fda0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:52:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1120
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23841
x-xss-protection: 0
server: cafe
etag: 13335932594914250126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:52:23 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/875375440/ 42 B
455 B 149ms
51ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/875375440/?random=1689826262772&cv=11&fst=1689825600000&bg=ffffff&guid=ON&async=1&gtm=45be37h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&frm=0&tiba=Chinese%20APT41%20Linked%20to%20WyrmSpy%20and%20DragonEgg%20Surveillanceware%20-%20Infosecurity%20Magazine&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2787669707&rmt_tld=0&ipr=y

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/875375440/ 42 B
455 B 403ms
55ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/875375440/?random=1689826262772&cv=11&fst=1689825600000&bg=ffffff&guid=ON&async=1&gtm=45be37h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&frm=0&tiba=Chinese%20APT41%20Linked%20to%20WyrmSpy%20and%20DragonEgg%20Surveillanceware%20-%20Infosecurity%20Magazine&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2787669707&rmt_tld=1&ipr=y

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 1222 0
234 B 181ms
46ms Ping
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lkamxdl2&chm=1&c=1952557289936230&ctx=2&qqid=CMbkvbC1nIADFduf_QcdJRsP5Q&met.4=fb.3p~lb.jg~ol.xd~idt.d8~dt.-5w&met.3=739.ju_1~374.ma~749.wx_8~749.x5_8~738.xd~736.z1~736.z1~735.100_2~735.102_1~740.104_1~113.142_4~112.141_5&met.1=1.lkamxch1~6.0~7.0~8.0~9.0~10.0~12.b~13.1v~14.1x~15.35~16.ju~17.ju~18.jv~19.xc~20.xc~21.xd~22.jt~23.jt&met.7=CBsQCBgBMEY4sQloC3BDeIkXgAHdFIgBkjCwAQG4AQM~CBEQChgBIIUBKIUBMMcBOENolwFwwwF4rjSAAYIyiAGLvQGwAQG4AQM~CCUQChgBIIUBKIUBMPIBOGw~CE0QChgBIIYBKIYBMJUEOI8DaMABcPoDeIvCA4AB378DiAGPlwuwAQG4AQM~CCIQBBgBINcBKNcBMKkCOFJo1wFwqAJ4rAKwAQG4AQM~CCYQChgBIPYBKPYBML0COEc~CBsQChgBIMICKMICMLMEOPEBaLEDcP4DeJ7sAYAB8ukBiAGz-gOwAQG4AQM~CBwQChgBIL8EKL8EMM8FOJABQMIESMMEUMMEWKYFYO4EaKYFcM4FePgigAHMIIgBs1ewAQG4AQM~CCIQBBgBIMEEKMEEMIEGOMABQMIESNgEUNgEWLEFYIAFaLIFcP8FeKwCsAEBuAED~CCcQChgBIMIEKMIEMPUEODRowwRw7gR4qG2AAfxqiAGKxQKwAQG4AQM~CCkQBhgBIMIEKMIEMPEIOK8EQMMESMQEUMQEWKcFYO8EaKgFcNMFeKeyuwKAAfuvuwKIAfuvuwKwAQG4AQM~CCcQBRgBIJwGKJwGMNgHOLwBaKMHcMwHePdDgAHLQYgB6rIBsAEBuAED~CCIQBBgBIKEJKKEJMIUKOGVoowlw9Al4rAKwAQG4AQM~CCgQChgBIPEJKPEJMKQKODJo8glwmwp4zbwBgAGhugGIAZTyA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0D5E 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BoyZP1rO4ZK7KE7S5x_APx76ewAcAAAAAOAHgBAI&bg=!7-yl7LjNAAa3SiIRl0o7ADkAdvg8Wrt9i6L67y8SVVIF7LzTV5DkScfsaLzV-GHtPtNmEJR2aNVkJWQ7ik34fyphbTrJHWS_xRACAAABUFIAAAAOaAEHmQL_ibHgVfTH3cqb_xSj_P8L_u7lm2XnN5HhNDuDB85aicaIi0zrPkoThxdV5TWJ8zuXhS_a1jKiYawRDylnA5jbazxrURjYSi_n6v4gPebpW6_CHTdy0BOpmuBrEdZj3wwIFKjw-Ed2md2SW7clpGYmalhfpRL4y7pWhNP3hTN3gU__2oWe1spU0cil6OgN8CwwahApiLk1orhKy3xym8u2o5mGtwYrivvthfpaP-zVwaWD_fCFihwtNV1bRjTNx8saIDNn_cBg4afu5Ful1ceDwwg62ODxENJKeUd4wC-zOLkQEvB-hFLmh4lkUl-_PKtTc19WGRHikycGed-PlOuDvl3mh4qhYy1tYczhqbN-OjwJ3yOdkNTT6i9apEXLVMJkc6aEe35Rp7FjoP1cBZsoDL-lnLFSLupo62u-XuKP8rFyUnPFesQc4zX-a1IIPWoj7EIYKQAazOsNRRM8s1n-cz1BYrcP3zfrpPykKfUS9V1UZ2XViQ6z_hdLk5kkZ7JpDjsW_px1rSmT7rIE-zyU65MVpx89y5zuY2NNPjC7RVw10VzHmxzebejKsJpgiDvmG1dmAWdCnZ0BcVH8oGexuC3-vQmqnbd3t_fgc4ZyfDRMc75DfiFfT55001Wi4wsur81DjXrzVgLdCX9bq4UB84FnS2tMUmjiOtR-7ypTDBM7hlKj2cmtxP8JRYVvJoqIhShChhFGI-uYgNtvrUJ4R60eqfMo2tL-MxXT4b7XN8ff1SyEHqqSPApXkVs1sU-lIO20sWW5dz8mT-feptH7N2IioIATz2zDarqccvG4-v7OGjCAaYORGlHVVzWnCqoIjAFzTAXg3nSmezjdNpZ7z_UUnAKBIXkXB3E7HAIFbGwEeIaQzQPGtMt0iQrKQ81_zV4zmmwa5_-iS2g9KC1sPsv-RrWJ998XanCRUvgED9uCxta10Ssq310RzY5wA-1Uq-RCPnL52RNyihcBLtDgoV5G0gtjkN7HcaOj3rVYqRcmhzicYSm319KpoO7pJ4o

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1C2D 0
0 79ms
79ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstClOiZUrraKqdUnB4hORf4_F8F7f8yi53iOuJz3ktlgoAN8g59idf2qxrb7oUV6hYDEqPuX7PF_hsDedTOmCdYQ2TNLauATn25BWmzjQyOBzZ7cMyOxdxEvYNqEm2KMZruAnJlOVTuGe_mTD6GeAkievDTFWviYguXIVjlny9KVCMxpXRbPVWflAWvtjE&sai=AMfl-YRIVahvoAwMA_uMZ0rJrlNq_Cd-DWzOR5abvhQzbdRQqGGk_SCHjM_PJP7ECo4owSqVN7sv5is58Sl7mwcBGREM48OByfToHHGOtQ&sig=Cg0ArKJSzIbzc80V297UEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=916&vt=11&dtpt=915&dett=2&cstd=0&cisv=r20230718.83637&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1C2D 0
0 90ms
90ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuCURyRlQ18Sj_8Sw80HscH-tXppsVLVUGEc7uXL5nJmyG29Lz8UmJ7rG5u_NfsLcf2159fBhKuqJfICzIT3_FO0JlPkyOtwKmEWyG80jz03zBCCBGBRTxa8WRJF4eSvVIt4cadfnDy5Jn_-hSHk7oZfuEwYncA9E3tO_-pg3CokuEw0EjIKNIhYw-nt-TUBm-6GJQQRvKXChGMhV5FB6XSS2JxG6gqEGLCxnxU39C0AeHpeJIlEhF4T53Dx0UgP_uWJ583OgxxatWN65qWVgHWKy0Rhh5GWLgrfcTwz4Qrgay-OxQzmiJ2VvGxU-5mDsdaHSK4tcFC2a6yeMs0tj7M_TkaKFUHjkq6c3qa04mKVjffmkKiw_hcC352hBD1Ojv5eZuFgjYinunkRYhm2-ABDQ&sai=AMfl-YRMCMNnkeuEE-2-gBLKPczGqvAHhLLfyonj0ipsApTTu5wwBpOg3BMiF3Lz76MQm85fDawxu3b8I-fUNICHKFg18rAb_c7uu4EoHXnVlAXynRW5-lRYhCmXqwCkpVjsvZ83uDzUIQ6Za6e4Zag&sig=Cg0ArKJSzK_f7leI-ul8EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C027 0
0 89ms
89ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsttEcI4BZtRA39-60Gi-h-HQU7Jb1f8gSi4U6_OaRs7ZFh9-IMw2yMN_s1bphSoQpj0jyUg06XBSP9aHkNTrUkWSxarFyDFtPBLb1UputJ1Y8huWzUn6iK_aXYA3iwSNGFqYxjYTzSMaPtc9ctmJhI7mm1Cuofq63kSTmbZStXGO34HE5CSUfAOnSEiOWs&sai=AMfl-YQDP0EiPZe5aGCawg6D5sHG0qa4tEjJKJlRN73dCOYp9nQFK69NDXwXInkUw8rqX5Scwbht9ULdFaiuPhMc_B5jWU-MJKb3vGt9Fg&sig=Cg0ArKJSzFIuhRBpNalJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=802&vt=11&dtpt=801&dett=2&cstd=0&cisv=r20230718.51765&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756770778;ord=bc8s1f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvuNTBf_WYIdxerGW9LMrXnrazkRpJHwR2D_tHxsHfObJr3ECH70JT6UdgthdBQo45vNPf4WC8O89Lox_yh_uUuVOEBb8putkI98tA05Xo2bsizhrVaKqm8HLEVNWEb4IPBn_eSSp43do4Nial_iEEzm_J8F88a8HZ34NgnhAuMOVkEPCGaNmoP0lxZQiuvkMFiXMKfILaxaM_f8wkfkqfStEwHGG5RESd_YsCt1rEQbYT-GPECer83Bo4LszdYpPKQ9lZKSPQwZ_ecH1gI0wO4JuOLiCzjjN5NFJ8oWjIILnRKaoSO6Ql5kqdCbzEtM45xQskdiWGofnl4gtaNJN16m1aWdbmais-SXhgSJNouZFQ2xjy8GrllYtIDH_W8OnqFjN8IW-mEoNbmltc%26sai%3DAMfl-YTX5EsMMGhSn9af8twDUebgPyqAdsBpXuQLTbbCtLh852-q6LZRg_Paq7u818g_zY4f9SM0xdJi2BLBVHk640vudr-7C7-iDrWCh9rTbKe6t1Hi0cz7GqSPuQhwpTQzSW9tkSo8dLtN_BLnKpQ%26sig%3DCg0ArKJSzPnprilNyuAiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=jegFuL*9kr;stc=1;chaa=1;sttr=65;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C027 0
0 89ms
88ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8pQ_ZkOWdvwi8ny2fhuKTTz8iN880WftILyjaM_MueSEG9ArYQmew4ZkQGmAUtcaaXhkUM020f1tX2m-2FdHiTxFjVE_syHe1v7SGxsKPjAMMxc6BofYW7Jy69u5LBbznzbVS7fNq9CwqzkPQ67K_ZzOJjLARtwAIKGaPb8ZZUlUTsBJP4q7_Gt5sIICNU7XkmNKYyneQecwU1Y24uNVNmhQcaYEBZrrOKRBjmGvXiMDr2W4IHXM7Bu_agiL_dGVAS8_X4zOuDtn-ZjcZCxO0-Hf0zlXIJDwTVPXmpu_CRpdw-FeHHNHaC5lDeEHOlXVEvUBdzYHPG44pGtfYIbpBPg2xG-KCYzPQMGVh0lg8Gc_DOVg3qMaKT6mD2IJOBnkkig_mHGFqeU4uBWOY4BpDWA&sai=AMfl-YRuyVVCEkN8zU7hMi6XrOBR0qw9qbjWMGTwNtslYrOeHSl-6RN4v4OXGqVhsLcswqxczDPtkKkSCof57hRCnMPPI5de8oG8YLBz8YfbwTYEXAOeLrxoci3JZZTkC9JdwHFpJ8YBERiSPZ7ZKCc&sig=Cg0ArKJSzE8OVyLxnwgMEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 1C2D 62 KB
23 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4427770d30ccf8b4e950d8d03a9d4ec0e4976ed6cc85b793aab1c7d9ecf8fda0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:52:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1120
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23841
x-xss-protection: 0
server: cafe
etag: 13335932594914250126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:52:23 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame C027 62 KB
23 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
URL: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4427770d30ccf8b4e950d8d03a9d4ec0e4976ed6cc85b793aab1c7d9ecf8fda0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:52:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1120
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23841
x-xss-protection: 0
server: cafe
etag: 13335932594914250126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Jul 2023 04:52:23 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 1C2D 0
54 B 47ms
47ms Ping
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lkamxdpx&chm=1&c=1952557289936230&ctx=2&qqid=CMfkvbC1nIADFduf_QcdJRsP5Q&met.4=fb.38~lb.iv~ol.15a~idt.cp~dt.-6f&met.3=739.j6~374.lr~749.152_4~749.156_3~738.15a_1~736.15v~736.15v~740.169_1~735.16c_1~735.16d_1~113.18d_1~112.18d_2&met.1=1.lkamxchk~6.1~7.1~8.1~9.1~10.1~12.c~13.1i~14.1j~15.2t~16.j6~17.j6~18.j7~19.15a~20.15a~21.15b~22.ja~23.ja&met.7=CBsQCBgBMDc4zgtoDHA2eIkXgAHdFIgBkjCwAQG4AQM~CBEQChgBIHQodDDQAThcaIMBcLQBeK40gAGCMogBi70BsAEBuAED~CCUQChgBIHUodTD6ATiFAQ~CE0QChgBIHUodTCOBDiZA2isAXDpA3iLwgOAAd-_A4gBj5cLsAEBuAED~CCIQBBgBINoBKNoBMKoCOFBo2wFwqQJ4rAKwAQG4AQM~CCYQChgBIPwBKPwBMLcCODs~CBsQChgBILsCKLsCMKoEOO8BaJ0DcPYDeM_sAYABo-oBiAHw-gOwAQG4AQM~CBwQChgBILEEKLEEML4FOI0BaJMFcLwFePgigAHMIIgBs1ewAQG4AQM~CCIQBBgBILMEKLMEMO4FOLsBaJ4FcO0FeKwCsAEBuAED~CCcQChgBILQEKLQEMOsEODdotARw4gR4qG2AAfxqiAGKxQKwAQG4AQM~CCkQBhgBILQEKLQEMJQLOOAGaJQFcNwIeMH5qwKAAZX3qwKIAZX3qwKwAQG4AQM~CCcQBRgBIIsGKIsGMMUHOLoBaI8HcLkHePdDgAHLQYgB6rIBsAEBuAED~CCIQBBgBIMYLKMYLMJsMOFVoxgtwlAx4rAKwAQG4AQM~CCIQBBgBIMoLKMoLMKUMOFtoywtwpAx4rAKwAQG4AQM~CCgQChgBIO0LKO0LMK4MOEJo7Qtwlwx4zbwBgAGhugGIAZTyA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C027 0
54 B 52ms
51ms Ping
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lkamxdqo&chm=1&c=1952557289936230&ctx=2&qqid=CMXkvbC1nIADFduf_QcdJRsP5Q&met.4=fb.20~lb.lk~ol.16h~idt.dn~dt.-5h&met.3=739.m7~374.mr~749.16a_4~749.16e_3~738.16h~736.16t~736.16t~735.178_1~735.179_1~740.17f_1~113.1a2_1~112.1a1_1&met.1=1.lkamxcgm~6.2~7.2~8.2~9.2~10.2~12.c~13.1k~14.1l~15.1s~16.m7~17.m7~18.m7~19.16h~20.16h~21.16h~22.lo~23.lo&met.7=CBsQCBgBKAEwOTj5C2gMcDh4iReAAd0UiAGSMLABAbgBAw~CBEQChgBIEkoSTDRATiIAUBKSEpQSlikAWByaKUBcM0BeK40gAGCMogBi70BsAEBuAED~CCUQChgBIEooSjD6ATiwAQ~CE0QChgBIE4oTjDCBDj0A2jOAXCwBHiLwgOAAd-_A4gBj5cLsAEBuAED~CCIQBBgBINgBKNgBMKcCOE9o2QFwpgJ4rAKwAQG4AQM~CCYQChgBIIQCKIQCMLwCODg~CBsQChgBIMUCKMUCMOMEOJ4CQNECSOMCUOMCWL4DYIsDaL8DcMwEeIntAYAB3eoBiAHb-wOwAQG4AQM~CCkQBhgBIM0FKM0FMLcLOOoFaM4FcP8IeMH5qwKAAZX3qwKIAZX3qwKwAQG4AQM~CBwQChgBIM4FKM4FMPkFOCtozgVw9gV4-CKAAcwgiAGzV7ABAbgBAw~CCIQBBgBINAFKNAFMKEGOFFo0AVwngZ4rAKwAQG4AQM~CCcQChgBINAFKNAFMIQGODNo0QVw-wV4qG2AAfxqiAGKxQKwAQG4AQM~CCcQBRgBILMGKLMGMOgHOLQBaLIHcOcHePdDgAHLQYgB6rIBsAEBuAED~CCIQBBgBIPILKPILMM4MOFxo8wtwzAx4rAKwAQG4AQM~CCIQBBgBIPULKPULMM8MOFpo9gtwzgx4rAKwAQG4AQM~CCgQChgBIJMMKJMMMN0MOEpolAxwygx4zbwBgAGhugGIAZTyA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D2C9 0
20 B 87ms
86ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Br3Nj1rO4ZL7ME7-d9u8PlLuW8A4AAAAAOAHgBAI&bg=!AwClAFTNAAa3SiIRl0o7ADkAdvg8WlsWRu0tQISisUqGEQDKLKZbOIQ_3TRS9msm7ljOtGgMPBhDNH0JsZkBx9R3aJqCsexhC9oCAAABflIAAAAIaAEHCgB8uwU3t9QbVVpk34nklZ_mz4esnpIAntGYZHwP-wi7cHfAI-cldaWVvqievWRHjGu5e5USLSwHYI0JGEwEUVz1hwE1FmSMEgVaR28iLEpr8LGHuqthZakRWqGFZPV_vLneck_0gI-JH26pQnYJuqXw0RsrmGqB8DhA98QKyZkDDdXOLF-BQT3rARmEke-ShMdX98KGlI8tmTy_--Fu5NEW09Ga9R6yiU2A9sWaGzcuUaNCWhHWjdk8tEi_nIDv40AX6EUZe5oj_qBaQ5oj6Cl7gErL9yyLHr5CHo0cOH5ld9-Ck2c0fSQNqYt8GjbjfhhLe-Ctkb4eFHuSIHL7_RAkYB7eZOseiaSglr3XDq4-ZM-Wkueu2556HEwu9NDj8xY3xlqBDgV_si_RUgZw4Kz-4TqqyOcvSDhBMzFPkPW8hiXBPsDYzscHAgkIYs0vVhHJNWVZqUksekPuRlIuc-xEIT_a3jhDQdhBbK6wKYs0vrNIgJlfjd8mh9eF3W9Eo_eGoNUSaD0Umr6e_sy-qj2Chf7D8aRItuVv-G8tMVbJxqUTb_ZPt5E4HL2Of6SpfR1BSn0CLhSlANPKGd6kYL8KiwdkXtEf-jx5kiMdasBcELu89J6imeUUxNPsc6Dd3UDHmOkDhfKZvcA4Na53UBVl2YcVw3N5_zDahGWCEwOzTR4NZqS_LZ2n54A88BHTxFlACpCLP1tRK7nYnfrY0oVA3CQBEbuqHuiGH7BgQ_jqeWEu9D-nA_zUGC_3VRynJ7SKanHHsY6p9hoA1xo8689OnzRS6M9fXjqxlnrZGwjUd3yiJzfxO-lSy-iIPnCeKs_PooGKtdwhmbnsX8Kyd47zjUWbUB2ie0-gBPGKMYh7QXK8Gfw4bnovW5aGMw4gGTgI-ATu_Yz1mxX8gCDOs43SL0wBna8IVCwT0iZ80mRKp6bpvU2jJsXnDNC8FfmiKxW5dmbjwf0iqJp3mtIbK5W5oCsR5LwTuPtB0nssXvO4INHYEmnBmJNy4aitRJ1FTcQJ9-DvfqIO7j1-1msmj62E7fa-8qv3jtgKVLKX-jIIcqipFaSqX7CK_uRKlC4y2RuaYKGmB2L2tqEP2GG7iVsF7FTJo94AIvMtELLnF4xe0IKi7yZAd6OHGEoOUtKbUO7Z6MZhKIvoeX21couHqrKS1IvmD6AYg-dyw6qcFqTshEKUv-3Sy2frMzUAL1I

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BA3 0
20 B 85ms
85ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCBiz1rO4ZKDWE96TjuwP-820sAIAAAAAOAHgBAI&bg=!r6ylrPjNAAa3SiIRl0o7ADkAdvg8WpQI_V5oLgx9aV_A-U67pCh9tmtdBCjV8RIRo4NiB52DALiNERDnhOvklxvwylxFdz5nxpMCAAABzlIAAAAJaAEHmQMIHa_PD061UW_bzV-l4Rvk_mE2OoZLBFW-1iDaXhKDN7ZTXPYkmWNn6x_d98y7ocnqzq15CPMGb8hiimYtjTSV2dWmeQIidqMCNZ2IYUt7FY6D0ipY5KFaFoJi5FwztvICxJvYUUjPmdvyyLkGR4gfY72uqpeM86-ZK2rJl1oCe4InnrMmcGyWlNjq1Wpr5FBvNmqg4-VFVZxuTjIJ29WnJp5gxzpIedodvqAAKgCzSe_iLw3r66waN8zXiqPAj-MCFRwy7MzK--zSWyQKWs9ShlIFL4h040Bw-pJIhxe1JFl97F47r2TcCBSWnb11G_i2eaYJv42lgNjD3w6WX7p1ua8ltmuMI630yMRgwWLeYvv4b0ajYkn5I4XaMrnhFgbMECacrvkaWkOlPHl37kdNV5H9CL24O-KZh9GTlSZWzvq0DvZczdpDFck_bmi2SUeeyDpR__yb2p3a4aUL_x_B2n2E3FoKI7jHHMLyW0L-cm87Ml7D2nJ-_SxTTJQUE15C6RSATh42ey_KxZp2PpbRriCFqtXCW_Jm4UHNiGn-ZHAiuTZ0kbcG1aeyzwUrNsltNHrxQqZUQHXtxHJat6EyrNcU32y-KE9PmEkvgxxgBXytlT9tD4xQr91y6dvB3p3Vt1n5EuAAXltbNkJpp3LIL40YVVS3row15kWyP28-pMqwc19XHv3YqtY-JSfxHhCFC6rs7PQrh4qvM_z2SPzViQMhGvmxXOIyDgYNwnlvopgWoGXzmDbtLAZH6fgLl1-wpa4LKJGAUAmThQuuCB9kIApwEYJPqVcW6aEeH0I1sRN8NBtrqGQyIXKUinqc2-nRRRXKGNv_IwhdMj4rhtsRGTWqBagYUAdCc4GmjZsCM8reJtDvrCgtyU7B5kAUC4MJud60bR1d1E3hUzYhq87DQv7Zfz6kboQXSu0VhrD3fRIRZb4h0ypiWB0BRjjzsMYqfLJPE13aHdej9Ks_HnJN4qilU2EkxUeRFnKmHvCwX2uLh_-5TLAm0jub8JN-vT_R5002fPYSSIE

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ 49 KB
49 KB 153ms
39ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
date: Thu, 20 Jul 2023 04:11:03 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: WPMFB0VJG75YV1Z7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 50049
x-amz-id-2: FZGRs9jHoygJROiHGl6xMkWo6b2J8tT5vX+5wqPZ7xbNvPJpdkGEDO9l2DizwaxY1IJipLlFmJk=
x-served-by: cache-fra-etou8220046-FRA
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1689826264.688383,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 141

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 97ms
96ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202307170101&st=env

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

5bc1ccfdad16fa5bef045a950275de132722fae761ca5b1a3b44253563583cd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11744
x-xss-protection: 0

GET
H2 200 RX_Logo_-_primary_logo_for_everyday_use.png
cdn.cookielaw.org/logos/c7f35e9f-bc78-43c8-9f0e-7cd83009704c/d5d2d0ac-164a-4501-8141-3a264a81333e/95f66c83-9442-43f5-9fb4-8a136c33442a/ 51 KB
51 KB 53ms
53ms Image
image/png 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/c7f35e9f-bc78-43c8-9f0e-7cd83009704c/d5d2d0ac-164a-4501-8141-3a264a81333e/95f66c83-9442-43f5-9fb4-8a136c33442a/RX_Logo_-_primary_logo_for_everyday_use.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

279b6c8b97bfb37476d6d075d1431d85a380ca36ebe6af4146844cfb135c21d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: yxwPB4FKahj/CgrZY2+Gbg==
age: 41055
content-length: 52319
x-ms-lease-status: unlocked
last-modified: Mon, 02 Aug 2021 09:46:17 GMT
server: cloudflare
etag: 0x8D9559A5FD49D88
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 9d36135a-501e-00e4-55e1-5acbec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e985ba3aa1530db-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 49ms
49ms Image
image/svg+xml 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 20 Jul 2023 04:11:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 32567
x-ms-lease-status: unlocked
last-modified: Wed, 19 Jul 2023 16:40:20 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 6cab9cad-301e-0178-4f6b-baf604000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7e985ba3aa1730db-FRA

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=www.infosecurity-magazine.com&doc=complete&pg_h=3035&pg_w=1600&pg_hs=3035&c=3&aa_c=0&av_h=143.333&av_w=585.333&av_a=68680&s=42.016&all_s=42.016&b=1843&all_b=1843&d=0.142&all_d=0.142&ard=0.042&all_ard=0.042&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 65ms
62ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jul 2023 04:11:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DD44 13 KB
5 KB 48ms
43ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3531
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 03:12:12 GMT
expires: Fri, 19 Jul 2024 03:12:12 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C050 783 B
952 B 54ms
51ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f8b0501ea16287272ebaa860c26f9efb5105bd76fcb9553675d9459126be2a1a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wJkRFHmljappdE3bRWS-Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-wJkRFHmljappdE3bRWS-Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 20 Jul 2023 04:11:03 GMT
expires: Thu, 20 Jul 2023 04:11:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK NRJS-70b3f9b2c6f17cc4471 Show response
bam.eu01.nr-data.net/1/ 56 B
552 B 180ms
48ms Script
text/javascript 185.221.87.23
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-70b3f9b2c6f17cc4471?a=241052313&v=1216.487a282&to=MhBSZQoZXxEDUkdRWQtacWIoV0UHD0FfWUIABh9GHRpBAwVUHVlFFQ0%3D&rst=4110&ck=1&ref=https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/&ap=1044&be=1281&fe=3901&dc=1821&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1689826259657,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:33,%22c%22:33,%22s%22:72,%22ce%22:115,%22rq%22:115,%22rp%22:1256,%22rpe%22:1265,%22dl%22:1260,%22di%22:1821,%22ds%22:1821,%22de%22:1822,%22dc%22:3900,%22l%22:3900,%22le%22:3948%7D,%22navigation%22:%7B%7D%7D&fp=1825&fcp=1825&jsonp=NREUM.setToken
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:03 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 56
x-served-by: cache-fra-eddf8230112-FRA

GET
H3 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame DD44 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 03:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2378
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Jul 2024 03:31:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C050 0
0 75ms
74ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202307170101&jk=1952557289936230&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1222 42 B
64 B 75ms
75ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvb6sr7srr__8A_HAGv7SmiSNO6rc8USzrg-cMbMvL_dh8BR43aQUDU61YGrr1L5ikIdqyxcgCDFAa3JIW3a5P3dACuCjdET8uxyzzv4Fqu29p-oWT4&sig=Cg0ArKJSzMiEsny88Fg8EAE&id=lidar2&mcvt=1001&p=810,1046,1060,1346&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3402167491&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689826261861&rpt=1185&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1222 42 B
64 B 75ms
74ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstfsPyX675XC5Ct59i84FhU7jsICJQWhX_Yy_fp9ZhW-H-QV1E--yQBQW__IdJgwlkJdIX2OYTxfeRvSYl0uWdOCLl_g5Fthww&sig=Cg0ArKJSzKbBBnAd5xJtEAE&id=lidar2&mcvt=1004&p=0,0,250,300&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=2539885387&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689826261861&rpt=1193&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DD44 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ED9Hig
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 04:11:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C027 42 B
64 B 75ms
74ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6WafBDcufvHR0J2kXlhjFa4BolPKlzIpPWZQyxXc9AtCpT5ixNytJCa9QgGR5WVYbxoYbhD9-IgUWa29R5D9D3Sdg6mDWoTlnv9s0hN5kkrePI3xs&sig=Cg0ArKJSzGcgNjp-adYREAE&id=lidar2&mcvt=1000&p=8,436,98,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1109858289&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689826261846&rpt=1522&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1C2D 42 B
64 B 76ms
75ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuhk-u16upaD-07VrGJ_FOTwyrPtEdcleOtpZbEovUGMKqU1CiJ1LrXsDa37ucjWdFuByQe4r2HJkGGlvYcq3fbUFU80qZgUZI&sig=Cg0ArKJSzGFg39wvNb5pEAE&id=lidar2&mcvt=1002&p=0,0,90,728&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=153458417&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689826261880&rpt=1482&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1C2D 42 B
64 B 76ms
75ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1mRJHZjo0sJArU2Lw6OXK0kCzscJ9cKi8dRymiZZE2-5sbeyhjzdexomUY2mfYJL_2zjgkdZZ8N6uFdCYX0UL1c85Gno3n5KnTlxdJP_qHyB0KKPN&sig=Cg0ArKJSzHt8AEAvtOxrEAE&id=lidar2&mcvt=1005&p=1102,436,1192,1164&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2611251870&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689826261880&rpt=1478&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C027 42 B
64 B 76ms
76ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbE5KRAZXE6W0f08H36oxC4bEQVOQMhSNavoQPLEPVAWfMI4oFJwXVfPtHnEGTldAALwTTrLJHzqymZcO0qLNpsBLbqNQegc4&sig=Cg0ArKJSzCj-cRqS-KqKEAE&id=lidar2&mcvt=1008&p=0,0,90,728&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=3756770778&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689826261846&rpt=1526&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ 0
54 B 48ms
47ms Ping
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lkamxcd7&c=1952557289936230&e=31076240%2C31075594%2C31061691%2C31061692&ctx=1&met.9=1.1eg~2.1i4~9.0~3_1.1jl~7_1.0~7_2.0~7_3.0~4_1.1n6~5_1.1om~5_2.1oz~5_3.1pf~6_2.2mm~6_3.2v2~6_1.2vb&met.10=1_3.CLCcAhCwnAIYgJh1IN8PKAE~1_1.CLCcAhCwnAIYgJh1IN8PKAE~1_2.CPjJBBD4yQQYgJh1IN8PKAE&met.3=112.1le_2~416.1uq~413.1v2~416.1v3~413.1v8~416.1vq~413.1vx~415.2ml_1~415.2v2~415.2va~113.31z_3&met.1=1.lkamxart~6.0~7.1~8.x~9.x~10.37~11.20~12.37~13.yw~14.z5~15.z0~16.1el~17.1el~18.1em~19.30c~20.30c~21.31o~22.1eq~23.1eq&qqid.1=CMXkvbC1nIADFduf_QcdJRsP5Q&qqid.2=CMbkvbC1nIADFduf_QcdJRsP5Q&qqid.3=CMfkvbC1nIADFduf_QcdJRsP5Q
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jul 2023 04:11:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 77ms
76ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202307170101&jk=1952557289936230&bg=!DQ6lDlrNAAa3SiIRl0o7ADkAdvg8WhUGDc9Bdo0g-wyKr8EcALhJsUAFKPiD0Jmrde9_JLtgSu4PM-7fuC_V3aiqqreez_Idxo4CAAABIFIAAAAGaAEHmQK4i2Hq4uIqF7bMCyKGltKc22N7AUSOE7kULlym2_lVXMIxT514L3CDHLHOYmlj5ogFRtnyvz6b6gTHI0uqsqp6blj7_l5hvt8gO8gw7oYustaRkgX2jvnA6Mlndzuo_MAGdTK2UOrpVks_jlRuA8jaFsTyAUtwX-jTxHx8do075BmeBBnYFxpCR_u3rd3yH5r8bVGyzKcgyqyCwmvQ-GNYZKYBFdNze87LJ59zCo6PU1lRRUOQqRoIQQax7ReQprwkZYqw6vunSh05JpzRKE2nZX6zZljdp6_euH5C8yhsWQhD84nRXcj--igJwfzY04NP4bG4OJK4yQp3IPYBM860Miopm86keiyQZ4LLfvpjXWobkg0CQi_5XsOltMtzMJyiyCUq3WwJxdaooDe96oz7Ir2QM6KjwZeA-_blpah5F_nunZm2d0ZLhYCaNw306BXb5-65VaOcY6GXuyJdwvSiFZw2JgRRsq_sRQ4gK-HJVlWrrx-iS3_jX_lvrCKsCR2FN-72yQkLrme5gFO_-hxTgp-bKL_GhbYNqMFVAkD2-HaZGNnBiasRK6OZce546k9L_fubfEboyEl9KtJTMPB5Bx1pNSnibLTdtCKSO7O6caJW4rU2YEBA4Niw3onEjfKg2LXk-wbVwYRdi0YD04NibJQqwxno1OYNvmYodSfZfiLbsM6FLvNj4ZABf3kUhoWlK_lVhxV5CwglWGygwUls-9qoc_zzUNLoBQxE7BUCuJ37JCbBQek3sEhf5_wzOTMQBi5Wt9wzeQK7xVr7K16M0yeGrFlGvf7ql4dkBTdDeSBdfBSQn6dk0hkZu6nwYH2vbhEFTxh_kNhs57WJVKIPfBxxdmYU83ogMPRhXSqvcRpCLyMVkK9Esmg1Xk9Pp6FRIso9ctECHbW6uLOJzGIUjih3Gk4p09i4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg	1969-12-31 23:59:59	Name: ISM.ScreenSize Value: 1600
.infosecurity-magazine.com/	1970-01-20 13:25:12	Name: _gid Value: GA1.2.451186550.1689826262
.infosecurity-magazine.com/	1970-01-20 22:45:22	Name: __gads Value: ID=11e5f68a73f0fe4e:T=1689826261:RT=1689826261:S=ALNI_MYEDOGD6YDHAq-fopXdda2dN2Ew6g
.infosecurity-magazine.com/	1970-01-20 22:45:22	Name: __gpi Value: UID=00000c4024bd63da:T=1689826261:RT=1689826261:S=ALNI_MaBDyOdwQUuez82jem7YZJFzvN_Cg
.infosecurity-magazine.com/	1970-01-20 22:59:46	Name: _ga_8VSXE5KKGM Value: GS1.1.1689826261.1.0.1689826261.0.0.0
.infosecurity-magazine.com/	1970-01-20 22:59:46	Name: _ga Value: GA1.1.647726670.1689826262
.doubleclick.net/	1970-01-20 22:45:22	Name: IDE Value: AHWqTUlA8bzDeOGLZYHTfbvBl9VJxVluPuhE2z3IYo6GgGe_l1dTGUxMnndvlASV5c8
.infosecurity-magazine.com/	1970-01-20 15:33:22	Name: _fbp Value: fb.1.1689826262209.300174066
.t.co/	1970-01-20 22:59:46	Name: muc_ads Value: 81b190a7-23f9-4bf9-a465-239321151247
.twitter.com/	1970-01-20 22:59:46	Name: personalization_id Value: "v1_z7cJjxYm6emjn8RQIjkGVQ=="
.doubleclick.net/	1970-01-20 17:42:58	Name: APC Value: Aa3gxNopd2X-UlzUIvfFH4iO4C5RZz13lOQnckEGR5TL0s4-zQfgzA
.infosecurity-magazine.com/	1970-01-20 15:33:22	Name: _gcl_au Value: 1.1.586585172.1689826263
.infosecurity-magazine.com/	1970-01-20 22:09:22	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jul+20+2023+04%3A11%3A03+GMT%2B0000+(GMT)&version=202302.1.0&isIABGlobal=false&hosts=&consentId=17c6b639-076e-49b5-96ce-a75d3e11ec0c&interactionCount=0&landingPath=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fapt41-linked-wyrmspy-dragonegg%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C6%3A0
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 50cc55372a7c01e4

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'encrypted-media:'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'oversized-images'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker-selection'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: accelerometer, autoplay, camera, display-capture, fullscreen, geolocation, magnetometer, microphone, midi, payment, picture-in-picture, publickey-credentials-get, sync-xhr, usb, xr-spatial-tracking. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://www.infosecurity-magazine.com/news/apt41-linked-wyrmspy-dragonegg/ Message: The resource https://www.infosecurity-magazine.com/_common/css/23062601/base.css?v=23062601 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8b46dacb7ba7c9bc5d3a283b0d360501.safeframe.googlesyndication.com
ad.doubleclick.net
analytics.twitter.com
assets.infosecurity-magazine.com
bam.eu01.nr-data.net
cdn.cookielaw.org
cdn.jsdelivr.net
connect.facebook.net
csi.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
in.ml314.com
js-agent.newrelic.com
ml314.com
p.typekit.net
pagead2.googlesyndication.com
region1.google-analytics.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.ads-twitter.com
t.co
tpc.googlesyndication.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.infosecurity-magazine.com
104.244.42.3
104.244.42.5
108.138.36.26
13.32.99.61
142.250.185.66
142.250.186.70
146.75.116.157
151.101.2.137
185.221.87.23
2001:4860:4802:32::36
2001:4860:4802:36::178
2606:4700::6812:1d26
2606:4700::6812:aa72
2a00:1450:4001:812::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2006
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a02:26f0:3100::1735:28c8
2a02:26f0:3100::1735:28f0
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:200::485
34.111.234.236
52.20.71.154
00e70321427a6db08053549dc7efd05e3371b4aaa3db383284295b0da386f950
07ac84596d158248a60c2f747f609a508e6e2f1980a23f0608caee79a30291b7
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0f8b805bc586ed61e2124b73fb8ea7951bb654063a39165c9cca36deb13157a9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1779a49bc11620c55dd5424776fa1e5c44b5cdb705163555ef05afc54e9cde89
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4
279b6c8b97bfb37476d6d075d1431d85a380ca36ebe6af4146844cfb135c21d6
2a478ac8761cde54678f70f9589aca9d8f9e78d39defe48963c6e4e1d3562f5a
3c4f86e9ccc5e942b4003bd9fed721d599fdeb7bcc1a2db63a95cba24de5f828
3cfb549a2206ff40cd7d94367df91895a057d37218e859e7b4b6506cad7c6241
4427770d30ccf8b4e950d8d03a9d4ec0e4976ed6cc85b793aab1c7d9ecf8fda0
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4ca1e0e518aaf5d78abd4fc78268ac642cb679dbb56a905d2c57a296566a0bba
4e916eb59cd64cce6fc41e3355180f0284ae0edc2602686431e90f2e7f082652
4f8059cfd6739160b9073e937833a58c728a9791b380f27fcf2d047d76951155
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53fc4495c7705b2373e2b73ec881c82dffb40cfbd744d8e5bd8ba7f5a018575b
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
5553375f937eec15235af194cbdbd4043dd882c873e2f1fa7c1555e0cc354e18
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5ac6ea903c923a17aefb13bcb82614fd096d820291d23a0cfc25ca821518958a
5bc1ccfdad16fa5bef045a950275de132722fae761ca5b1a3b44253563583cd7
5f35bec75bb860b96016557a312107ee32ccff3b572a13785f6a242ad9f308ae
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
60a3a7f932316a94621e08b843050b7fa26b89d8ca8a5d99a2e8fb492ead42d6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6dc12f4e2f1e89213f05753303d2842d766ba9e9f40bcbf1a5ad6d1d7600401c
746efb160d199709d2c612d0b812b2ff3651aae5b2727b3db37947ad1033543c
769d94aa9ea698abe4e96a460210aef4400454056e27c136239bae4b060e13ea
778f93243401b2fd6663834b51f4d3f32012d6ee11f40f6169af721331bd1682
792074561f2d94442c8648916f41fc6016817b61d554daa9c67301aeecca14bb
7c6f31fe5a0d2f30d4abc00e171a9ce25b7cde803232123475536743fba8ab79
843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f
859718b1a80c0c9001e0754e52d4ab88358a933b400444bfd317544325b2cf4d
861911f5f61cc5648263484e53e1731bc4856b7fb5f0f3f8cc9922b387b4858a
8e22de2f3daa81640b661557e04b0078e450dca1b4ac96005d657c6bc2f3ec28
92b8f658f04b2a33f95e91a16ef52e0d7873e147db061dc68fc4faa55cde9856
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
9d61e4834a3eeca1742bb54ebd81c99ea6a8208775e4aff3b67abc28b2c1e118
9e68f85856b8fb6c5b2f66a39edd406dde54d006039c763357c0fccd58694af2
9fa8f3245a5c5a1779d33eda1cd4d347b78a1bd4706038f31d70e855670f7b1b
a45a4393f8b7ac978e32ac46f58dad43eb83811a4b3d9f7b79cac1f864edd662
a9dddb8d0d63b7b9af03b6dcb8ff589496a302a3460623de5e036d4e292a144a
aaa981a29af4652e8ffc714853c0aa407a23dab11edd70b5c051760e87db6b45
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d
bb20d24b99fd1eae4fd77c1e833ce0a4536189961ceb1114fd272ca31e8ebd82
be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7
cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70be2849f7e7f7f27dc4eb168538ef25474e4799e1a4a4d9aee01f57f4c5a3f
ecde3c0d9f4721fd5bc3989d1e6103966b836786849f65ead031a1c758687ef0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017
f247341fb469b888a762cfe66b04e7c1397d1c25744988c8e509a0832479bf57
f7fbb92e03e044b3065bcf2c8e6ee284b8b8c0625c7ce7f33785bdda23a46606
f8b0501ea16287272ebaa860c26f9efb5105bd76fcb9553675d9459126be2a1a
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

www.infosecurity-magazine.com Open in urlscan Pro 108.138.36.26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

122 Requests

100 %HTTPS

63 %IPv6

22 Domains

31 Subdomains

31 IPs

3 Countries

16402 kBTransfer

19475 kBSize

14 Cookies

13 Outgoing links

Redirected requests

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.infosecurity-magazine.com Open in urlscan Pro
108.138.36.26 Public Scan

Screenshot
Live screenshot

Full Image

122
Requests

100 %
HTTPS

63 %
IPv6

22
Domains

31
Subdomains

31
IPs

3
Countries

16402 kB
Transfer

19475 kB
Size

14
Cookies

122 HTTP transactions
3 data transactions