urlscan.io logo urlscan.io
SecurityTrails logo

arstechnica.com Open in urlscan Pro
3.17.33.209  Public Scan

Go To Rescan Add Verdict Report
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Submission: On October 19 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 128 IPs in 6 countries across 117 domains to perform 478 HTTP transactions. The main IP is 3.17.33.209, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is arstechnica.com. The Cisco Umbrella rank of the primary domain is 44315.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 28th 2023. Valid for: a year.
This is the only time arstechnica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3.17.33.209 16509 (AMAZON-02)
26 205.234.175.175 23352 (SERVERCEN...)
6 104.18.130.236 13335 (CLOUDFLAR...)
2 10 142.251.163.155 15169 (GOOGLE)
2 18.160.41.112 16509 (AMAZON-02)
1 2 104.19.144.23 13335 (CLOUDFLAR...)
2 104.16.112.202 13335 (CLOUDFLAR...)
1 151.139.128.10 20446 (STACKPATH...)
2 104.18.32.137 13335 (CLOUDFLAR...)
2 172.253.63.97 15169 (GOOGLE)
1 34.149.178.20 15169 (GOOGLE)
1 15 151.101.193.44 54113 (FASTLY)
2 34.200.139.68 14618 (AMAZON-AES)
1 18.67.65.123 16509 (AMAZON-02)
3 13.32.208.51 16509 (AMAZON-02)
1 35.190.59.101 15169 (GOOGLE)
3 35.201.67.47 396982 (GOOGLE-CL...)
2 35.190.91.160 15169 (GOOGLE)
3 3.162.125.75 16509 (AMAZON-02)
1 18.67.74.42 16509 (AMAZON-02)
13 172.253.62.157 15169 (GOOGLE)
7 23.47.65.174 16625 (AKAMAI-AS)
1 172.64.146.86 13335 (CLOUDFLAR...)
1 35.171.81.138 14618 (AMAZON-AES)
3 18.160.53.102 16509 (AMAZON-02)
1 74.119.119.139 19750 (AS-CRITEO)
1 151.101.64.239 54113 (FASTLY)
42 3.162.93.184 16509 (AMAZON-02)
2 54.156.7.21 14618 (AMAZON-AES)
2 44.215.141.48 14618 (AMAZON-AES)
24 52.45.99.63 14618 (AMAZON-AES)
1 6 192.184.68.254 14618 (AMAZON-AES)
1 52.85.151.15 16509 (AMAZON-02)
1 13 104.22.5.69 13335 (CLOUDFLAR...)
2 23.218.218.181 20940 (AKAMAI-ASN1)
3 31.13.66.19 32934 (FACEBOOK)
1 18.160.41.58 16509 (AMAZON-02)
5 23.48.224.108 20940 (AKAMAI-ASN1)
1 3.162.112.96 16509 (AMAZON-02)
2 23.47.65.93 16625 (AKAMAI-AS)
1 99.84.191.57 16509 (AMAZON-02)
3 23.23.9.104 14618 (AMAZON-AES)
8 172.253.115.100 15169 (GOOGLE)
1 52.5.107.207 14618 (AMAZON-AES)
1 1 72.44.58.73 14618 (AMAZON-AES)
1 150.230.189.108 31898 (ORACLE-BM...)
14 34.107.161.9 396982 (GOOGLE-CL...)
1 3.162.103.98 16509 (AMAZON-02)
2 151.101.0.239 54113 (FASTLY)
5 141.226.124.48 200478 (TABOOLA-AS)
1 104.17.118.17 13335 (CLOUDFLAR...)
1 52.85.151.82 16509 (AMAZON-02)
2 34.111.134.78 396982 (GOOGLE-CL...)
1 34.107.254.252 396982 (GOOGLE-CL...)
1 142.251.16.132 15169 (GOOGLE)
1 151.101.128.84 54113 (FASTLY)
3 23.55.205.47 16625 (AKAMAI-AS)
2 99.83.154.140 16509 (AMAZON-02)
1 104.22.52.173 13335 (CLOUDFLAR...)
1 104.22.4.69 13335 (CLOUDFLAR...)
5 9 68.67.179.166 29990 (ASN-APPNEX)
12 12 35.71.131.137 16509 (AMAZON-02)
2 4 8.28.7.83 62713 (AS-PUBMATIC)
14 22 69.173.151.100 26667 (RUBICONPR...)
5 6 34.111.113.62 396982 (GOOGLE-CL...)
10 18 142.251.163.154 15169 (GOOGLE)
1 2 198.148.27.131 19189 (PULSEPOINT)
2 2 52.206.133.69 14618 (AMAZON-AES)
1 99.84.191.77 16509 (AMAZON-02)
1 34.120.63.153 396982 (GOOGLE-CL...)
2 74.119.119.129 19750 (AS-CRITEO)
1 100.26.15.60 14618 (AMAZON-AES)
6 31.13.66.35 32934 (FACEBOOK)
1 34.194.161.83 14618 (AMAZON-AES)
1 18.206.105.7 14618 (AMAZON-AES)
1 1 124.146.153.162 2514 (INFOSPHER...)
2 12 141.226.224.48 200478 (TABOOLA-AS)
2 2 3.121.117.202 16509 (AMAZON-02)
1 23.105.12.170 30633 (LEASEWEB-...)
4 5 44.207.229.222 14618 (AMAZON-AES)
2 2 35.208.249.213 15169 (GOOGLE)
3 3 74.119.119.150 19750 (AS-CRITEO)
9 9 162.19.138.83 16276 (OVH)
2 2 50.57.31.206 19994 (RACKSPACE)
1 1 69.166.1.67 27630 (AS-XFERNET)
1 1 3.212.217.1 14618 (AMAZON-AES)
1 1 8.28.7.81 62713 (AS-PUBMATIC)
3 4 35.211.178.172 15169 (GOOGLE)
1 1 69.10.32.226 19318 (IS-AS-1)
2 2 35.207.24.140 15169 (GOOGLE)
4 12 52.223.22.214 16509 (AMAZON-02)
2 7 34.98.64.218 396982 (GOOGLE-CL...)
1 151.101.129.44 54113 (FASTLY)
2 23.205.106.147 20940 (AKAMAI-ASN1)
2 74.119.119.131 19750 (AS-CRITEO)
2 70.42.32.255 13789 (INTERNAP-...)
2 23.196.180.24 16625 (AKAMAI-AS)
1 141.226.224.32 200478 (TABOOLA-AS)
2 23.216.85.43 16625 (AKAMAI-AS)
3 8 23.62.165.62 16625 (AKAMAI-AS)
2 172.67.23.234 13335 (CLOUDFLAR...)
3 142.251.16.95 15169 (GOOGLE)
4 18.67.65.39 16509 (AMAZON-02)
2 5 13.107.42.14 8068 (MICROSOFT...)
2 142.251.16.148 15169 (GOOGLE)
13 172.253.63.155 15169 (GOOGLE)
4 172.253.115.132 15169 (GOOGLE)
3 172.253.122.149 15169 (GOOGLE)
3 3 50.16.197.56 14618 (AMAZON-AES)
2 156.146.36.23 60068 (CDN77 ^_^)
1 2 23.55.200.222 16625 (AKAMAI-AS)
1 3 35.190.60.146 15169 (GOOGLE)
1 2 13.249.39.110 16509 (AMAZON-02)
1 52.1.225.194 14618 (AMAZON-AES)
1 107.20.22.234 14618 (AMAZON-AES)
2 104.18.25.18 13335 (CLOUDFLAR...)
1 151.101.1.108 54113 (FASTLY)
2 23.50.125.215 16625 (AKAMAI-AS)
2 9 104.18.26.193 13335 (CLOUDFLAR...)
8 8 151.101.2.49 54113 (FASTLY)
3 6 52.46.155.104 16509 (AMAZON-02)
1 34.227.12.45 14618 (AMAZON-AES)
4 4 52.87.111.42 14618 (AMAZON-AES)
1 35.174.197.87 14618 (AMAZON-AES)
1 52.95.115.255 16509 (AMAZON-02)
1 100.24.248.59 14618 (AMAZON-AES)
2 2 34.200.65.202 14618 (AMAZON-AES)
1 23.222.5.142 20940 (AKAMAI-ASN1)
1 52.85.151.129 16509 (AMAZON-02)
1 1 52.4.40.141 14618 (AMAZON-AES)
1 147.28.146.89 54825 (PACKET)
2 142.251.16.102 15169 (GOOGLE)
1 204.79.197.200 8068 (MICROSOFT...)
1 3.162.125.108 16509 (AMAZON-02)
2 18.165.98.107 16509 (AMAZON-02)
14 54.152.126.180 14618 (AMAZON-AES)
2 142.250.31.155 15169 (GOOGLE)
1 172.253.115.105 15169 (GOOGLE)
2 142.250.31.94 15169 (GOOGLE)
6 108.138.85.70 16509 (AMAZON-02)
2 216.239.34.181 15169 (GOOGLE)
7 3.162.112.47 16509 (AMAZON-02)
2 18.67.76.44 16509 (AMAZON-02)
1 1 216.200.232.253 30419 (MEDIAMATH...)
1 1 23.78.2.150 16625 (AKAMAI-AS)
1 1 67.202.105.22 32748 (STEADFAST)
1 1 172.64.151.238 13335 (CLOUDFLAR...)
1 104.244.42.195 13414 (TWITTER)
2 2 35.190.52.204 15169 (GOOGLE)
1 1 107.178.240.89 396982 (GOOGLE-CL...)
2 2 104.66.251.81 16625 (AKAMAI-AS)
2 2 18.165.98.9 16509 (AMAZON-02)
1 1 38.68.201.140 174 (COGENT-174)
1 1 107.22.122.125 14618 (AMAZON-AES)
1 1 52.86.191.86 14618 (AMAZON-AES)
2 2 3.217.0.89 14618 (AMAZON-AES)
1 3.144.50.154 16509 (AMAZON-02)
1 1 141.94.171.216 16276 (OVH)
1 69.169.85.6 29838 (AMC)
478 128
2    3.17.33.209 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-17-33-209.us-east-2.compute.amazonaws.com
arstechnica.com
26    205.234.175.175 (Carrollton, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net
cdn.arstechnica.net
6    104.18.130.236 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
10    142.251.163.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net
www.googletagservices.com
cm.g.doubleclick.net
2    18.160.41.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-112.iad55.r.cloudfront.net
ads-static.conde.digital
2    104.19.144.23 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.mediavoice.com
plugin.mediavoice.com
2    104.16.112.202 (None, )

ASN13335 (CLOUDFLARENET, US)
polarcdn-terrax.com
1    151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net
s.skimresources.com
2    104.18.32.137 (None, )

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net
www.googletagmanager.com
1    34.149.178.20 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 20.178.149.34.bc.googleusercontent.com
shiverscissors.com
15    151.101.193.44 (United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
trc.taboola.com
match.taboola.com
2    34.200.139.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-139-68.compute-1.amazonaws.com
api.cnevids.com
1    18.67.65.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-123.iad89.r.cloudfront.net
cdn.memo.co
3    13.32.208.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-208-51.iad66.r.cloudfront.net
player.cnevids.com
1    35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com
r.skimresources.com
3    35.201.67.47 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.67.201.35.bc.googleusercontent.com
t.skimresources.com
2    35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com
p.skimresources.com
3    3.162.125.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-125-75.iad61.r.cloudfront.net
static.adsafeprotected.com
1    18.67.74.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-74-42.iad89.r.cloudfront.net
z-na.associates-amazon.com
13    172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net
securepubads.g.doubleclick.net
googleads4.g.doubleclick.net
7    23.47.65.174 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-65-174.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
1    172.64.146.86 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.permutive.app
1    35.171.81.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-81-138.compute-1.amazonaws.com
segment-data.zqtk.net
3    18.160.53.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-53-102.iad55.r.cloudfront.net
c.amazon-adsystem.com
1    74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
1    151.101.64.239 (United States)

ASN54113 (FASTLY, US)
api.condenast.io
42    3.162.93.184 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-93-184.iad61.r.cloudfront.net
dwgyu36up6iuz.cloudfront.net
2    54.156.7.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-7-21.compute-1.amazonaws.com
elsa.memoinsights.com
2    44.215.141.48 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-141-48.compute-1.amazonaws.com
assoc-na.associates-amazon.com
24    52.45.99.63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-99-63.compute-1.amazonaws.com
dpm.demdex.net
6    192.184.68.254 (United States)

ASN14618 (AMAZON-AES, US)
secure.quantserve.com
pixel.quantserve.com
cms.quantserve.com
1    52.85.151.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-15.iad89.r.cloudfront.net
ak.sail-horizon.com
13    104.22.5.69 (None, )

ASN13335 (CLOUDFLARENET, US)
a.ad.gt
ids.ad.gt
pixels.ad.gt
2    23.218.218.181 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-218-218-181.deploy.static.akamaitechnologies.com
snap.licdn.com
3    31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net
1    18.160.41.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-58.iad55.r.cloudfront.net
static.hotjar.com
5    23.48.224.108 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-224-108.deploy.static.akamaitechnologies.com
analytics.tiktok.com
1    3.162.112.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-112-96.iad61.r.cloudfront.net
cdn-magiclinks.trackonomics.net
2    23.47.65.93 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-65-93.deploy.static.akamaitechnologies.com
amplify.outbrain.com
wave.outbrain.com
1    99.84.191.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-191-57.iad89.r.cloudfront.net
config.aps.amazon-adsystem.com
3    23.23.9.104 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-9-104.compute-1.amazonaws.com
pixel.adsafeprotected.com
8    172.253.115.100 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f100.1e100.net
www.google-analytics.com
1    52.5.107.207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-107-207.compute-1.amazonaws.com
condenast.demdex.net
1    72.44.58.73 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-72-44-58-73.compute-1.amazonaws.com
cm.everesttech.net
1    150.230.189.108 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
mb.moatads.com
14    34.107.161.9 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 9.161.107.34.bc.googleusercontent.com
permutive.arstechnica.com
1    3.162.103.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-98.iad61.r.cloudfront.net
fpa-cdn.arstechnica.com
2    151.101.0.239 (United States)

ASN54113 (FASTLY, US)
pixel.condenastdigital.com
5    141.226.124.48 (Chicago, United States)

ASN200478 (TABOOLA-AS, IL)
ch-trc-events.taboola.com
1    104.17.118.17 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.permutive.com
1    52.85.151.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-82.iad89.r.cloudfront.net
rules.quantcount.com
2    34.111.134.78 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 78.134.111.34.bc.googleusercontent.com
planebasin.com
1    34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com
googlesync.permutive.com
1    142.251.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f132.1e100.net
f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com
1    151.101.128.84 (United States)

ASN54113 (FASTLY, US)
ct.pinterest.com
3    23.55.205.47 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-55-205-47.deploy.static.akamaitechnologies.com
a.teads.tv
2    99.83.154.140 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com
api.sail-personalize.com
1    104.22.52.173 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.hadronid.net
1    104.22.4.69 (None, )

ASN13335 (CLOUDFLARENET, US)
p.ad.gt
9    68.67.179.166 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
12    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
4    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
simage2.pubmatic.com
22    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
pixel.rubiconproject.com
6    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
18    142.251.163.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f154.1e100.net
cm.g.doubleclick.net
2    198.148.27.131 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
2    52.206.133.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-133-69.compute-1.amazonaws.com
ad.360yield.com
1    99.84.191.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-191-77.iad89.r.cloudfront.net
script.hotjar.com
1    34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com
prebid.media.net
2    74.119.119.129 (United States)

ASN19750 (AS-CRITEO, US)
PTR: bidder.va1.vip.prod.criteo.com
bidder.criteo.com
1    100.26.15.60 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-26-15-60.compute-1.amazonaws.com
tlx.3lift.com
6    31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com
1    34.194.161.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-161-83.compute-1.amazonaws.com
p1.parsely.com
1    18.206.105.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-206-105-7.compute-1.amazonaws.com
fpa-events.arstechnica.com
1    124.146.153.162 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
12    141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
sync-t1.taboola.com
2    3.121.117.202 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-117-202.eu-central-1.compute.amazonaws.com
ih.adscale.de
1    23.105.12.170 (Manassas, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
ssbsync.smartadserver.com
5    44.207.229.222 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-207-229-222.compute-1.amazonaws.com
pr-bh.ybp.yahoo.com
2    35.208.249.213 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 213.249.208.35.bc.googleusercontent.com
trace.mediago.io
3    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
9    162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu
id5-sync.com
2    50.57.31.206 (United States)

ASN19994 (RACKSPACE, US)
uipglob.semasio.net
1    69.166.1.67 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
1    3.212.217.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-217-1.compute-1.amazonaws.com
rtb.gumgum.com
1    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
4    35.211.178.172 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
1    69.10.32.226 (Lake Elsinore, United States)

ASN19318 (IS-AS-1, US)
PTR: all.sitemanserver.com
inv-nets.admixer.net
2    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
12    52.223.22.214 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
7    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
us-u.openx.net
1    151.101.129.44 (United States)

ASN54113 (FASTLY, US)
pips.taboola.com
2    23.205.106.147 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-147.deploy.static.akamaitechnologies.com
qsearch-a.akamaihd.net
2    74.119.119.131 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
2    70.42.32.255 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
tr.outbrain.com
2    23.196.180.24 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-196-180-24.deploy.static.akamaitechnologies.com
pb-logs.media.net
1    141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)
cds.taboola.com
2    23.216.85.43 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-216-85-43.deploy.static.akamaitechnologies.com
t.teads.tv
8    23.62.165.62 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-165-62.deploy.static.akamaitechnologies.com
sync.teads.tv
2    172.67.23.234 (United States)

ASN13335 (CLOUDFLARENET, US)
id.hadron.ad.gt
3    142.251.16.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f95.1e100.net
imasdk.googleapis.com
4    18.67.65.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-39.iad89.r.cloudfront.net
player-frontend.cnevids.com
5    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
2    142.251.16.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f148.1e100.net
ad.doubleclick.net
13    172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net
pagead2.googlesyndication.com
pubads.g.doubleclick.net
4    172.253.115.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f132.1e100.net
tpc.googlesyndication.com
3    172.253.122.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f149.1e100.net
s0.2mdn.net
3    50.16.197.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-197-56.compute-1.amazonaws.com
loadm.exelator.com
2    156.146.36.23 (New York, United States)

ASN60068 (CDN77 ^_^, GB)
PTR: 137173278.nyc.cdn77.com
load77.exelator.com
2    23.55.200.222 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-55-200-222.deploy.static.akamaitechnologies.com
tags.bluekai.com
x.dlx.addthis.com
3    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
idsync.rlcdn.com
2    13.249.39.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-110.iad89.r.cloudfront.net
aa.agkn.com
1    52.1.225.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-225-194.compute-1.amazonaws.com
beacon.krxd.net
1    107.20.22.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-22-234.compute-1.amazonaws.com
sync.springserve.com
2    104.18.25.18 (None, )

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
cdn.indexww.com
1    151.101.1.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
2    23.50.125.215 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-50-125-215.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
9    104.18.26.193 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
8    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
6    52.46.155.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    34.227.12.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-12-45.compute-1.amazonaws.com
rtb.adentifi.com
4    52.87.111.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-111-42.compute-1.amazonaws.com
match.prod.bidr.io
1    35.174.197.87 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-197-87.compute-1.amazonaws.com
d.adroll.com
1    52.95.115.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    100.24.248.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-248-59.compute-1.amazonaws.com
match.sharethrough.com
2    34.200.65.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    23.222.5.142 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-5-142.deploy.static.akamaitechnologies.com
hb.yahoo.net
1    52.85.151.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-129.iad89.r.cloudfront.net
live.primis.tech
1    52.4.40.141 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-40-141.compute-1.amazonaws.com
sync.ipredictive.com
1    147.28.146.89 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
2    142.251.16.102 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f102.1e100.net
ampcid.google.com
ampcid.google.ca
1    204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com
1    3.162.125.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-125-108.iad61.r.cloudfront.net
infinityid.condenastdigital.com
2    18.165.98.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-98-107.iad55.r.cloudfront.net
4d.condenastdigital.com
14    54.152.126.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-152-126-180.compute-1.amazonaws.com
capture.condenastdigital.com
2    142.250.31.155 (Oxford, United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f155.1e100.net
stats.g.doubleclick.net
1    172.253.115.105 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f105.1e100.net
www.google.com
2    142.250.31.94 (Oxford, United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f94.1e100.net
www.google.ca
6    108.138.85.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-85-70.iad12.r.cloudfront.net
dp8hsntg6do36.cloudfront.net
2    216.239.34.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
7    3.162.112.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-112-47.iad61.r.cloudfront.net
fr-actions.trackonomics.net
2    18.67.76.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-76-44.iad89.r.cloudfront.net
trx-hub.com
1    216.200.232.253 (Frederick, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    23.78.2.150 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-78-2-150.deploy.static.akamaitechnologies.com
su.addthis.com
1    67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net
dp2.33across.com
1    172.64.151.238 (United States)

ASN13335 (CLOUDFLARENET, US)
idpix.media6degrees.com
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    35.190.52.204 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 204.52.190.35.bc.googleusercontent.com
tag.yieldoptimizer.com
1    107.178.240.89 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 89.240.178.107.bc.googleusercontent.com
fei.pro-market.net
2    104.66.251.81 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-66-251-81.deploy.static.akamaitechnologies.com
px.owneriq.net
2    18.165.98.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-98-9.iad55.r.cloudfront.net
ads.scorecardresearch.com
1    38.68.201.140 (Ashburn, United States)

ASN174 (COGENT-174, US)
abp.mxptint.net
1    107.22.122.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-122-125.compute-1.amazonaws.com
aorta.clickagy.com
1    52.86.191.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-191-86.compute-1.amazonaws.com
usermatch.krxd.net
2    3.217.0.89 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-0-89.compute-1.amazonaws.com
sync.crwdcntrl.net
1    3.144.50.154 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-144-50-154.us-east-2.compute.amazonaws.com
dmp.v.fwmrm.net
1    141.94.171.216 (France)

ASN16276 (OVH, FR)
PTR: pikafka-eu-10.cloudy.ovh
pixel.onaudience.com
1    69.169.85.6 (United States)

ASN29838 (AMC, US)
global.ib-ibi.com
Apex Domain
Subdomains		 Transfer
48 cloudfront.net
dwgyu36up6iuz.cloudfront.net
dp8hsntg6do36.cloudfront.net
1 MB
39 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214
cm.g.doubleclick.net — Cisco Umbrella Rank: 255
ad.doubleclick.net — Cisco Umbrella Rank: 173
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 443
stats.g.doubleclick.net — Cisco Umbrella Rank: 98
pubads.g.doubleclick.net — Cisco Umbrella Rank: 412
229 KB
34 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 1126
trc.taboola.com — Cisco Umbrella Rank: 680
ch-trc-events.taboola.com — Cisco Umbrella Rank: 4013
sync.taboola.com — Cisco Umbrella Rank: 1031
sync-t1.taboola.com — Cisco Umbrella Rank: 1598
match.taboola.com — Cisco Umbrella Rank: 5650
pips.taboola.com — Cisco Umbrella Rank: 1752
cds.taboola.com — Cisco Umbrella Rank: 2153
232 KB
26 arstechnica.net
cdn.arstechnica.net — Cisco Umbrella Rank: 54206
973 KB
25 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 242
condenast.demdex.net — Cisco Umbrella Rank: 26677
28 KB
24 rubiconproject.com
token.rubiconproject.com — Cisco Umbrella Rank: 504
fastlane.rubiconproject.com Failed
pixel.rubiconproject.com — Cisco Umbrella Rank: 409
eus.rubiconproject.com — Cisco Umbrella Rank: 662
28 KB
19 condenastdigital.com
pixel.condenastdigital.com — Cisco Umbrella Rank: 24568
infinityid.condenastdigital.com — Cisco Umbrella Rank: 43605
4d.condenastdigital.com — Cisco Umbrella Rank: 25045
capture.condenastdigital.com — Cisco Umbrella Rank: 19778
18 KB
18 arstechnica.com
arstechnica.com — Cisco Umbrella Rank: 44315
sstats.arstechnica.com Failed
permutive.arstechnica.com — Cisco Umbrella Rank: 88482
fpa-cdn.arstechnica.com — Cisco Umbrella Rank: 153783
fpa-events.arstechnica.com — Cisco Umbrella Rank: 89246
42 KB
16 googlesyndication.com
f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
98 KB
16 ad.gt
a.ad.gt — Cisco Umbrella Rank: 2191
p.ad.gt — Cisco Umbrella Rank: 2530
ids.ad.gt — Cisco Umbrella Rank: 1641
pixels.ad.gt — Cisco Umbrella Rank: 2329
id.hadron.ad.gt — Cisco Umbrella Rank: 2033
19 KB
13 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 659 Failed
eb2.3lift.com — Cisco Umbrella Rank: 434
6 KB
13 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1558
t.teads.tv — Cisco Umbrella Rank: 3060
sync.teads.tv — Cisco Umbrella Rank: 1584
137 KB
12 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 402
5 KB
11 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 334
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 657
aax.amazon-adsystem.com Failed
s.amazon-adsystem.com — Cisco Umbrella Rank: 328
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1086
74 KB
10 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 261 Failed
secure.adnxs.com — Cisco Umbrella Rank: 542
acdn.adnxs.com — Cisco Umbrella Rank: 663
24 KB
9 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 470
13 KB
9 casalemedia.com
htlb.casalemedia.com Failed
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 513
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716
6 KB
9 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1318
sync-tm.everesttech.net — Cisco Umbrella Rank: 782
2 KB
9 cnevids.com
api.cnevids.com — Cisco Umbrella Rank: 109934
player.cnevids.com — Cisco Umbrella Rank: 22587
player-frontend.cnevids.com — Cisco Umbrella Rank: 27652
384 KB
8 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
24 KB
8 trackonomics.net
cdn-magiclinks.trackonomics.net — Cisco Umbrella Rank: 6896
fr-actions.trackonomics.net — Cisco Umbrella Rank: 13214
39 KB
8 moatads.com
z.moatads.com — Cisco Umbrella Rank: 712
mb.moatads.com — Cisco Umbrella Rank: 779
px.moatads.com — Cisco Umbrella Rank: 628
420 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 223
271 KB
7 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 491
ups.analytics.yahoo.com — Cisco Umbrella Rank: 363
4 KB
7 openx.net
rtb.openx.net Failed
u.openx.net — Cisco Umbrella Rank: 739
us-u.openx.net — Cisco Umbrella Rank: 547
2 KB
7 skimresources.com
s.skimresources.com — Cisco Umbrella Rank: 4246
r.skimresources.com — Cisco Umbrella Rank: 4126
t.skimresources.com — Cisco Umbrella Rank: 4281
p.skimresources.com — Cisco Umbrella Rank: 5648
15 KB
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 116
429 B
6 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 521
1 KB
6 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1348
pixel.quantserve.com — Cisco Umbrella Rank: 1147
cms.quantserve.com — Cisco Umbrella Rank: 929
11 KB
6 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 478
bidder.criteo.com — Cisco Umbrella Rank: 895
dis.criteo.com — Cisco Umbrella Rank: 648
2 KB
6 adsafeprotected.com
static.adsafeprotected.com — Cisco Umbrella Rank: 720
pixel.adsafeprotected.com — Cisco Umbrella Rank: 936
16 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 385
148 KB
5 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 2048
load77.exelator.com — Cisco Umbrella Rank: 3804
3 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 416
www.linkedin.com — Cisco Umbrella Rank: 708
5 KB
5 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 1116
simage2.pubmatic.com — Cisco Umbrella Rank: 959
image6.pubmatic.com — Cisco Umbrella Rank: 967
1 KB
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 766
138 KB
4 google.com
ampcid.google.com — Cisco Umbrella Rank: 2926
www.google.com — Cisco Umbrella Rank: 2
analytics.google.com — Cisco Umbrella Rank: 178
1 KB
4 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 624
2 KB
4 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 387
2 KB
4 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 3400
tr.outbrain.com — Cisco Umbrella Rank: 3137
wave.outbrain.com — Cisco Umbrella Rank: 3380
9 KB
3 google.ca
ampcid.google.ca — Cisco Umbrella Rank: 128539
www.google.ca — Cisco Umbrella Rank: 9740
609 B
3 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 445
76 B
3 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 344
193 KB
3 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 498
386 KB
3 media.net
prebid.media.net — Cisco Umbrella Rank: 1420
pb-logs.media.net — Cisco Umbrella Rank: 15408
668 B
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 187
221 KB
3 associates-amazon.com
z-na.associates-amazon.com — Cisco Umbrella Rank: 11935
assoc-na.associates-amazon.com — Cisco Umbrella Rank: 4343
4 KB
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 1011
876 B
2 scorecardresearch.com
ads.scorecardresearch.com — Cisco Umbrella Rank: 3488
771 B
2 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 2007
1 KB
2 yieldoptimizer.com
tag.yieldoptimizer.com — Cisco Umbrella Rank: 4846
2 KB
2 addthis.com
su.addthis.com — Cisco Umbrella Rank: 6832
x.dlx.addthis.com — Cisco Umbrella Rank: 1732
693 B
2 trx-hub.com
trx-hub.com — Cisco Umbrella Rank: 7577
909 B
2 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 753
cdn.indexww.com — Cisco Umbrella Rank: 1795
2 KB
2 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 903
usermatch.krxd.net — Cisco Umbrella Rank: 2014
524 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 587
1 KB
2 criteo.net
static.criteo.net — Cisco Umbrella Rank: 728
61 KB
2 akamaihd.net
qsearch-a.akamaihd.net — Cisco Umbrella Rank: 2381
592 B
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 1204
811 B
2 semasio.net
uipglob.semasio.net — Cisco Umbrella Rank: 1270
1 KB
2 mediago.io
trace.mediago.io — Cisco Umbrella Rank: 1030
573 B
2 adscale.de
ih.adscale.de — Cisco Umbrella Rank: 3185
630 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 761
708 B
2 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 602
1 KB
2 sail-personalize.com
api.sail-personalize.com — Cisco Umbrella Rank: 3629
495 B
2 planebasin.com
planebasin.com — Cisco Umbrella Rank: 110237
874 B
2 permutive.com
cdn.permutive.com — Cisco Umbrella Rank: 3138
googlesync.permutive.com — Cisco Umbrella Rank: 9435
240 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 901
script.hotjar.com — Cisco Umbrella Rank: 1101
60 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 981
7 KB
2 memoinsights.com
elsa.memoinsights.com — Cisco Umbrella Rank: 36571
1 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 56
216 KB
2 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 655
552 B
2 polarcdn-terrax.com
polarcdn-terrax.com — Cisco Umbrella Rank: 10476
3 KB
2 mediavoice.com
cdn.mediavoice.com — Cisco Umbrella Rank: 62456
plugin.mediavoice.com — Cisco Umbrella Rank: 46403
138 KB
2 conde.digital
ads-static.conde.digital — Cisco Umbrella Rank: 22337
475 KB
1 ib-ibi.com
global.ib-ibi.com — Cisco Umbrella Rank: 2273
72 B
1 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 3315
248 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 14650
460 B
1 clickagy.com
aorta.clickagy.com — Cisco Umbrella Rank: 2405
432 B
1 mxptint.net
abp.mxptint.net — Cisco Umbrella Rank: 34817
677 B
1 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2678
321 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 869
394 B
1 media6degrees.com
idpix.media6degrees.com — Cisco Umbrella Rank: 2111
552 B
1 33across.com
dp2.33across.com — Cisco Umbrella Rank: 13177
501 B
1 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1371
698 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 257
690 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1090
449 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1089
509 B
1 primis.tech
live.primis.tech — Cisco Umbrella Rank: 1985
285 B
1 yahoo.net
hb.yahoo.net — Cisco Umbrella Rank: 1185
645 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 621
280 B
1 adroll.com
d.adroll.com — Cisco Umbrella Rank: 1495
181 B
1 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1274
285 B
1 springserve.com
sync.springserve.com — Cisco Umbrella Rank: 3893
206 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 734
516 B
1 admixer.net
inv-nets.admixer.net — Cisco Umbrella Rank: 2870
583 B
1 gumgum.com
rtb.gumgum.com — Cisco Umbrella Rank: 1656
274 B
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1111
646 B
1 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 951
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1247
866 B
1 parsely.com
p1.parsely.com — Cisco Umbrella Rank: 2550
259 B
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 2088
10 KB
1 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 965
621 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1263
2 KB
1 sail-horizon.com
ak.sail-horizon.com — Cisco Umbrella Rank: 3713
33 KB
1 condenast.io
api.condenast.io — Cisco Umbrella Rank: 30411
6 KB
1 zqtk.net
segment-data.zqtk.net — Cisco Umbrella Rank: 11517
569 B
1 permutive.app
cdn.permutive.app — Cisco Umbrella Rank: 10262
210 KB
1 memo.co
cdn.memo.co — Cisco Umbrella Rank: 42738
7 KB
1 shiverscissors.com
shiverscissors.com — Cisco Umbrella Rank: 124885
24 KB
0 spotxchange.com Failed
sync.search.spotxchange.com Failed
0 adsymptotic.com Failed
p.adsymptotic.com Failed
0 prmutv.co Failed
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co Failed
0 bounceexchange.com Failed
tag.bounceexchange.com Failed
0 datadoghq-browser-agent.com Failed
www.datadoghq-browser-agent.com Failed
0 pippio.com Failed
pippio.com Failed
0 ads-twitter.com Failed
static.ads-twitter.com Failed
478 117
Domain Requested by
42 dwgyu36up6iuz.cloudfront.net arstechnica.com
player-frontend.cnevids.com
26 cdn.arstechnica.net arstechnica.com
cdn.arstechnica.net
24 dpm.demdex.net arstechnica.com
20 cm.g.doubleclick.net 12 redirects arstechnica.com
sync.teads.tv
u.openx.net
eb2.3lift.com
14 capture.condenastdigital.com arstechnica.com
14 permutive.arstechnica.com cdn.permutive.app
13 pixel.rubiconproject.com 7 redirects arstechnica.com
12 eb2.3lift.com 4 redirects arstechnica.com
ads-static.conde.digital
eb2.3lift.com
12 match.adsrvr.org 12 redirects
11 pagead2.googlesyndication.com ad.doubleclick.net
www.googletagservices.com
imasdk.googleapis.com
tpc.googlesyndication.com
arstechnica.com
10 ids.ad.gt 1 redirects arstechnica.com
10 cdn.taboola.com arstechnica.com
cdn.taboola.com
9 id5-sync.com 9 redirects
9 sync.taboola.com 2 redirects arstechnica.com
9 token.rubiconproject.com 7 redirects arstechnica.com
eus.rubiconproject.com
9 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
arstechnica.com
8 sync-tm.everesttech.net 8 redirects
8 sync.teads.tv 3 redirects a.teads.tv
sync.teads.tv
8 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
arstechnica.com
8 www.googletagservices.com arstechnica.com
securepubads.g.doubleclick.net
www.googletagservices.com
7 fr-actions.trackonomics.net cdn-magiclinks.trackonomics.net
7 ib.adnxs.com cdn.permutive.app
ads-static.conde.digital
arstechnica.com
acdn.adnxs.com
6 dp8hsntg6do36.cloudfront.net arstechnica.com
player-frontend.cnevids.com
6 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
arstechnica.com
6 s.amazon-adsystem.com 3 redirects u.openx.net
ssum-sec.casalemedia.com
arstechnica.com
6 www.facebook.com arstechnica.com
6 pixel.tapad.com 5 redirects arstechnica.com
6 cdn.cookielaw.org arstechnica.com
cdn.cookielaw.org
5 pr-bh.ybp.yahoo.com 4 redirects u.openx.net
5 ch-trc-events.taboola.com arstechnica.com
cdn.taboola.com
5 analytics.tiktok.com arstechnica.com
analytics.tiktok.com
4 match.prod.bidr.io 4 redirects
4 us-u.openx.net u.openx.net
arstechnica.com
4 tpc.googlesyndication.com ad.doubleclick.net
tpc.googlesyndication.com
4 googleads4.g.doubleclick.net ad.doubleclick.net
4 px.ads.linkedin.com 1 redirects arstechnica.com
eb2.3lift.com
4 player-frontend.cnevids.com player.cnevids.com
player-frontend.cnevids.com
4 x.bidswitch.net 3 redirects eb2.3lift.com
4 pixel.quantserve.com arstechnica.com
4 trc.taboola.com 1 redirects cdn.taboola.com
arstechnica.com
4 z.moatads.com ads-static.conde.digital
securepubads.g.doubleclick.net
player-frontend.cnevids.com
3 px.moatads.com arstechnica.com
3 ssum-sec.casalemedia.com 1 redirects js-sec.indexww.com
ssum-sec.casalemedia.com
3 idsync.rlcdn.com 1 redirects sync.teads.tv
condenast.demdex.net
3 loadm.exelator.com 3 redirects
3 s0.2mdn.net arstechnica.com
imasdk.googleapis.com
3 imasdk.googleapis.com player.cnevids.com
imasdk.googleapis.com
3 u.openx.net 2 redirects ads-static.conde.digital
3 sync-t1.taboola.com arstechnica.com
3 dis.criteo.com 3 redirects
3 image2.pubmatic.com 2 redirects arstechnica.com
3 a.teads.tv securepubads.g.doubleclick.net
a.teads.tv
3 pixel.adsafeprotected.com static.adsafeprotected.com
3 connect.facebook.net arstechnica.com
connect.facebook.net
player-frontend.cnevids.com
3 c.amazon-adsystem.com ads-static.conde.digital
c.amazon-adsystem.com
3 static.adsafeprotected.com arstechnica.com
ads-static.conde.digital
player.cnevids.com
3 t.skimresources.com arstechnica.com
s.skimresources.com
3 player.cnevids.com arstechnica.com
cdn.arstechnica.net
player.cnevids.com
2 sync.crwdcntrl.net 2 redirects
2 ads.scorecardresearch.com 2 redirects
2 px.owneriq.net 2 redirects
2 tag.yieldoptimizer.com 2 redirects
2 trx-hub.com arstechnica.com
2 pubads.g.doubleclick.net player-frontend.cnevids.com
imasdk.googleapis.com
2 analytics.google.com www.googletagmanager.com
2 www.google.ca arstechnica.com
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 4d.condenastdigital.com pixel.condenastdigital.com
2 ups.analytics.yahoo.com 2 redirects
2 eus.rubiconproject.com ads-static.conde.digital
eus.rubiconproject.com
2 aa.agkn.com 1 redirects sync.teads.tv
2 load77.exelator.com sync.teads.tv
arstechnica.com
2 ad.doubleclick.net www.googletagservices.com
2 id.hadron.ad.gt cdn.hadronid.net
2 t.teads.tv arstechnica.com
2 pb-logs.media.net arstechnica.com
2 tr.outbrain.com amplify.outbrain.com
2 static.criteo.net ads-static.conde.digital
static.criteo.net
2 qsearch-a.akamaihd.net arstechnica.com
2 rtb.mfadsrvr.com 2 redirects
2 uipglob.semasio.net 2 redirects
2 trace.mediago.io 2 redirects
2 ih.adscale.de 2 redirects
2 bidder.criteo.com ads-static.conde.digital
2 ad.360yield.com 2 redirects
2 bh.contextweb.com 1 redirects arstechnica.com
2 secure.adnxs.com 2 redirects
2 api.sail-personalize.com ak.sail-horizon.com
2 planebasin.com shiverscissors.com
2 pixel.condenastdigital.com arstechnica.com
2 snap.licdn.com arstechnica.com
snap.licdn.com
2 a.ad.gt www.googletagmanager.com
p.ad.gt
2 assoc-na.associates-amazon.com z-na.associates-amazon.com
2 elsa.memoinsights.com cdn.memo.co
2 p.skimresources.com arstechnica.com
2 api.cnevids.com cdn.arstechnica.net
2 www.googletagmanager.com arstechnica.com
www.googletagmanager.com
2 geolocation.onetrust.com cdn.cookielaw.org
2 polarcdn-terrax.com arstechnica.com
cdn.mediavoice.com
2 ads-static.conde.digital arstechnica.com
ads-static.conde.digital
2 arstechnica.com pixel.condenastdigital.com
1 global.ib-ibi.com arstechnica.com
1 pixel.onaudience.com 1 redirects
1 dmp.v.fwmrm.net arstechnica.com
1 usermatch.krxd.net 1 redirects
1 aorta.clickagy.com 1 redirects
1 abp.mxptint.net 1 redirects
1 fei.pro-market.net 1 redirects
1 cms.quantserve.com 1 redirects
1 analytics.twitter.com arstechnica.com
1 idpix.media6degrees.com 1 redirects
1 dp2.33across.com 1 redirects
1 x.dlx.addthis.com 1 redirects
1 su.addthis.com 1 redirects
1 sync.mathtag.com 1 redirects
1 www.google.com arstechnica.com
1 ampcid.google.ca www.google-analytics.com
1 infinityid.condenastdigital.com pixel.condenastdigital.com
1 c.bing.com eb2.3lift.com
1 ampcid.google.com www.google-analytics.com
1 prebid.a-mo.net arstechnica.com
1 sync.ipredictive.com 1 redirects
1 live.primis.tech arstechnica.com
1 hb.yahoo.net arstechnica.com
1 match.sharethrough.com arstechnica.com
1 aax-eu.amazon-adsystem.com arstechnica.com
1 cdn.indexww.com ssum-sec.casalemedia.com
1 d.adroll.com ssum-sec.casalemedia.com
1 rtb.adentifi.com ssum-sec.casalemedia.com
1 acdn.adnxs.com ads-static.conde.digital
1 js-sec.indexww.com ads-static.conde.digital
1 sync.springserve.com sync.teads.tv
1 beacon.krxd.net sync.teads.tv
1 tags.bluekai.com sync.teads.tv
1 www.linkedin.com 1 redirects
1 pixels.ad.gt p.ad.gt
1 cds.taboola.com cdn.taboola.com
1 wave.outbrain.com amplify.outbrain.com
1 pips.taboola.com cdn.taboola.com
1 match.taboola.com arstechnica.com
1 inv-nets.admixer.net 1 redirects
1 image6.pubmatic.com 1 redirects
1 rtb.gumgum.com 1 redirects
1 sync.go.sonobi.com 1 redirects
1 simage2.pubmatic.com arstechnica.com
1 ssbsync.smartadserver.com arstechnica.com
1 tg.socdm.com 1 redirects
1 fpa-events.arstechnica.com arstechnica.com
1 p1.parsely.com arstechnica.com
1 tlx.3lift.com ads-static.conde.digital
1 prebid.media.net ads-static.conde.digital
1 script.hotjar.com static.hotjar.com
1 p.ad.gt a.ad.gt
1 cdn.hadronid.net a.ad.gt
1 ct.pinterest.com arstechnica.com
1 f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 googlesync.permutive.com arstechnica.com
1 rules.quantcount.com secure.quantserve.com
1 cdn.permutive.com cdn.permutive.app
1 fpa-cdn.arstechnica.com cdn.cookielaw.org
1 mb.moatads.com z.moatads.com
1 cm.everesttech.net 1 redirects
1 condenast.demdex.net arstechnica.com
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 amplify.outbrain.com arstechnica.com
1 cdn-magiclinks.trackonomics.net arstechnica.com
1 static.hotjar.com arstechnica.com
1 ak.sail-horizon.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 api.condenast.io player.cnevids.com
1 plugin.mediavoice.com cdn.mediavoice.com
1 gum.criteo.com cdn.taboola.com
1 segment-data.zqtk.net ads-static.conde.digital
1 cdn.permutive.app ads-static.conde.digital
1 z-na.associates-amazon.com www.googletagmanager.com
1 r.skimresources.com s.skimresources.com
1 cdn.memo.co arstechnica.com
1 shiverscissors.com arstechnica.com
1 s.skimresources.com arstechnica.com
1 cdn.mediavoice.com 1 redirects
0 sync.search.spotxchange.com Failed arstechnica.com
0 p.adsymptotic.com Failed arstechnica.com
0 rtb.openx.net Failed ads-static.conde.digital
0 htlb.casalemedia.com Failed ads-static.conde.digital
0 fastlane.rubiconproject.com Failed ads-static.conde.digital
0 aax.amazon-adsystem.com Failed c.amazon-adsystem.com
0 sstats.arstechnica.com Failed arstechnica.com
0 bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co Failed cdn.permutive.app
0 tag.bounceexchange.com Failed arstechnica.com
0 www.datadoghq-browser-agent.com Failed ads-static.conde.digital
0 pippio.com Failed arstechnica.com
0 static.ads-twitter.com Failed www.googletagmanager.com
478 192
Subject Issuer Validity Valid
*.arstechnica.com
Amazon RSA 2048 M01		 2023-09-28 -
2024-10-25		 a year crt.sh
*.cachefly.net
GlobalSign RSA OV SSL CA 2018		 2022-11-01 -
2023-12-03		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
ads-static.conde.digital
Amazon RSA 2048 M02		 2023-03-20 -
2024-04-17		 a year crt.sh
*.skimresources.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-25 -
2023-11-08		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-12-13 -
2023-12-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
shiverscissors.com
R3		 2023-08-31 -
2023-11-29		 3 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-08 -
2023-12-31		 a year crt.sh
cnevideos.com
Amazon RSA 2048 M02		 2023-02-28 -
2023-12-29		 10 months crt.sh
memo.co
Amazon RSA 2048 M02		 2023-03-28 -
2024-04-25		 a year crt.sh
*.cnevids.com
Amazon RSA 2048 M02		 2023-08-18 -
2024-09-14		 a year crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
assoc-na.associates-amazon.com
Amazon RSA 2048 M01		 2023-03-08 -
2024-03-07		 a year crt.sh
moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-16 -
2023-11-18		 a year crt.sh
permutive.app
Cloudflare Inc ECC CA-3		 2023-09-07 -
2023-12-06		 3 months crt.sh
*.zqtk.net
Amazon RSA 2048 M01		 2023-06-18 -
2024-07-15		 a year crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2023-12-23		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-16 -
2024-05-15		 a year crt.sh
condenast.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-06-13 -
2024-07-14		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
memoinsights.com
Amazon RSA 2048 M02		 2023-03-28 -
2024-04-25		 a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
quantserve.com
R3		 2023-08-29 -
2023-11-27		 3 months crt.sh
ak.sail-horizon.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-01-16		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-07-28 -
2023-10-26		 3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.trackonomics.net
Sectigo RSA Domain Validation Secure Server CA		 2022-12-01 -
2023-12-01		 a year crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-09 -
2024-02-11		 a year crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2023-02-20 -
2024-03-20		 a year crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M01		 2023-03-29 -
2024-04-27		 a year crt.sh
*.moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-06-20 -
2024-07-20		 a year crt.sh
a.api.permutive.app
R3		 2023-09-10 -
2023-12-09		 3 months crt.sh
fpa-events.arstechnica.com
Amazon RSA 2048 M02		 2023-03-27 -
2024-04-24		 a year crt.sh
permutive.com
Cloudflare Inc ECC CA-3		 2023-01-26 -
2024-01-25		 a year crt.sh
planebasin.com
R3		 2023-08-07 -
2023-11-05		 3 months crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-08-07		 a year crt.sh
teads.tv
R3		 2023-10-09 -
2024-01-07		 3 months crt.sh
api.sail-personalize.com
Amazon RSA 2048 M01		 2023-04-25 -
2024-05-23		 a year crt.sh
hadronid.net
GTS CA 1P5		 2023-10-05 -
2024-01-03		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
prebid.media.net
GTS CA 1D4		 2023-08-31 -
2023-11-29		 3 months crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
*.parsely.com
R3		 2023-09-10 -
2023-12-09		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2023-04-20 -
2024-05-20		 a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-10 -
2024-05-09		 a year crt.sh
a248.e.akamai.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-05-16 -
2024-05-15		 a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-09 -
2024-01-06		 3 months crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-10 -
2024-02-18		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
odc-pixel-prod-01.oracle.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-07 -
2024-02-08		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
*.agkn.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2023-09-07 -
2024-09-29		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-14 -
2024-04-12		 a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3		 2023-09-05 -
2024-09-03		 a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2023-03-27 -
2024-04-26		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh
adentifi.com
Amazon RSA 2048 M01		 2023-07-06 -
2024-08-03		 a year crt.sh
d.adroll.com
Amazon RSA 2048 M01		 2023-10-09 -
2024-11-06		 a year crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-06-21 -
2024-03-02		 8 months crt.sh
*.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2023-06-02 -
2023-12-02		 6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 05		 2023-07-26 -
2024-01-22		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
infinityid.condenastdigital.com
Amazon RSA 2048 M01		 2023-03-21 -
2024-04-18		 a year crt.sh
4d.condenastdigital.com
Amazon RSA 2048 M01		 2022-12-19 -
2024-01-17		 a year crt.sh
conde.io
Amazon RSA 2048 M02		 2023-06-27 -
2024-07-25		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.trx-hub.com
Amazon RSA 2048 M02		 2023-01-21 -
2024-02-19		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-31 -
2024-01-30		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-09 -
2023-12-10		 a year crt.sh
*.ib-ibi.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-21 -
2024-04-02		 a year crt.sh

This page contains 20 frames:

Primary Page: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Frame ID: 9E0BE8F856998CB517E0017072375682
Requests: 297 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.7028217150345613
Frame ID: 44DF8FB8A952A093BB8B0D2FBBA7AB88
Requests: 1 HTTP requests in this frame

Frame: https://condenast.demdex.net/dest5.html?d_nsid=0
Frame ID: BE7025BD7E89868AC4A5F0AF61638BDE
Requests: 37 HTTP requests in this frame

Frame: https://f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4FFADDFEF839C55CDF2AC30436E8F79E
Requests: 1 HTTP requests in this frame

Frame: https://a.teads.tv/page/11552/tag
Frame ID: 47582EF38F422FDEB84D104727F3F129
Requests: 3 HTTP requests in this frame

Frame: https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZTEkIcCo8XYAALgU9wkAAAAA
Frame ID: AAD2BE7E592E718A518DAD236DB42409
Requests: 17 HTTP requests in this frame

Frame: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Frame ID: D92987D5C6087791CC55FE836DABE9DF
Requests: 12 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 721831170B8A7CD6435E8886D7FA77C8
Requests: 27 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstLarzZpgcl35qC4RxGylvdhiGv-mdgATi1moQqgb5wnMdZdN5lh6ZNYPVwxl8PJ_ot-Tp0QJaa9tPpDljJO3P_eUd31qOHoa5lMBBNU64dER2Gd3VeDOHidmBYOVQZ25i_H4-HKH6rhVC7atcHmOKWD9b0DHFRsldUAA7d_L0B6f1eNi-O9kR1IVzuLOGg4i4oyDxNCpS8oqNYFfc1hpDYhnvEaNjp25AF0RVbvr5uW6I8Rlcu9Tu1am_4by9OX6OuDc2bb28zjTzctsSlNhiX4lTd6q58IU4BT5ZCgEvzQTAAN61aKncUzli4YlsRXF7FJbTQjVYBAatkA2mEmw_AGBQzpS_LCRWtLfE9eBmZQF05lt0VKN3NA0x-Yw&sai=AMfl-YTurqIZOF895qYEekaHHWZ2AjuUmdOhkAK9rjejS8wnqDYqsCzfOVcnZ2l4FzShWhCuB9aWXW0V2g_UPv6a7NzbuR6oyzTBTYatwcK4fkKCWjuDzU8niy8NUMe0WYE&sig=Cg0ArKJSzKBUXxWC3LttEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: AD5B40F2DA6667E7E4158CF8AFD90C0E
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstmrDBleh64YUQA1aiNobBuzjPmdmX7CwIL_tmk_ahz_RvXb6XI2CbcuzGXIsQztAdtxT65WM3Ewn2ZP_iLcQaE5mmUjcaf98RIt0qSqBDFXRtV6N_5r8RCOyuVn9xpzqTAJHko6ofRcxvVCrG-ZzdfvGrwIwzuVxPijAzv8L89_IvGKw4kPhDKX2EvAdrPvR1sqfQSVrUy9QwzHIalY7lWsDRWDeNGlXA34xXVyrqi7qqlSlAmKOA_LpsfgXsYNtIq4prbLnspGWpWoYay_IpLT6weFtyQUM3MVhf-E48TKbO1Ig0w318jwZbyecdzaY4_oP5ywPiaoEFDNhDzyn8Gt0mmZtFHfH4JX66xuczPCSLlgnhLsnkCC5RcdQ&sai=AMfl-YRlSb6WvHkZzYlJake4FrLt-w-6LqXzBg2ZkzhH1a5swMetsJBj0k7cLH8WXRqHXgFDG-h4HPw68EgiG2veNHucD_bvRgE0VQhIb3VnKN0naNBp8_JL_dRVez72MXY&sig=Cg0ArKJSzLo5WgBWtPRvEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 9BB9DB05E3B941D10BB48284C0189AE4
Requests: 15 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 1818146BFFAFF311AE365EB56FCD0E47
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Frame ID: BFEFE7723CC8FFD409549C824764952A
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 674CE99BD4627A9BC1B29813B6934789
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Frame ID: E16DAAC6C5647E4C84DBF70CB22CFE00
Requests: 19 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Frame ID: 6248F074AC615FF27EA55B4184EA935D
Requests: 11 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 4BA3802B190507623BE9620D065E7498
Requests: 10 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.595.0_en.html
Frame ID: E3E2C2E1B88A61B53D3D2B91C323EA01
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D70D67B482D17B424BA71353E16BD16E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3117662E38D2C7A27905F06178618E3A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 82E385AC5535B06A2CB9ED21EBA3D0BC
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

478
Requests

74 %
HTTPS

0 %
IPv6

117
Domains

192
Subdomains

128
IPs

6
Countries

7162 kB
Transfer

18437 kB
Size

165
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js HTTP 301
  • https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Request Chain 127
  • https://idsync.rlcdn.com/709387.gif?partner_uid=undefined&gtmcb=2085460807 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CIumKxIVChEIARCFvQkaCXVuZGVmaW5lZBAAGg0IoMjEqQYSBQjoBxAAQgBKAA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=f05e7c1e284e94d742f973e0684d9be6051c26a07c9c33816e2de758d0f46eda791426b5417dce21&_=2
Request Chain 141
  • https://cm.everesttech.net/cm/dd?d_uuid=34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZTEkHQAAALZE5wN_
Request Chain 159
  • https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm&type=ddp&k=3c5b06e3-9636-482d-9481-33025da5def5&u=0d0f53e2-8056-4315-afc6-5d135b997184 HTTP 302
  • https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEBZ_KgDpXdPtH8Ab5Jvjqx0&error=&type=ddp&k=3c5b06e3-9636-482d-9481-33025da5def5&u=0d0f53e2-8056-4315-afc6-5d135b997184&google_cver=1
Request Chain 171
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&adnxs_id=$UID&gdpr=0 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26adnxs_id%3D%24UID%26gdpr%3D0 HTTP 302
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&adnxs_id=2587657505101497831&gdpr=0
Request Chain 172
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001697719325-1FM99NM9-7HUZ&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001697719325-1FM99NM9-7HUZ&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/t_match?tdid=f9a8042c-c9a0-4948-ac45-f91d636ac944&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Request Chain 173
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001697719325-1FM99NM9-7HUZ HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001697719325-1FM99NM9-7HUZ HTTP 302
  • https://ids.ad.gt/api/v1/pbm_match?pbm=C18A64E5-70A4-44C7-A2DF-1C891A6DCB07&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Request Chain 175
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001697719325-1FM99NM9-7HUZ&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001697719325-1FM99NM9-7HUZ&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=799ee752-e8b5-42ef-94ee-452166b4bfab%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fid%25253DAU1D-0100-001697719325-1FM99NM9-7HUZ%252526tapad_id%25253D799ee752-e8b5-42ef-94ee-452166b4bfab%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=799ee752-e8b5-42ef-94ee-452166b4bfab%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fid%25253DAU1D-0100-001697719325-1FM99NM9-7HUZ%252526tapad_id%25253D799ee752-e8b5-42ef-94ee-452166b4bfab%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttd_puid=799ee752-e8b5-42ef-94ee-452166b4bfab%2Chttps%253A%252F%252Fids.ad.gt%252Fapi%252Fv1%252Ftapad_match%253Fid%253DAU1D-0100-001697719325-1FM99NM9-7HUZ%2526tapad_id%253D799ee752-e8b5-42ef-94ee-452166b4bfab%2C HTTP 302
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&tapad_id=799ee752-e8b5-42ef-94ee-452166b4bfab
Request Chain 176
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001697719325-1FM99NM9-7HUZ HTTP 302
  • https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&google_gid=CAESECwrHur-0DkHeAqO_x1tikg&google_cver=1&google_ula=450542624,0
Request Chain 177
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001697719325-1FM99NM9-7HUZ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY5NzcxOTMyNS0xRk05OU5NOS03SFVa
Request Chain 178
  • https://trc.taboola.com/sg/audigent/1/cm?redirect=http%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Ftaboola%3Fpartner_uid%3D%3CTUID%3E%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ HTTP 302
  • https://ids.ad.gt/api/v1/taboola?partner_uid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b?id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Request Chain 179
  • https://bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001697719325-1FM99NM9-7HUZ HTTP 302
  • https://ids.ad.gt/api/v1/ppnt_match?uid=lnMVtV6triGM&ev=1&pid=562316&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Request Chain 180
  • https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26impr_uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26impr_uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&impr_uid=a9498315-4021-4aa6-aaef-69b30ce42fe2
Request Chain 215
  • https://tg.socdm.com/aux/idsync?proto=taboola HTTP 302
  • https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZTEkIcCo8XYAALgU9wkAAAAA
Request Chain 216
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__ HTTP 302
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__&nut&uu=c17a9a0da91544cc85c52a70b450fe9f HTTP 302
  • https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=c17a9a0da91544cc85c52a70b450fe9f
Request Chain 218
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698 HTTP 302
  • https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LNX694ZK-1C-FIOA
Request Chain 219
  • https://pr-bh.ybp.yahoo.com/sync/taboola/6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b?gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-AEqXIzFE2oTGYN1FOQ0xNYamqhYkaJ8llr3OsA--~A
Request Chain 220
  • https://trace.mediago.io/ju/cs/taboola HTTP 302
  • https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=afe098ab3733be052dzc2g00lnx6981z
Request Chain 221
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
  • https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESENjbo7vBbViQunNBcASyqM4&google_cver=1
Request Chain 223
  • https://sync.taboola.com/sg/google-network/1/rtb/?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
Request Chain 224
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f9a8042c-c9a0-4948-ac45-f91d636ac944
Request Chain 226
  • https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&gdpr=0&gdpr_consent=&us_privacy=1---&gpp=&gpp_sid=&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&gdpr=0&gdpr_consent=&us_privacy=1---
Request Chain 227
  • https://id5-sync.com/s/464/9.gif?puid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
  • https://id5-sync.com/c/464/464/7/1.gif?puid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://uipglob.semasio.net/id5/1/get?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F6%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://uipglob.semasio.net/id5/1/get2?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F6%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/464/112/6/2.gif?puid=9AC7735EB9337274&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F434%2F5%2F3.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&consent= HTTP 302
  • https://id5-sync.com/c/464/434/5/3.gif?puid=fdcf140f-0fe6-4858-9f2d-2fa16adfb8b8&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F441%2F4%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/441/4/4.gif?puid=u_db69b023-30aa-48e0-a1d9-2aa2ba1d5ded&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/464/2/3/5.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/2/3/5.gif?puid=2587657505101497831&gdpr=0&gdpr_consent= HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F429%2F2%2F6.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
  • https://id5-sync.com/c/464/429/2/6.gif?puid=C18A64E5-70A4-44C7-A2DF-1C891A6DCB07&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F1%2F7.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/108/1/7.gif?puid=799ee752-e8b5-42ef-94ee-452166b4bfab&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttl=%%TTL%% HTTP 302
  • https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-988eSOxfZZPeuZVUjj-jVXFrDDFOggkuL6Wu_Piu-g
Request Chain 228
  • https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=0&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dtaboola%26bsw_param%3Db34e2818-48d7-42a0-96b6-6b342bc67604%26gdpr%3D0%26consent%3D%26gdpr_pd%3D%26expires%3D7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=044da294b98c4c0d82076bebc05574cb&ssp=taboola&bsw_param=b34e2818-48d7-42a0-96b6-6b342bc67604&gdpr=0&consent=&gdpr_pd=&expires=7 HTTP 302
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=b34e2818-48d7-42a0-96b6-6b342bc67604&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Request Chain 229
  • https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
  • https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=c7f82738-1dfe-4ea0-944e-e955d69c3dd0 HTTP 302
  • https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=c7f82738-1dfe-4ea0-944e-e955d69c3dd0&tbid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&query=taboola_hm%3Dc7f82738-1dfe-4ea0-944e-e955d69c3dd0&isDirect=0
Request Chain 230
  • https://eb2.3lift.com/xuid?mid=7772&xuid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&dongle=tbla&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=7772&xuid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=1---
Request Chain 231
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26orig%3Dvideo%26taboola_hm%3D HTTP 302
  • https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=e2bcfedc-1c62-0cc6-117f-58c5b90d065e
Request Chain 269
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1697719327352&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D434737%26time%3D1697719327352%26url%3Dhttps%253A%252F%252Farstechnica.com%252Fsecurity%252F2023%252F10%252Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1697719327352&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&liSync=true
Request Chain 289
  • https://sync.teads.tv/um?eid=3&fp=1&uid=&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D&gdpr=0&gdpr_consent=&us_privacy=1---&_t=1697719327993 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YWFlNmE5NGUtZWU5ZC00MDQ5LWEyMjYtOGU1NDE3Nzg4ZTVh&us_privacy=1---
Request Chain 290
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=teads&ttd_tpi=1&gdpr=0&gdpr_consent=&_t=1697719327993 HTTP 302
  • https://sync.teads.tv/um?eid=22&uid=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=
Request Chain 291
  • https://dis.criteo.com/dis/usersync.aspx?r=79&p=145&cp=teads&cu=1&url=https%3A%2F%2Fsync.teads.tv%2Fum%3Ffp%3D1%26eid%3D80%26uid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent=&_t=1697719327993 HTTP 302
  • https://sync.teads.tv/um?fp=1&eid=80&uid=a05261df-e4fa-4944-8bb0-b6f8662218f4&gdpr=0&gdpr_consent=
Request Chain 292
  • https://pr-bh.ybp.yahoo.com/sync/teads/aae6a94e-ee9d-4049-a226-8e5417788e5a?gdpr=0&gdpr_consent=&_t=1697719327993 HTTP 302
  • https://sync.teads.tv/um?eid=132&uid=y-IVzlnwxE2oTb5xn6wcJUcRwX_BRjKxkWJhc-~A
Request Chain 293
  • https://loadm.exelator.com/load/?p=204&g=810&j=0&buid=aae6a94e-ee9d-4049-a226-8e5417788e5a_us_ca&gdpr_consent=&us_privacy=1---&_t=1697719327993 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=810&j=0&buid=aae6a94e-ee9d-4049-a226-8e5417788e5a_us_ca&gdpr_consent=&us_privacy=1---&_t=1697719327993&xl8blockcheck=1 HTTP 302
  • https://load77.exelator.com/pixel.gif
Request Chain 298
  • https://sync.teads.tv/um?fp=1&ssb_provider_id=1&uid=&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&fb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000024%26uuid%3D%5BVID%5D&gdpr=0&gdpr_consent=&us_privacy=1---&_t=1697719327993 HTTP 302
  • https://sync.springserve.com/usersync?aid=1000024&uuid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---
Request Chain 299
  • https://sync.teads.tv/um?fp=1&ssb_provider_id=3&google_nid=teadstv_ab&uid=&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&gdpr=0&gdpr_consent=&us_privacy=1---&_t=1697719327993 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=YWFlNmE5NGUtZWU5ZC00MDQ5LWEyMjYtOGU1NDE3Nzg4ZTVh&us_privacy=1--- HTTP 302
  • https://sync.teads.tv/um/report?ssb_provider_id=3&google_nid=teadstv_ab&fp=1
Request Chain 314
  • https://u.openx.net/w/1.0/pd?us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba HTTP 302
  • https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Request Chain 317
  • https://eb2.3lift.com/sync?us_privacy=1---& HTTP 302
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Request Chain 318
  • https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Request Chain 320
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
Request Chain 322
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=3d506182-eac9-866b-a3df-dbd47043690a HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=3d506182-eac9-866b-a3df-dbd47043690a&dcc=t
Request Chain 323
  • https://match.adsrvr.org/track/cmf/openx?oxid=65861dff-f663-3d91-63d1-59431870a2ea&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttd_puid=65861dff-f663-3d91-63d1-59431870a2ea&gdpr=0&gdpr_consent=
Request Chain 325
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOJKbaG4bTsVZPDsdNHSKu0&google_cver=1
Request Chain 326
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEOsKCytSzsxlzyeGWJMF4Ss&google_cver=1
Request Chain 327
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f9a8042c-c9a0-4948-ac45-f91d636ac944&expiration=1700311329&gdpr=0&gdpr_consent=
Request Chain 328
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZTEkIZQ-ZbquyGLs87LjvAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM89x6ZNcM1veZZsG46r_7w&google_cver=1
Request Chain 329
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gpp=&gpp_sid=&dcc=t
Request Chain 331
  • https://match.prod.bidr.io/cookie-sync/ie HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALFH07KYkgAABp9jQkCKw&expiration=1698928931
Request Chain 332
  • https://trace.mediago.io/ju/cs/indexexchange HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=afe098ab31f103f52r3j8c00lnx6981y
Request Chain 342
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE5YNjk0WkstMUMtRklPQQ==&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHEvn7xYmKWWumHWAkQ8rbM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5YNjk0WkstMUMtRklPQQ==&google_push=
Request Chain 343
  • https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDA3ZDU2NWYzNmZiZjRmMTc0MTQ2NDQxNmYwZDcxMDQ5ODczMTZjNw&us_privacy=1---
Request Chain 344
  • https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=&expires=30
Request Chain 345
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHWSGyIEmJHVKvUk1VS2dcw&google_cver=1
Request Chain 346
  • https://token.rubiconproject.com/token?pid=36584&us_privacy=1--- HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LNX694ZK-1C-FIOA&us_privacy=1---
Request Chain 347
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=FiLLnMhhSHi1rc_9qRNVGQ&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FiLLnMhhSHi1rc_9qRNVGQ
Request Chain 348
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1--- HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/ugHPhKlJC6WrC94l5SeZuMn5EUdSAgOZEtemQ7w0kco?csrc=&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-1Qd0.cNE2oJYiaVKDztiazTgkV.JoM0zbL4UAw--~A
Request Chain 350
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&us_privacy=1--- HTTP 303
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&us_privacy=1---&_bee_ppp=1 HTTP 303
  • https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEyrU7KYkgAABxDkiALIQ&expires=30
Request Chain 351
  • https://token.rubiconproject.com/token?pid=37556&a=1&us_privacy=1--- HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LNX694ZK-1C-FIOA&us_privacy=1---
Request Chain 352
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694&us_privacy=1--- HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LNX694ZK-1C-FIOA&us_privacy=1---
Request Chain 353
  • https://token.rubiconproject.com/token?pid=26594&us_privacy=1--- HTTP 302
  • https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LNX694ZK-1C-FIOA&redir=true&us_privacy=1--- HTTP 302
  • https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LNX694ZK-1C-FIOA&redir=true&us_privacy=1--- HTTP 302
  • https://hb.yahoo.net/cksync?cs=63&axid_e=eS12a21TcFk1RTJ1SHdvampuVzdydmdhOHJlLlhwWmhkbX5B&ovsid=LNX694ZK-1C-FIOA&dpid=58160&us_privacy=1---
Request Chain 354
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis&us_privacy=1--- HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LNX694ZK-1C-FIOA&us_privacy=1---
Request Chain 355
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=4d8d0e3a-1f42-4d05-a0c1-36418d686e12&expires=30&us_privacy=1---
Request Chain 356
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&us_privacy=1--- HTTP 302
  • https://prebid.a-mo.net/setuid/magnite?uid=LNX694ZK-1C-FIOA&us_privacy=1---
Request Chain 357
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn&us_privacy=1--- HTTP 302
  • https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LNX694ZK-1C-FIOA&us_privacy=1---
Request Chain 362
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3658&xuid=f9a8042c-c9a0-4948-ac45-f91d636ac944&dongle=0cfd&gdpr=0&gdpr_consent=
Request Chain 363
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzI0MzkzMDU3MTc4MzUyNzUwNTYy HTTP 302
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Request Chain 364
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFs9sjJ73W11_EQJSt7Z2e0&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 365
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzI0MzkzMDU3MTc4MzUyNzUwNTYy
Request Chain 367
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/324393057178352750562?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-eK_dblpE2oTGH8t8tK_1T.fenQWBjJTqHzH0X5M94A--~A&dongle=0883
Request Chain 370
  • https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=1---&gpp=${GPP_STRING_28}&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3D%40%40CRITEO_USERID%40%40%26dongle%3D013b HTTP 302
  • https://eb2.3lift.com/xuid?mid=2711&xuid=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=1---
Request Chain 371
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3335&xuid=2587657505101497831&dongle=4d58&gdpr=0&gdpr_consent=
Request Chain 440
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=213690604674005760427
Request Chain 441
  • https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=34431699753981877840035079370966194637&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=269&dpuuid=77376531-242c-4b00-a1e6-022bbb3c0cb5&ddsuuid=34431699753981877840035079370966194637
Request Chain 443
  • https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=34431699753981877840035079370966194637 HTTP 302
  • https://load77.exelator.com/pixel.gif
Request Chain 444
  • https://su.addthis.com/red/usync?pid=16&puid=34431699753981877840035079370966194637&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D420%26dpuuid%3D%7B%7Buid%7D%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=420&dpuuid=6531242cedd3fd31
Request Chain 445
  • https://idsync.rlcdn.com/365868.gif?partner_uid=34431699753981877840035079370966194637 HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=214fc648dea0fd0c46e99dcc6e1c813b00a895d9fd349d473fdc4b464149103db0da87c991749652
Request Chain 446
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=2587657505101497831
Request Chain 448
  • https://token.rubiconproject.com/token?pid=6404&puid=34431699753981877840035079370966194637&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=481&dpuuid=LNX694ZK-1C-FIOA?gdpr=0
Request Chain 449
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=34431699753981877840035079370966194637&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20 HTTP 301
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2023101912422000016192731653
Request Chain 450
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=799ee752-e8b5-42ef-94ee-452166b4bfab
Request Chain 451
  • https://dp2.33across.com/ps/?pid=897&random=1552049203 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=601&dpuuid=212313511602561&random=1697719340
Request Chain 453
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzQ0MzE2OTk3NTM5ODE4Nzc4NDAwMzUwNzkzNzA5NjYxOTQ2Mzc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKGnO7X79LFZFRe57890P48&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 454
  • https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=992&dpuuid=18gopqxptl8xa
Request Chain 456
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=arstechnica.com&ttd_tpi=1 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=903&dpuuid=f9a8042c-c9a0-4948-ac45-f91d636ac944
Request Chain 457
  • https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=eoxrGX6NaU1hjjlJeo11HH-BaR1h2D0ZeY-rGOMK
Request Chain 459
  • https://tag.yieldoptimizer.com/ps/ps?t=i&p=2233 HTTP 302
  • https://tag.yieldoptimizer.com/ps/ps?tc=371328481&t=i&p=2233 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2030681741874
Request Chain 460
  • https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=575&dpuuid=3318734539864493205
Request Chain 461
  • https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7510057411042118612&uid=Q7510057411042118612&ref=%2Feucm%2Fp%2Fadpq HTTP 302
  • https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7510057411042118612
Request Chain 462
  • https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=34431699753981877840035079370966194637&rn=1697719323823&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D34431699753981877840035079370966194637 HTTP 302
  • https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=34431699753981877840035079370966194637&rn=1697719323823&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=73426&dpuuid=34431699753981877840035079370966194637
Request Chain 463
  • https://abp.mxptint.net/sn.ashx HTTP 302
  • https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R35CAB_10ACBAF21_2585BDCB&redir=https://abp.mxptint.net/sn.ashx?ak=1
Request Chain 464
  • https://aorta.clickagy.com/pixel.gif?ch=124&cm=34431699753981877840035079370966194637&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D79908%26dpuuid%3D%7Bvisitor_id%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:84888ba07ff8c65fce2ee74b5335ee14
Request Chain 465
  • https://usermatch.krxd.net/um/v2?partner=adobe&id=34431699753981877840035079370966194637 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=66757?id=34431699753981877840035079370966194637&dpuuid=P3ULRs0Y
Request Chain 466
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=34431699753981877840035079370966194637?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=34431699753981877840035079370966194637?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=e4fdfa95c53e1e783d66048731a1745b
Request Chain 468
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WlRFa0hRQUFBTFpFNXdOXw==
Request Chain 469
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZTEkHQAAALZE5wN_&expires=90
Request Chain 470
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZTEkHQAAALZE5wN_
Request Chain 471
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://ib.adnxs.com/setuid?entity=158&code=ZTEkHQAAALZE5wN_
Request Chain 472
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
Request Chain 473
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZTEkHQAAALZE5wN_
Request Chain 474
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZTEkHQAAALZE5wN_&img=1
Request Chain 475
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZTEkHQAAALZE5wN_&t=2592000&o=0
Request Chain 476
  • https://pixel.onaudience.com/?partner=130&mapped=34431699753981877840035079370966194637&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D161033%26dpuuid%3D%25m HTTP 302
  • https://dpm.demdex.net/ibs:dpid=161033&dpuuid=

478 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		60 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.17.33.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-17-33-209.us-east-2.compute.amazonaws.com
Software
nginx/1.23.4 / PHP/8.1.19
Resource Hash
73e720621380a4e2d1d1f2264e86866385107549c4d96fdcbe55cd2f6a348c0c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 19 Oct 2023 12:42:02 GMT
link
<https://arstechnica.com/wp-json/wp/v2/posts/1977141>; rel="alternate"; type="application/json"
server
nginx/1.23.4
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/8.1.19
x-xss-protection
1; mode=block
main-1eae76c908.css
cdn.arstechnica.net/wp-content/themes/ars/assets/css/ 		337 KB
71 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
61fa63adf47d4b3d236cdff13deaa504de0546485106eaa1f0e98b1786815670

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697446037
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
c5282ff608e9e0bceb96c6210bd8ec2c
content-length
72292
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
W/"651ee237-5448b"
content-type
text/css
access-control-allow-origin
*
cf4age
908984
accept-ranges
bytes
x-cf-rand
2.068
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
h6ThlO7ea17v6JNPXbI1zQ==
age
80542
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6822
x-ms-lease-status
unlocked
last-modified
Tue, 17 Oct 2023 03:32:40 GMT
server
cloudflare
etag
0x8DBCEC1B778F120
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
39ab5dcb-301e-008d-1533-010e51000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
818919491bf739c3-YYZ
otCCPAiab.js
cdn.cookielaw.org/opt-out/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/opt-out/otCCPAiab.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 12:42:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
ERttG9+iQk1LCPjR495NRw==
age
80541
x-ms-lease-status
unlocked
last-modified
Tue, 22 Feb 2022 22:01:18 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
84ed10d5-601e-00ec-3ce1-5ad09f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
818919491bf939c3-YYZ
gpt.js
www.googletagservices.com/tag/js/ 		89 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
85b57770f58886194d71fe89d23f4bc06c892ade1a8ecfdf86a82fd965930b6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29151
x-xss-protection
0
server
cafe
etag
100 / 19649 / 31079032 / config-hash: 14863387668746949887
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 19 Oct 2023 12:42:03 GMT
ars-technica.min.js
ads-static.conde.digital/production/cns/builds/ars-technica/ 		141 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.41.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-41-112.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8d9e669ba66861451060f87f8b59bdd5faecf841f98aaa2b0da95d8c0d07d82

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
Kblnb91Zi31tZlaDhgXD.HnxA9n0hB1W
date
Thu, 19 Oct 2023 12:36:01 GMT
via
1.1 68fbda872a4e92e0774a97bdd960d43a.cloudfront.net (CloudFront)
last-modified
Mon, 09 Oct 2023 14:51:38 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P1
age
363
x-amz-server-side-encryption
AES256
etag
"cf754f035b5e33e051ad290ff156e0a5"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=900, stale-while-revalidate=3600, stale-if-error=86400
accept-ranges
bytes
content-length
143929
x-amz-cf-id
Fx-GHxjH9W8Opp6i7dCQ5ct_3IA3TuZmBKgtzh-mfGjPwacQeyhRbQ==
ars-84a4ab0802.ads.us.js
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/ars-84a4ab0802.ads.us.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
16708dda2536b4b3782313db4a6ec8456cd84da7ae0f56d7d2455e68fc9bc4f0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1689864894
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
e73c2ab10dcbe14b3f910edfc4c53ade
content-length
1143
x-cf2
H
last-modified
Wed, 12 Jul 2023 18:44:10 GMT
server
CFS 0215
x-cff
B
etag
W/"64aef47a-bc0"
content-type
application/javascript
access-control-allow-origin
*
cf4age
647283
accept-ranges
bytes
style.min.css
cdn.arstechnica.net/wp/wp-includes/css/dist/block-library/ 		87 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1689864894
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
4dbab6b9a04ffb039590d9f3867ee7aa
content-length
14508
x-cf2
H
last-modified
Mon, 17 Oct 2022 21:17:21 GMT
server
CFS 0215
x-cff
B
etag
W/"634dc661-15b64"
content-type
text/css
access-control-allow-origin
*
cf4age
20782750
accept-ranges
bytes
x-cf-rand
7.578
comments.css
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/comments.css?ver=1.2.2
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
76a942b00d27a492f8c322bd161121bf2c010d6453ded0cc0788477bc1c7f61d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1689864894
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
6aa7ac14a46003dc97fc09b56af24bbe
content-length
1101
x-cf2
H
last-modified
Wed, 12 Jul 2023 18:42:50 GMT
server
CFS 0215
x-cff
B
etag
W/"64aef42a-10e6"
content-type
text/css
access-control-allow-origin
*
cf4age
643310
accept-ranges
bytes
x-cf-rand
5.349
paywall.css
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/ 		839 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/paywall.css?ver=1.2.2
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
4046579e6e4eb157620e7ed218f64cca8b290ba6269d762df786c3c5e069cc5e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1689864894
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
9a629b7e1ab24929e866dc2f53d4b7a5
content-length
839
x-cf2
H
last-modified
Wed, 12 Jul 2023 18:42:50 GMT
server
CFS 0215
x-cff
B
etag
"64aef42a-347"
content-type
text/css
access-control-allow-origin
*
cf4age
643310
accept-ranges
bytes
x-cf-rand
3.787
warning-800x534.jpg
cdn.arstechnica.net/wp-content/uploads/2023/08/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/uploads/2023/08/warning-800x534.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
6ae09cd20041ec0f2769082d1a2b11c972b3ba6ab05d21b19a1419b3010b504d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-version-id
KdC3VMh0Da2rWk0uR8aX_SVsjX3XgJPh
x-cf-tsc
1697656032
x-cf3
H
x-amz-request-id
KS09YJEE3FV4WTKH
cf4ttl
43200.000
x-amz-server-side-encryption
AES256
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
6faf4cfd0ed3e7b9b99ae16de3bf85d9
x-amz-replication-status
COMPLETED
content-length
46312
x-amz-id-2
iEbSuBqbqq/3vWMVi9vh8pildfuDpd7ixkCQ0jVZC+aFZutKQiVzKQgjEwjWtnGRc1E8WIFke14=
x-cf2
H
last-modified
Tue, 08 Aug 2023 12:54:39 GMT
server
CFS 0215
x-cff
B
etag
"2ae470b94a30bec61927b849575250b0"
content-type
image/jpeg
access-control-allow-origin
*
cf4age
6156693
accept-ranges
bytes
x-cf-rand
8.281
malicious-keepass-ad-google-640x477.png
cdn.arstechnica.net/wp-content/uploads/2023/10/ 		122 KB
123 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/uploads/2023/10/malicious-keepass-ad-google-640x477.png
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fde25ad09c5d4bf924bb2bf5b118b68a94ed2124dc5c6fa2182f8415ed935f4a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-version-id
wSR0PWKCEauci_UIbvTvKrccSYHPeLJv
x-cf-tsc
1697691107
x-cf3
H
x-amz-request-id
E91WWQTMH8JAE3Z8
cf4ttl
43200.000
x-amz-server-side-encryption
AES256
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
8db26e22e76c133d3320ade8b522d214
x-amz-replication-status
COMPLETED
content-length
125127
x-amz-id-2
TwkNXSOciRJTCjfiG0gV7y99dvgQ5DUN/F6W2vBE9BRmWLIS11EcBPcLzFyAcBIdhHKb1WE5/9E=
x-cf2
H
last-modified
Thu, 19 Oct 2023 04:40:10 GMT
server
CFS 0215
x-cff
B
etag
"d6632fb1b5132ee0fe173c4213165815"
content-type
image/png
access-control-allow-origin
*
cf4age
47
accept-ranges
bytes
fake-keepass-website-640x393.png
cdn.arstechnica.net/wp-content/uploads/2023/10/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/uploads/2023/10/fake-keepass-website-640x393.png
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
eda376c50be465fcdba41f675393693c3625289c74b025f625722d400ecaafc8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-version-id
ieaGorzfsK_TigEJfiCH88XX8XXMGjPw
x-cf-tsc
1697691107
x-cf3
H
x-amz-request-id
E91XABSPF270KVS7
cf4ttl
43200.000
x-amz-server-side-encryption
AES256
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
ade1b25123922e0a50405c733ee39688
x-amz-replication-status
COMPLETED
content-length
119778
x-amz-id-2
Y2dZyJgGDw4V/sYfffS34JTzFVY7FFZT4TpBePQLd39yJDjW2P1tqvDTeOc+xbxrE81e691XAcU=
x-cf2
H
last-modified
Thu, 19 Oct 2023 04:41:31 GMT
server
CFS 0215
x-cff
B
etag
"fa13d68120ed292884f095ce36e81dbe"
content-type
image/png
access-control-allow-origin
*
cf4age
47
accept-ranges
bytes
keepass-digitaleagle-640x517.png
cdn.arstechnica.net/wp-content/uploads/2023/10/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/uploads/2023/10/keepass-digitaleagle-640x517.png
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
93bea8408610109650029c023b88d039114aa9be5663eeaa1b3fbbc7244ad50d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-version-id
3wCZZ0Yjp3ni6YyDAA0i4FKQsdlAwqHj
x-cf-tsc
1697691117
x-cf3
H
x-amz-request-id
E91JFW88RAXZJ4PB
cf4ttl
43200.000
x-amz-server-side-encryption
AES256
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
15f196639d26f1bd9b96dd17bd3312ff
x-amz-replication-status
COMPLETED
content-length
44243
x-amz-id-2
gKlTxEpNKH8zi1vAyOWpYEBte3dW29JtupV0/cPKxfF3OlK5OVBHFFOfPR4bFJ/aEkwDs0XAhr0=
x-cf2
H
last-modified
Thu, 19 Oct 2023 04:43:11 GMT
server
CFS 0215
x-cff
B
etag
"b06ffdca944b78f609f2b9e9e587f752"
content-type
image/png
access-control-allow-origin
*
cf4age
57
accept-ranges
bytes
x-cf-rand
7.589
privacyoptions123x59-c5c9972158.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/privacyoptions123x59-c5c9972158.png
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
3ffb2898bfdc64f6aa63183418b7c42a529f37505c70f68270abf62d90d6babe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1696401241
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
301e4e920a0974b7ccff82b543f781d4
content-length
1188
x-cf2
H
last-modified
Tue, 03 Oct 2023 19:42:27 GMT
server
CFS 0215
x-cff
B
etag
"651c6ea3-4a4"
content-type
image/png
access-control-allow-origin
*
cf4age
18451
accept-ranges
bytes
x-cf-rand
0.741
main-9e780dd793.js
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 		626 KB
204 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
82c48e4f43352a8f0c34f9ad13be89d22a8439ba8e322e2300499871d242aa0c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697446037
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
b32dc629771a3c56482a7734df873b60
content-length
208280
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
W/"651ee237-9c6f8"
content-type
application/javascript
access-control-allow-origin
*
cf4age
878146
accept-ranges
bytes
conde-asa-polar-master.js
polarcdn-terrax.com/nativeads/script/condenastcorporate/
Redirect Chain
  • https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
  • https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.16.112.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
via
1.1 varnish
cf-cache-status
HIT
last-modified
Thu, 19 Oct 2023 12:06:17 GMT
server
cloudflare
age
2146
vary
Accept-Encoding
content-type
text/javascript
x-varnish
4038271251
cache-control
max-age=21600
accept-ranges
bytes
cf-ray
8189194b29a154cd-YYZ
content-length
2018

Redirect headers

date
Thu, 19 Oct 2023 12:42:03 GMT
server
cloudflare
vary
Accept-Encoding
location
https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
x-country
CA
cache-control
max-age=3600
cf-ipcountry
CA
cf-ray
8189194a7bac1931-EWR
expires
Thu, 19 Oct 2023 13:42:03 GMT
100098X1555750.skimlinks.js
s.skimresources.com/js/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.skimresources.com/js/100098X1555750.skimlinks.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
AmazonS3 /
Resource Hash
e213cf8f887633ac8924c0390bb121f259a895ab8432013f5b6e1c37727802aa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:03 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Jun 2023 15:01:52 GMT
Server
AmazonS3
x-amz-request-id
8NAH9RTAJ9RH9R1A
ETag
"7c5963972efe352a00c4f008ac8c383b"
X-HW
1697719323.cds257.ch4.hn,1697719323.cds214.ch4.c
Content-Type
application/octet-stream
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13836
x-amz-id-2
7CdGe+5/ZkHdf9W70ADvYWp3xENr4y2RIC3f96ThcfyFMd9dkB/tRLDQTQkbg96ZuzGXRP7ATBc=
iframeResizer.min.js
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/iframeResizer.min.js?ver=1.2.2
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
4bc7f443f57d55c7eba98816a3d1054bdcee0cc74f4c1302f82056d118f141bb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1689864894
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
5742953054c404340d4abcf11b2a4658
content-length
5969
x-cf2
H
last-modified
Wed, 12 Jul 2023 18:42:50 GMT
server
CFS 0215
x-cff
B
etag
W/"64aef42a-3734"
content-type
application/javascript
access-control-allow-origin
*
cf4age
641750
accept-ranges
bytes
x-cf-rand
2.136
iframe.js
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/iframe.js?ver=1.2.2
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
c390e14d82304a2d9f01faedb819791a5553764c90bd4830c3a27b6108006644

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1689864894
content-encoding
gzip
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
9ea2c7a90206643dc498331f8f6f8a6d
content-length
1697
x-cf2
H
last-modified
Wed, 12 Jul 2023 18:42:50 GMT
server
CFS 0215
x-cff
B
etag
W/"64aef42a-1c92"
content-type
application/javascript
access-control-allow-origin
*
cf4age
641750
accept-ranges
bytes
b10882a1-8446-4e7d-bfb2-ce2c770ad910.json
cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b10882a1-8446-4e7d-bfb2-ce2c770ad910.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7abbd200510b514fce325237f0a9149fde8bc489e85934801aea98cf24c3d50c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
82851
content-md5
WFnzmDf9rc3pwweNZtoQ3Q==
content-length
2015
x-ms-lease-status
unlocked
last-modified
Mon, 02 Oct 2023 13:37:49 GMT
server
cloudflare
etag
0x8DBC34CC55C24C9
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
931eab10-b01e-0005-0c35-f5eb58000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
81891949cee139dd-YYZ
expires
Fri, 20 Oct 2023 12:42:03 GMT
dnsfeed
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 		77 B
246 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/dnsfeed
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26722786cc2b7257efb9ed4b77e7c4f0cae058303ac58a67e74f191db592eda7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
cf-ray
81891949eb0536a8-YYZ
vary
Accept-Encoding
content-type
text/javascript
gtm.js
www.googletagmanager.com/ 		515 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
7d2c610ca91fc942a8a090e7742f10155c4d0b674f45bb5b81b383fd15b1de6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141332
x-xss-protection
0
last-modified
Thu, 19 Oct 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 19 Oct 2023 12:42:03 GMT
v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU
shiverscissors.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.178.20 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
20.178.149.34.bc.googleusercontent.com
Software
/
Resource Hash
27fdfad068938b3dd701fc8afa78aeffcea73386ee7c2424382349783ac6c033
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
via
1.1 google
date
Thu, 19 Oct 2023 12:42:03 GMT
x-datacenter
gce-us-central1
etag
"6bcab50dab5854bd1bc4bb8de70915535065bdc87d4db9ce54d1b6b2b754a540"
x-buildname
hoothoot
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-us-central1-spot-s964
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
x-buildnumber
1033761249
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
loader.js
cdn.taboola.com/libtrc/condenast1-network/ 		250 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
121ad1b28c5ff4bf20a9ec3fa70e8330ea4b034c5b589aa1fec3aaee552539bf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
3yxzy4Jyb32SLA7HcQpaFI4pljgrdhz_
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-request-id
P6VE7D8Y9S37DJSW
age
1565
x-amz-server-side-encryption
AES256
x-cache
HIT
x-from-cache
1
x-envoy-upstream-service-time
8
x-amz-replication-status
PENDING
content-length
31008
x-amz-id-2
mE3t4xcSGDOyIowoMEHouszUqsUgCU4vC1T07FYFi2D0qWEj6m5ev84h5FlRV0vdVaUzlgHWjQ8=
x-served-by
cache-yyz4525-YYZ
last-modified
Thu, 19 Oct 2023 11:53:02 UTC
server
nginx
x-timer
S1697719323.183696,VS0,VE0
etag
"3390017c47d66bb1709d872425a1b4db1ffc5a07"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
abp
5
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
2
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		357 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		279 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5ecbfb541946a9a9437190a21d98e1c7ab7d863837d7d038a9a1e053c649c8ba

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		400 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
faux-apple-domain-360x200.png
cdn.arstechnica.net/wp-content/uploads/2017/04/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/uploads/2017/04/faux-apple-domain-360x200.png
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
d7cf19e3d2c9c192e149badd2271c1037d448c18d0e6aeeaba08ae0f95e7efca

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-version-id
null
x-cf-tsc
1697691248
x-cf3
H
x-amz-request-id
PA2GFVH3W4FW347Y
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1536154300:cacheN.yyz1-01:H
x-cf-reqid
27d1803a1b50a88ca27f1db815df37cf
x-amz-replication-status
COMPLETED
content-length
28084
x-amz-id-2
KBACDYpAiLENFVOQtmmHBrcaRpufZssfmHxaHfE+sO3KWhPjPFNhbwx199RI/5azF5RSDnlsvec=
x-cf2
H
last-modified
Sat, 21 Dec 2019 00:42:49 GMT
server
CFS 0215
x-cff
B
etag
"f7fa62d5f96f229ecd37041ac7b14561"
content-type
image/png
access-control-allow-origin
*
cf4age
178
accept-ranges
bytes
x-cf-rand
7.381
Dang.jpg
cdn.arstechnica.net/wp-content/uploads/2018/10/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/uploads/2018/10/Dang.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-version-id
null
x-cf-tsc
1697607973
x-cf3
H
x-amz-request-id
JV09PHTSCM4226GV
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
1cce49e5450a55805b8f7bac13c81353
content-length
92486
x-amz-id-2
PBCLSMjNx8EaflDAHL4TBfrdznma4mrK/9TTQcIW+NgnzRnFAuFJ60Hc+YoKU7/v1ISQBP0+7ZM=
x-cf2
H
last-modified
Sat, 21 Dec 2019 01:48:48 GMT
server
CFS 0215
x-cff
B
etag
"03e5fec9e7ca5f8064d945bd791bd4c3"
content-type
image/jpeg
access-control-allow-origin
*
cf4age
32065278
accept-ranges
bytes
x-cf-rand
5.936
channel-ars-be7bb52ba9.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/channel-ars-be7bb52ba9.png
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697187819
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fC.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
659d61631378fed57375b2844896e9a3
content-length
4809
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-12c9"
content-type
image/png
access-control-allow-origin
*
cf4age
635990
accept-ranges
bytes
x-cf-rand
3.384
truncated
/ 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
economica-bold-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-bold-otf-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697094092
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
303d49620650460ba481415bdaf74ac4
content-length
25592
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-63f8"
content-type
font/woff2
access-control-allow-origin
*
cf4age
551957
accept-ranges
bytes
x-cf-rand
3.623
economica-regular-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-regular-otf-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697268781
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
bd6f2ea6510ff73b07194e808c5ad98c
content-length
24264
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-5ec8"
content-type
font/woff2
access-control-allow-origin
*
cf4age
715730
accept-ranges
bytes
bitter-italic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-italic-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697448071
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
a05774d34c64e5dc3e72449a206800c3
content-length
24212
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:06 GMT
server
CFS 0215
x-cff
B
etag
"651ee236-5e94"
content-type
font/woff2
access-control-allow-origin
*
cf4age
905936
accept-ranges
bytes
x-cf-rand
7.261
bitter-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-regular-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697448091
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
cf7f59938d2555eb0bcd59efffeeeefe
content-length
22872
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:06 GMT
server
CFS 0215
x-cff
B
etag
"651ee236-5958"
content-type
font/woff2
access-control-allow-origin
*
cf4age
905956
accept-ranges
bytes
x-cf-rand
0.964
opensans-semibold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibold-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697448091
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
f83d392bc61aef6f166de964e07d348f
content-length
18972
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-4a1c"
content-type
font/woff2
access-control-allow-origin
*
cf4age
886268
accept-ranges
bytes
opensans-semibolditalic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibolditalic-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
59201950b83489808587827b4050ffe0597992825daa88c227476cdbbf8ca282

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697448931
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
b216c8c7cb5b44af24543ff59fcdc0a4
content-length
20872
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-5188"
content-type
font/woff2
access-control-allow-origin
*
cf4age
895679
accept-ranges
bytes
opensans-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-regular-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697448071
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
6190ee40c31cefc991cf217eeec1c80d
content-length
18824
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-4988"
content-type
font/woff2
access-control-allow-origin
*
cf4age
905936
accept-ranges
bytes
x-cf-rand
7.250
opensans-italic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-italic-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
c46974d8f6030e4888708b18a5d9a32b25eb765a5708896e1899df449d87aab7

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697446673
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
43691b2154762e715f355e2a3ea6fb85
content-length
20748
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-510c"
content-type
font/woff2
access-control-allow-origin
*
cf4age
883541
accept-ranges
bytes
opensans-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-bold-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697446760
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
e6af58528ad32264fd9f4030aee6e344
content-length
19516
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:07 GMT
server
CFS 0215
x-cff
B
etag
"651ee237-4c3c"
content-type
font/woff2
access-control-allow-origin
*
cf4age
903931
accept-ranges
bytes
x-cf-rand
0.004
bitter-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-bold-webfont.woff2
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Carrollton, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752

Request headers

Referer
https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-1eae76c908.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
x-cf-tsc
1697442331
x-cf3
H
cf4ttl
43200.000
x-cf1
14961:fD.yyz1:co:1525808045:cacheN.yyz1-01:H
x-cf-reqid
76867a1a01bc7716bc6abdb21117353e
content-length
22104
x-cf2
H
last-modified
Thu, 05 Oct 2023 16:20:06 GMT
server
CFS 0215
x-cff
B
etag
"651ee236-5658"
content-type
font/woff2
access-control-allow-origin
*
cf4age
879199
accept-ranges
bytes
video_groups
api.cnevids.com/v1/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.cnevids.com/v1/video_groups?filters={%22channel_key%22:%22arstechnica%22}&pagesize=20&endpoint=oo.arstechnica
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.139.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-139-68.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
cb52c9b5c6b4f30eb9580d4414ecd97d408ffb0579fc9792f379da7e9e43221c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/*
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Status
200 OK
Connection
keep-alive
Content-Length
658
X-XSS-Protection
1; mode=block
X-Request-Id
95975019-55f1-4ab7-b0d9-03051e997d8b
X-Runtime
0.001637
X-Backend-Node
10.110.9.231
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"ea1bb546f6aa2122c67b8c3fba7d0782"
X-Download-Options
noopen
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
max-age=0, private, must-revalidate
Vary
Accept-Encoding, Origin
X-Frame-Options
SAMEORIGIN
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		68 B
306 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8189194a8e5f39cc-YYZ
access-control-allow-headers
Content-Type
memo.js
cdn.memo.co/js/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.memo.co/js/memo.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-123.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4d7b91ed4a7804e22b94e4873af273def73469e80b740bd9787e287003058868

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
dIwRVCKiXrZkA8Vq0TRLD0Yyqjiw5iXT
content-encoding
gzip
via
1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
date
Thu, 19 Oct 2023 12:42:04 GMT
last-modified
Wed, 04 May 2022 18:49:53 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
etag
W/"09a117df3977ec5a869191fcea2ac408"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
no-cache
x-amz-cf-id
Fqg852d-3C2Wq7YTCDFCW2MI50hmOHMxn9IQPreEpjsdOn8BGhgb-A==
arstechnica.js
player.cnevids.com/interlude/ 		113 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.cnevids.com/interlude/arstechnica.js?isRightRail=true
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.208.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-208-51.iad66.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
560bf130580f795cffabe8de5f2c69ec3f92921e1841ae6e55d516a046805cc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Via
1.1 65a9dfba94b72916e09740a3c4fd79ba.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
IAD66-C1
Age
3
X-Cache
Hit from cloudfront
Status
200 OK
Connection
keep-alive
Content-Length
27992
X-XSS-Protection
1; mode=block
X-Request-Id
a0ce903d-d72b-4984-8a8b-569100eabf6c
X-Runtime
0.008931
X-Backend-Node
10.110.12.66
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"475f1a158f7f5c7d8c9e665a1ac67d67"
X-Download-Options
noopen
Vary
Origin,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
X-Amz-Cf-Id
LbkZP0LZr-IuUdlFYmFP8T8zqM3agtf8rg58ltz1OknGg0BaB5G5EA==
tr5
cdn.taboola.com/libtrc/ 		3 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/tr5?abgroup=block-clicks-recurring-click-200_ctrl
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-served-by
cache-yyz4525-YYZ
date
Thu, 19 Oct 2023 12:42:03 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719323.296502,VS0,VE0
x-cache
HIT
content-type
text/html
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
content-length
3
retry-after
0
x-cache-hits
0
impl.20231008-7-RELEASE.js
cdn.taboola.com/libtrc/ 		811 KB
168 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
307b102b0e420298c10d1e6cc35ad87f15260238ccb8cfb4782002a7b0307b29

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
6Aavq1Ss44kLailJwTC30FLxGoefyd1n
content-encoding
br
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:03 GMT
x-amz-request-id
XZAQ334CKXYAXC5M
age
21989
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
171832
x-amz-id-2
eyfnNGElNzJwkO/OXzrJ2QhbqFBgRcEhZxwtU7BH+bKLHtDpZrfOywBFpQgg/t5LUlkvOUI3zgM=
x-served-by
cache-yyz4525-YYZ
last-modified
Tue, 10 Oct 2023 06:57:13 GMT
server
AmazonS3-br
x-timer
S1697719323.302794,VS0,VE0
etag
"b5fbb3ebfefabd282251bf835f82ae1d"
vary
Accept-Encoding
content-type
application/javascript
abp
83
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
x-cache-hits
18
/
r.skimresources.com/api/ 		167 B
386 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.skimresources.com/api/
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.59.190.35.bc.googleusercontent.com
Software
openresty/1.19.9.1 /
Resource Hash
57114b6dc4d12b7998f731e339eaeb0021e537e5600abeb0d6e7d1ef2275d6dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
server
openresty/1.19.9.1
via
1.1 google
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
robots.txt
t.skimresources.com/api/v2/ Frame 44DF 		0
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.7028217150345613
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
via
1.1 google
cache-control
private, no-store
server
nginx
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain
px.gif
p.skimresources.com/ 		43 B
276 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/px.gif?ch=1&rn=2.4145586282601315
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.91.190.35.bc.googleusercontent.com
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date
Thu, 19 Oct 2023 12:42:03 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
content-type
image/gif
px.gif
p.skimresources.com/ 		43 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/px.gif?ch=2&rn=2.4145586282601315
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.91.190.35.bc.googleusercontent.com
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date
Thu, 19 Oct 2023 12:42:03 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
content-type
image/gif
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
80541
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
7a75efb1-601e-0081-6c94-b47ab1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8189194aedeb39c3-YYZ
skeleton.gif
static.adsafeprotected.com/ 		43 B
481 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/skeleton.gif?adunitid=cafcp&adnum=9219106
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-75.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 23 Jul 2023 08:00:59 GMT
x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via
1.1 05f4e6c9553ff5b6620e13adbd08b064.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P3
age
7620065
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
VXSCsuGdcXuF4rNo33d5E65lgMvGd458_F9KPo8BMi8Th8aPR5Ti4A==
v2
z-na.associates-amazon.com/onetag/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.74.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-74-42.iad89.r.cloudfront.net
Software
Server /
Resource Hash
7475f5c70d3b6020b6f4621b2e69fba3360bea00a913e60b085af165b93842ec
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 08:49:15 GMT
content-encoding
gzip
accept-charset
UTF-8
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 4e6e9c8ad6e40529a0e7659f2f4c5f28.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
IAD89-P2
x-amz-rid
NQYMCN63DCH5MZ5P2VQX
age
13968
vary
accept-encoding,Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
access-control-allow-origin
*
x-amz-cf-id
J5RI_xmUpQfNUJ5TL6shGo9k4jpssMYf_NsJEpDguPtewLZqgFn33w==
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/ 		422 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
b333a33f794194adaf94287fb06c6529010aade13c0574140ea03f4bd9f433bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:37:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
251
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
135328
x-xss-protection
0
server
cafe
etag
16474413789440466402
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 18 Oct 2024 12:37:52 GMT
iasPET.1.js
static.adsafeprotected.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/iasPET.1.js
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-75.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
UWTIHcIBCTlOhfqinKDA9NwqhFA8.Ocb
content-encoding
gzip
via
1.1 05f4e6c9553ff5b6620e13adbd08b064.cloudfront.net (CloudFront)
date
Sat, 14 Oct 2023 07:04:37 GMT
x-amz-cf-pop
IAD61-P3
age
452247
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 01 Jun 2021 13:42:44 GMT
server
AmazonS3
etag
W/"51636de3ce868a2172f9e6996c2934e0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
h_IwQrAJ7g5bt0MbHoPUh9KEA1MUUYvVETjrR0b0V5sEZpUzDEgINg==
moatheader.js
z.moatads.com/condenastprebidheader987326845656/ 		223 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f75c76aa4b70766651aec7f46e9161fe774810bffac96034dc63e5a9eed10918

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
last-modified
Thu, 05 Oct 2023 09:39:45 GMT
server
AmazonS3
x-amz-request-id
D6319NEEM3WP8JKY
etag
"8084c7ed00910ec0b1440e653bef434a"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=59121
accept-ranges
bytes
content-length
80338
x-amz-id-2
WfNCa2gLqMj2hZ/xd0xOVoque77KqewfaUvbwQw9GSMNiLMikqae3pn3hXIhisK4QVAZJ62lS3g=
1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
cdn.permutive.app/ 		877 KB
210 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.146.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cbe47dffdb2913380b553bde4184a77fbce2a415e8e8405d348fa3bc7bfd6fa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
br
cf-cache-status
HIT
x-goog-meta-oid
bd1cec50-00d1-4ce9-9572-785857419a1e
age
0
x-guploader-uploadid
ADPycduWpulOkBY-d0dmxKMKGl-VX3X7e4qwOdQD93b3IfwMqjBoZ5K96F4j2xdeqQ4_43mZS2VTgckFdeRImrG71F1FNOlFiwfV
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
last-modified
Thu, 19 Oct 2023 11:16:33 GMT
server
cloudflare
etag
W/"2719bef489ecb653b4a8dd2a9fd6d4cc"
vary
Accept-Encoding
x-goog-generation
1697714193418732
content-type
application/javascript
x-goog-hash
crc32c=GgtKag==, md5=Jxm+9InstlO0qN0qn9bUzA==
cache-control
public, max-age=900
x-goog-stored-content-length
226203
timing-allow-origin
*
cf-ray
8189194bcce136c0-YYZ
expires
Thu, 19 Oct 2023 12:57:03 GMT
condenast-amp
segment-data.zqtk.net/ 		321 B
569 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://segment-data.zqtk.net/condenast-amp?url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.81.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-81-138.compute-1.amazonaws.com
Software
nginx /
Resource Hash
fff8e490154cb7c1489bcd167245fdeffc9042fb1755dc1c3e824d255ef835cd

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:03 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
https://arstechnica.com
X-Result-Id
Bavk7oIVe3o
Cache-Control
max-age=144622
Access-Control-Allow-Credentials
true
Connection
keep-alive
Expires
Sat, 21 Oct 2023 04:52:26 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		263 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.53.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-53-102.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
209807b4a945eb3978b50de85596e82a78af6ec6cf2d8757abadf90ef182a687

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 11:47:27 GMT
content-encoding
gzip
via
1.1 782e548cb0b1b64c63d995fc59568b48.cloudfront.net (CloudFront), 1.1 9a7c700290cf80b3334e7dcd07bfe44a.cloudfront.net (CloudFront)
last-modified
Tue, 17 Oct 2023 19:57:29 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P2, IAD55-P2
age
3277
x-amz-server-side-encryption
AES256
etag
W/"e715d530f804a6faeb76dbd12252e8fc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
LdiKj4uvYb_edL3bzwYJrw5aY8AiakjLaQZjzkRWRA3Pfl5IYEwTwg==
prebid.min.js
ads-static.conde.digital/production/cns/builds/ars-technica/ 		333 KB
334 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.41.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-41-112.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b923c564473d30245b19bc93eaa384225d8ca55118931f89df58e4de539ecb77

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
W1ekqYaeI9b2d39f733XZQ83XWuN4aQH
date
Thu, 19 Oct 2023 12:40:42 GMT
via
1.1 68fbda872a4e92e0774a97bdd960d43a.cloudfront.net (CloudFront)
last-modified
Wed, 06 Sep 2023 18:43:58 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P1
age
82
x-amz-server-side-encryption
AES256
etag
"bf357e4a648bea9a6ea64056718fcea6"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
341250
x-amz-cf-id
9CTNBwovPXM7DiD4aF4B38W3u2D-cuUax9Jo55qqB10eZgtv7kOF0Q==
5b27ee7e8c1abc4e7900000f
api.cnevids.com/v1/video_groups/ 		104 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.cnevids.com/v1/video_groups/5b27ee7e8c1abc4e7900000f?endpoint=oo.arstechnica
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.139.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-139-68.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
594fc5814367bca74a6cfa0fcd89df251a05e7e39eb324ce959b5b692354f468
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/*
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Status
200 OK
Connection
keep-alive
Content-Length
17103
X-XSS-Protection
1; mode=block
X-Request-Id
98f77557-4459-42db-9fba-e052906446c0
X-Runtime
0.004452
X-Backend-Node
10.110.123.172
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"fcd901deb58414fda297d31efef3b048"
X-Download-Options
noopen
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, PUT, POST, DELETE, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
max-age=0, private, must-revalidate
Vary
Accept-Encoding, Origin
X-Frame-Options
SAMEORIGIN
sync
gum.criteo.com/ 		46 B
288 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS&us_privacy=1---&gdpr=0&gdpr_consent=&gdpr_pd=
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
285104
expires
60
json
trc.taboola.com/condenast-arstechnica/trc/3/ 		14 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/condenast-arstechnica/trc/3/json?tim=05%3A42%3A03.493&lti=block-clicks-recurring-click-200_ctrl&data=%7B%22id%22%3A335%2C%22ii%22%3A%22%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1697716082314%2C%22vi%22%3A1697719323490%2C%22cv%22%3A%2220231008-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22pev%22%3A%2213486%22%2C%22ccpa_ps%22%3A%221---%22%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%2C%22vpi%22%3A%22%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A5673%2C%22nsid%22%3A%22condenast1-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a-6x1%3Apub%3Dcondenast1-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%20-%20AT%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%20-%20AT%22%2C%22cd%22%3A5125.8125%2C%22mw%22%3A1220%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2CBelow%20Article%20Thumbnails%20-%20AT%3Dthumbnails-a-6x1%3Apub%3Dcondenast1-network%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22block-clicks-recurring-click-200_ctrl%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8ebc7fde61bf90144929cb82c7d3d5ebd34ca9100eb93815221bd03f1e82c185

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
436
date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
via
1.1 varnish
cpu
0.630625
x-fastly-to-nlb-rtt
13564
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version
v1
x-served-by
cache-yyz4525-YYZ
x-log-content-encoding
gzip
server
nginx
x-timer
S1697719324.501939,VS0,VE436
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
en.json
cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/7a7dfb1f-aedb-4d44-8d81-9e59558ddf08/ 		171 KB
31 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/7a7dfb1f-aedb-4d44-8d81-9e59558ddf08/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a93d36fa85734b97c66d98085ee02db6ee0bf6be4e1d4b73c869ad669121142
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
82861
content-md5
IC0R9kDRqo5sau1uZ3A27w==
content-length
31168
x-ms-lease-status
unlocked
last-modified
Mon, 02 Oct 2023 13:38:18 GMT
server
cloudflare
etag
0x8DBC34CD65F4B1F
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
dd83f63e-301e-009d-0b35-f5cb39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8189194be97c39dd-YYZ
expires
Fri, 20 Oct 2023 12:42:03 GMT
plugin.js
plugin.mediavoice.com/ 		369 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://plugin.mediavoice.com/plugin.js
Requested by
Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.144.23 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89a04f1809b96eca28e1646ccc40bfa7b714142a610b41e40082bbebca8ea6c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
via
1.1 varnish
cf-cache-status
HIT
age
38410
content-length
140320
last-modified
Wed, 16 Aug 2023 13:50:07 GMT
server
cloudflare
etag
W/"64dcd40f-5c2bf"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-varnish
2598430912 2598326629
cache-control
max-age=43200
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-ray
8189194c0c8b1931-EWR
expires
Thu, 19 Oct 2023 10:26:37 GMT
condenastcorporate
polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/ 		208 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/condenastcorporate
Requested by
Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.112.202 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dc40a5096530714279199bd98ffbe44f3108bf9dd183ec74d85f69705d86e25

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
server
cloudflare
etag
W/"f3cb63b5151ee861d177a2136e7d9989"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-country
CA
access-control-expose-headers
X-Country, CF-Ray
cache-control
max-age=3600
timing-allow-origin
*
cf-ray
8189194c2a3854cd-YYZ
page
t.skimresources.com/api/v2/ 		22 B
358 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.skimresources.com/api/v2/page
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
Python/3.10 aiohttp/3.8.5 /
Resource Hash
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:03 GMT
via
1.1 google
x-content-type-options
nosniff
server
Python/3.10 aiohttp/3.8.5
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8, application/javascript
access-control-allow-origin
https://arstechnica.com
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length
22
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
link
t.skimresources.com/api/v2/ 		22 B
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.skimresources.com/api/v2/link
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
Python/3.10 aiohttp/3.8.5 /
Resource Hash
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:03 GMT
via
1.1 google
x-content-type-options
nosniff
server
Python/3.10 aiohttp/3.8.5
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8, application/javascript
access-control-allow-origin
https://arstechnica.com
warning
299 - "Deprecated API"
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length
22
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
recommendations
api.condenast.io/v1/ 		23 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.condenast.io/v1/recommendations?applicationID=cne-interlude-arstechnica&brand=arstechnica&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&filter%5Bstrategy%5D=POPULAR&filter%5BcontentType%5D=CNEVIDEO&filter%5Blanguage%5D=en-US&page%5Bsize%5D=5
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/interlude/arstechnica.js?isRightRail=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.64.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a8dceccdd8cc3b673e20758d8deb0c3b51c715c1bb7007f5afc1aab322830b54

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:03 GMT
content-encoding
gzip
Via
1.1 dc19ea23f7171b69f0ee587ccd8e6c16.cloudfront.net (CloudFront), 1.1 varnish
x-backend
2SrKDXXFWNz87LdtRpzPzK--F_RECS_NA
X-Amz-Cf-Pop
YTO50-P3
Age
248
X-Cache
Miss from cloudfront, HIT
Connection
keep-alive
Content-Length
5203
X-Served-By
cache-yyz4546-YYZ
X-Timer
S1697719324.622467,VS0,VE1
Vary
origin,accept-encoding, Accept-Encoding, Origin
Content-Type
application/json; charset=utf-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
max-age=600, must-revalidate, public
access-control-allow-credentials
true
Accept-Ranges
bytes
X-Amz-Cf-Id
csWxIn_OgU5qk2TgM-tEMN5Hp8salr2D7gCHvSM2QjahyD30_A-bqA==
X-Cache-Hits
1
60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
player.cnevids.com/script/video/ 		69 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Requested by
Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-9e780dd793.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.208.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-208-51.iad66.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
0c8c07e82ad5ddc89d7daf1fc82afa3352be27b7a9c479f50e8c42511774a7ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Via
1.1 65a9dfba94b72916e09740a3c4fd79ba.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
IAD66-C1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
318fcb9b-6fa9-4b6c-8502-b63de3b99978
X-Runtime
0.005430
X-Backend-Node
10.110.31.113
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"4ce2e91f695cdc94367f2a0122be12c7"
X-Download-Options
noopen
Vary
Origin,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
X-Amz-Cf-Id
SU_zAf25Ll7ejERueKHhaYf2Jf3lLQiKUFvioPqEJI2g42_z8Tb4cQ==
arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1621877260/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
0396be2ab58ec30babd0838d7e37d6407475d4361be85ee7451dbac9186add57
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:08 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169375
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
11625
Last-Modified
Thu, 20 Jan 2022 21:51:37 GMT
Server
Cloudinary
ETag
"0b80752552abdab1277829e7a4b2824a"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
KJNhdMNeDYUscuX5zIX7MWFP5BL6Ex-Yg0qrjCOK9RjV3FQmMXe9Rw==
arstechnica_unsolved-mysteries-unsolved-mysteries-of-the-warhammer-40k-universe-answered-by-author-dan-abnett.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1620135390/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1620135390/arstechnica_unsolved-mysteries-unsolved-mysteries-of-the-warhammer-40k-universe-answered-by-author-dan-abnett.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
a2bd43c80adc73ae26472a90ec3bd9df44a5b7d2dafb133b8660efd800c719b1
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:07 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169376
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14620
Last-Modified
Thu, 20 Jan 2022 21:51:38 GMT
Server
Cloudinary
ETag
"7996e22c04be37a8677bb680607e6d12"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
_6BTyzfn_9z7TbRpIObrUEcKA0ACTrNqgGk3WNmAbqgY5y2g2Ps7sg==
arstechnica_sitrep-f-16-replacement-search-a-signal-of-f-35-fail.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1619531614/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1619531614/arstechnica_sitrep-f-16-replacement-search-a-signal-of-f-35-fail.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
85c33811c2b04e4e02babe2fd6bd7ac0035f93e95827116429bbda2cf9c6c95d
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 22:58:29 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
222214
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
5242
Last-Modified
Thu, 20 Jan 2022 21:49:06 GMT
Server
Cloudinary
ETag
"cfdeb1a825aca3ca1bf9ab3727325d27"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
OLYa5rHlHRvDswI4dmqQE3h7j1bp0nYF447ZOyIQx_HZcDdBGiwt6A==
arstechnica_sitrep-boeing-707.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1615574323/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1615574323/arstechnica_sitrep-boeing-707.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
571479d52cd675db5573fe46973c62cba6d8224a76136fcefeb90f7dc42a6391
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Sun, 08 Oct 2023 11:15:31 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
955592
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
11899
Last-Modified
Thu, 20 Jan 2022 21:49:06 GMT
Server
Cloudinary
ETag
"49fd6cf75b5acbe4ea95126496406585"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
sbMpRyDu_nbkyUKL9KDv6eZzULmmcMsfMvTUW2-UUsYxJT0XPVpDUQ==
arstechnica_steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1611089409/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1611089409/arstechnica_steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
06b33c040105224101afcdaacd82b6dfb3ea1bf9ef3d7478cf5fa163a0ad65e0
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:49:15 GMT
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
168768
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
16317
Last-Modified
Thu, 20 Jan 2022 21:49:06 GMT
Server
Cloudinary
ETag
"4796345150de82db7572da4e13d5fbc1"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
TV_u6fchA4s8vV5ivsjZ3-A7OOW7sjGjC_Ee6D80CrHDIZnUzC8Rrg==
arstechnica_modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1607984287/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1607984287/arstechnica_modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
de5e37739b5797e8ba9dba4a2dcb65f37c36a65fe839cb306162e21c74ba166e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:44:09 GMT
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169074
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14171
Last-Modified
Thu, 20 Jan 2022 21:51:37 GMT
Server
Cloudinary
ETag
"7f2bf661d68cedfcf91542c6e1dab7c6"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
LE3QymszbQSw2C_HGPoWZm-mT2Z91Do5rikQSAqIvcjXfpo0D1ie8g==
arstechnica_war-stories-gail-tilden.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603899385/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603899385/arstechnica_war-stories-gail-tilden.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
7d91c04c657709af03f6dad61d375c3208d18ab5ff7851c2472007dc05201342
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:32:00 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166203
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15071
Last-Modified
Thu, 20 Jan 2022 21:51:38 GMT
Server
cloudflare
ETag
"1f4aa6187c59e6ed79d0c3a2a0bc19d9"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
81700cb289d53934-IAD
timing-allow-origin
*
X-Amz-Cf-Id
V4ztYd5FoOvVqJJdElPlyG4YrCxCuKD4LbUJetLcbrbf_f4B1I6n0g==
arstechnica_personal-history-scott-manley.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603123470/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603123470/arstechnica_personal-history-scott-manley.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
1f466b08649eef5ad16c20f6d7207bf8818cb107b6241950dbc568cdffc03d63
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Mon, 09 Oct 2023 02:35:13 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
900410
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14113
Last-Modified
Thu, 20 Jan 2022 21:49:06 GMT
Server
Cloudinary
ETag
"963bf0b22c745f95a06f32ee1317b872"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
3Wy1rJxfweorrfzYixGFW08UdYCu_TP3Yxc4OvczSDK55DtD3ukaTA==
arstechnica_scare-tactics-thomas-grip.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1602524702/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1602524702/arstechnica_scare-tactics-thomas-grip.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
617e0f9fee7ef0ca891735246b4b5a61caa3622db4a4256685b061c9f43bd053
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:08 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169376
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15079
Last-Modified
Thu, 20 Jan 2022 21:51:38 GMT
Server
Cloudinary
ETag
"d57f99149a48173e30de572cfa48ed93"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
4KJVhHV-E2ZFTCssA4SRulTerEIW4r4C-_3S7Gu_71IZBkMNyu1QJw==
arstechnica_personal-history-lgr.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1600711530/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1600711530/arstechnica_personal-history-lgr.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
29637e0647104ccc5d5583e652db29ce99e947c858c3d9502960e7ea7f1aea19
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 01:15:15 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
300409
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14772
Last-Modified
Thu, 20 Jan 2022 21:49:06 GMT
Server
Cloudinary
ETag
"4049b10cd3281951b01beb4f36134234"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
3cChY8w4kRK4A-dzI-BMl6XYotQSVQth8pE3V36cB8XFHx8jMe9Tww==
arstechnica_the-f-35-s-next-tech-upgrade.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1598890591/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1598890591/arstechnica_the-f-35-s-next-tech-upgrade.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
3b0209841325362235c221628e471145726897e4e1c9b210b6e6b2217fdf2ee8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 03:21:00 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
206464
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
3374
Last-Modified
Thu, 20 Jan 2022 21:49:06 GMT
Server
Cloudinary
ETag
"3f16924a1fdff64e971a0491115fc147"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
vNwzccpsni3G-8Dg31CnIcwUKJDTA3oQ7YbZa20UNibOXkoJz41_sA==
arstechnica_war-stories-diablo.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1597686086/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1597686086/arstechnica_war-stories-diablo.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
aa3b9513abbbf65a2c8483122648fce1b39b1afa2a69bdf863242f1411baba58
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:49:47 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
168737
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14667
Last-Modified
Thu, 20 Jan 2022 21:51:39 GMT
Server
cloudflare
ETag
"d4de63ae8b9ef5b77ad58eaae97d7d02"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f2291bc65b3b-IAD
timing-allow-origin
*
X-Amz-Cf-Id
J2gJCkZxiFIfUx-wVe1zDa2K-LnrCagQYumqtNL1hLUAbYjVdOoj7A==
arstechnica_unsolved-mysteries-unsolved-mysteries-mortal-kombat.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1596476950/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1596476950/arstechnica_unsolved-mysteries-unsolved-mysteries-mortal-kombat.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
0b5c6a8d4a856db56da956eced8af9a5eb6e0a89dc67de5ffc4c83513472a3cc
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 15:18:58 GMT
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
163386
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
11486
Last-Modified
Thu, 20 Jan 2022 21:51:38 GMT
Server
Cloudinary
ETag
"7a8a596aae95c9a900261808554523e6"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
IOXhf8fxamYkBDF1fjiuvT_cnu90PDLX3kknaQyLfwXz1ccTC4WJlg==
arstechnica_us-navy-gets-an-italian-accent.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1595427354/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1595427354/arstechnica_us-navy-gets-an-italian-accent.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
85db95dbe15c810a710ca6d9094a2a29f2eeea05791cc7aaab7af8939684b978
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 00:23:56 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
217088
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
6124
Last-Modified
Thu, 20 Jan 2022 21:51:46 GMT
Server
Cloudinary
ETag
"51113bf4443c0cf453d0e8bf60489ac7"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
Fl7B-eDzd5kEHfYY8JslkDADtqY4zC7Sdp7aHWJG5pl_OZKWv0Pa2A==
arstechnica_war-stories-war-stories-undone-w-slash-hisko-hulsing.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1594656439/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1594656439/arstechnica_war-stories-war-stories-undone-w-slash-hisko-hulsing.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
e74b9cb9d8871d300d2a1d36ce2cd00dfbfe0c5d8066d1d415c4ce620a919d47
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:50:10 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
168714
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
10345
Last-Modified
Thu, 20 Jan 2022 21:52:15 GMT
Server
cloudflare
ETag
"60622b64688dbb49917234d4091856fb"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f22a1aa4586c-IAD
timing-allow-origin
*
X-Amz-Cf-Id
FxkdNze8BJogjgEsAtLyITgmnHGG1HbrDyfedGNrxpCMJGeO9grjTg==
arstechnica_fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1593453234/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1593453234/arstechnica_fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
9431bc6d1a6d036a70c92dfc9000d7965f939671a59705bdd01c3e652048ed9a
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Sun, 08 Oct 2023 12:52:11 GMT
Strict-Transport-Security
max-age=604800
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
949793
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15307
Last-Modified
Thu, 20 Jan 2022 21:49:07 GMT
Server
cloudflare
ETag
"324e15e8b7d3edd23ffbf5df0a1a9e77"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
812e85044ff1580c-IAD
timing-allow-origin
*
X-Amz-Cf-Id
bNPMdfwUaJht6gZIpDTUrbnGFn1XEQyyj3B_7J20_2qSwGMDSiIteQ==
arstechnica_war-stories-war-stories-nba-jam.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1592315288/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1592315288/arstechnica_war-stories-war-stories-nba-jam.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
5be5b0170ad4bbd2be91182d137933e7de9c7e86b09ec855a4bac015ebfd746f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:49:08 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
168776
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14149
Last-Modified
Thu, 20 Jan 2022 21:51:39 GMT
Server
cloudflare
ETag
"bd63326fa81d10df9e2da1245d3c122c"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f203fd9a2009-IAD
timing-allow-origin
*
X-Amz-Cf-Id
MscS2vkNQyn3k_glvvwWT5dz86vGHxF78JCpff-GFfxc7wfSlX9txw==
arstechnica_linus-tech-tips-reacts-to-his-top-1000-youtube-comments.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1591804041/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1591804041/arstechnica_linus-tech-tips-reacts-to-his-top-1000-youtube-comments.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
e8830a414dfeb4c0e0f519d3419f69849df9226f329357c938333dbf2c956f63
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:44:15 GMT
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169069
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
9054
Last-Modified
Thu, 20 Jan 2022 21:49:07 GMT
Server
Cloudinary
ETag
"b17d3aab70cb56fbf2df892c8415ab16"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
mttcY52nOpP5oIj4jwXlkyoSs9w1marNlulgMGCNZS78sS3wGFoHYQ==
arstechnica_war-stories-how-alan-wake-was-rebuilt-3-years-into-development.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1589408118/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1589408118/arstechnica_war-stories-how-alan-wake-was-rebuilt-3-years-into-development.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
3f2cf5f857c617761a251ceef8f6ed452a7690e21f16eff0a70dddf9beea8633
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:08 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169376
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
10817
Last-Modified
Thu, 20 Jan 2022 21:51:39 GMT
Server
Cloudinary
ETag
"9417ada34c9b6b07ccd41a463b717969"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
JK49EaSjL9ADxgTbmqSSmr-2vLu8uqIMPLqmVutrKarbHna4f0noWQ==
arstechnica_war-stories-prince-of-persia.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1584454477/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1584454477/arstechnica_war-stories-prince-of-persia.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
56f8838a24cb0cc47dc34a19d6b84d6ce8bf8086b1682bbb990abc13b1e2da65
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:24:39 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166645
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15682
Last-Modified
Thu, 20 Jan 2022 21:51:39 GMT
Server
cloudflare
ETag
"e9cccef2a4a4cf217be0ba162f6b4296"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f22bdfa58000-IAD
timing-allow-origin
*
X-Amz-Cf-Id
gb0B3OL1KxYoXK8XJHBM1hzCqswo32wGqgAGL4B61VfZsQIAOX0C_g==
arstechnica_war-stories-how-crash-bandicoot-hacked-the-playstation-to-run.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582755533/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582755533/arstechnica_war-stories-how-crash-bandicoot-hacked-the-playstation-to-run.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
46a9ddb1f206a46900872e0a832750ae06925528f81883a3d3517fdb42aefb6d
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:44:07 GMT
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169077
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
17475
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
Cloudinary
ETag
"7588b83c6eb2a1165344abad7e12e715"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
L2ZKuPVF9508vLQZXfRQsWjh9eZMdJDnjXwK7uFjsfjTiV4HS-0SpA==
arstechnica_war-stories-myst.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1580223113/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1580223113/arstechnica_war-stories-myst.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
1bf55bc00dbf13180884211c3d301729e67b81f3456225c1fbf97d271d636509
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:44:44 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169040
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
13522
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
cloudflare
ETag
"ed8c6a9aa19e7d5c7aa46a3aead23a87"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f2ec58a05812-IAD
timing-allow-origin
*
X-Amz-Cf-Id
Z4kF8JdCGjtLyGSJc-RNvvYHy0Uu-0Z56r238aR88kjAkaCVHXzgGQ==
arstechnica_markiplier-reacts-to-his-top-1000-youtube-comments.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1579194313/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1579194313/arstechnica_markiplier-reacts-to-his-top-1000-youtube-comments.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
e336ff50623cff960c2396944be4392139f63dcc032e5f3428d81489fdfe697a
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:21:18 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166846
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
8832
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
cloudflare
ETag
"2bad386c14ac040d530ceb2ae89c8bbb"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f260de3b81a9-IAD
timing-allow-origin
*
X-Amz-Cf-Id
1gHSmPxDGxib1dHLCvhArxd6RuFE75-0HxdBUygURWQa83UalJCMKg==
arstechnica_war-stories-war-stories-oddworld.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582815531/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582815531/arstechnica_war-stories-war-stories-oddworld.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
1097abb6f0992cccc79428374463e7f23b99dae5eb85d7317b20bd57c96031bb
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:49:51 GMT
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
168733
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
12614
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
Cloudinary
ETag
"4a7903cbe66890b5688d843661943ccd"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
lD4zjfU4--eiB9P54VPKIlGxo4y95ya7GssEupO83JlzFIUg_QK5kg==
arstechnica_unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1573140819/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1573140819/arstechnica_unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
de24551bd4396fc8579b2d87ce01944553dd48fb52775d14373725a50efa0c37
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:44:10 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169074
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
11417
Last-Modified
Thu, 20 Jan 2022 21:52:15 GMT
Server
cloudflare
ETag
"3e8509d06c6610d54babcac0d91e5d93"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f22c2b7607bb-IAD
timing-allow-origin
*
X-Amz-Cf-Id
Nha6mrTu0tUS6eSbJQEWiqg2ePZScVdsb0amI-6N3mP9TeTgP2tSRQ==
arstechnica_war-stories-civilization.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1569003425/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1569003425/arstechnica_war-stories-civilization.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
1c7dcc8216c6f82da2998ceeac2523632c7f9bffe510824b6d082621201f2012
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:09 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169375
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
16236
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
Cloudinary
ETag
"72002610618f7bf8bf0e52c760e39897"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
falaPiiQ_AT5rxTWQIRA5GyoL_6UqmIl7YwUdiKoe72l9kTxPSbPVQ==
arstechnica_sitrep-dod-resets-ballistic-missile-interceptor-program.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1568662260/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1568662260/arstechnica_sitrep-dod-resets-ballistic-missile-interceptor-program.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
7fc88c65d46e83b3f3e9f098f05fd639480332fc3718cd714725e2e4633af4e8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Fri, 13 Oct 2023 01:09:33 GMT
Strict-Transport-Security
max-age=604800
x-content-type-options
nosniff
Via
1.1 19a26748942db0d3fcb162b26019f692.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
559951
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
10793
Last-Modified
Thu, 20 Jan 2022 21:51:46 GMT
Server
cloudflare
ETag
"0e1ff58ccf6d97759de3d774a7ff835a"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8153b2a22b40822c-IAD
timing-allow-origin
*
X-Amz-Cf-Id
VftyLxd20qTVmIZg6l4EnsZRmaADKWF1w43obs5Jvg708WQiBE3w2A==
arstechnica_warframe-reviews.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1561556730/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1561556730/arstechnica_warframe-reviews.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
83a366075eb2387c6d9f848f42b08df0546027333eccf5813edf95ba45709be2
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:46 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169338
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14837
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
Cloudinary
ETag
"1d90d6aef7585f963e1270a1a02a4dd4"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
Dy_Cov9UcWrgGZW61Nt0dAvqnnUXxCttEM_iMFgfZ0QexMDq-Ut2VA==
arstechnica_war-stories-subnautica.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1559747425/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1559747425/arstechnica_war-stories-subnautica.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
20660a9ef7ec454c15b2dc62b3db084e0cc9f74c5bb6de71a96fb1a54aef00f8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Fri, 13 Oct 2023 01:10:48 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
559876
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15222
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
Cloudinary
ETag
"8c45b6c645caba59f4b14d3fbdc09062"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
wWB4T2Kw7t4iNjL-jn5fpqUsw47sNAyiBcl9talpeXQSrbWteLDGvA==
arstechnica_war-stories-slay-the-spire-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1556741487/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1556741487/arstechnica_war-stories-slay-the-spire-war-stories.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
f9d9e96c4439beeca49a1a10f9dffe6f5cd0b604d13aa13af170d0bc62d8ca1b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:22:22 GMT
x-content-type-options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166782
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15634
Last-Modified
Thu, 20 Jan 2022 21:51:41 GMT
Server
cloudflare
ETag
"abee90e53f29ba0127fca9442ab50902"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f27f8d2e56ec-IAD
timing-allow-origin
*
X-Amz-Cf-Id
KBuP5clyifPn7UDYiIfJUKF73BM0xzdGxCkguALh_2FzxctCLuYTsA==
arstechnica_war-stories-amnesia-the-dark-descent-the-horror-facade.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1555359865/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1555359865/arstechnica_war-stories-amnesia-the-dark-descent-the-horror-facade.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
1defb6bc54a7ee9c066136908360e8455c23ee9ad0dec9924e7255d7948cd4be
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Wed, 04 Oct 2023 14:07:59 GMT
X-Content-Type-Options
nosniff
Via
1.1 19a26748942db0d3fcb162b26019f692.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
1290850
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
15251
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
Cloudinary
ETag
"3e7cdc13e718680bf5e1efa64468b560"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
DiboxPK68gQwqL5y-qTlQ26PhiAUyBx2Wh4yjujxC4F7eQ9LleKTYw==
arstechnica_war-stories-c-and-c-tiberian-sun.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1551193450/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1551193450/arstechnica_war-stories-c-and-c-tiberian-sun.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
27348ba4b98bd80f1038496ec5dea6ad865680540058fb085b8ca199b8aaf4c5
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Sat, 07 Oct 2023 06:17:23 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
1059881
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
19022
Last-Modified
Thu, 20 Jan 2022 21:51:41 GMT
Server
Cloudinary
ETag
"fe52b9acd391d8bee8de15a0f429b377"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
3F77IUvr5lvvcXy5iXO4enMFGgonvJ3Dq3jgNGKdXpETf73irtX0_Q==
arstechnica_war-stories-blade-runner-skinjobs-voxels-and-future-noir.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1550244434/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1550244434/arstechnica_war-stories-blade-runner-skinjobs-voxels-and-future-noir.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
8b72952d3fd656ee6594f0d9735d928113ad1d590705b14f77abf75f1d4d5d69
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:50:22 GMT
x-content-type-options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
168702
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
18172
Last-Modified
Thu, 20 Jan 2022 21:51:40 GMT
Server
cloudflare
ETag
"32f1b8954559c8d598e9861f5b8360b9"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8178f31aca492099-IAD
timing-allow-origin
*
X-Amz-Cf-Id
JG_Whe3ver60lvi6IiRCBFMBfWxavlf45yyIlYEbU1cj-3l3WOjZAA==
arstechnica_war-stories-dead-space-the-drag-tentacle.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/arstechnica_war-stories-dead-space-the-drag-tentacle.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 21 Sep 2023 12:55:55 GMT
Strict-Transport-Security
max-age=604800
x-content-type-options
nosniff
Via
1.1 19a26748942db0d3fcb162b26019f692.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
2418369
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
7393
Last-Modified
Thu, 20 Jan 2022 21:51:41 GMT
Server
cloudflare
ETag
"17a6e4b5eb75eb12f5d8c89eb3d0ace8"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
80a277185c128017-IAD
timing-allow-origin
*
X-Amz-Cf-Id
pIXn0VYndBM8ZAOZqS9XXhNXwJea1XeB2d926LREsaIjNGyLn0S8cA==
arstechnica_teach-the-controversy-flat-earthers.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/arstechnica_teach-the-controversy-flat-earthers.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:44:39 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169045
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
10595
Last-Modified
Thu, 20 Jan 2022 21:52:14 GMT
Server
cloudflare
ETag
"6c0c4f8a9d61ed2b5863a8058c624a37"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
8174655349cd0a81-IAD
timing-allow-origin
*
X-Amz-Cf-Id
oBnGc9nFI1LYCdpWYGzKjowR3arD_tsCiqq5xjL2HXesEoe31uy3XA==
arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:39:39 GMT
x-content-type-options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169345
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
12509
Last-Modified
Thu, 20 Jan 2022 21:52:14 GMT
Server
cloudflare
ETag
"b9c502ffc902b60d0eb13698b37a945d"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
817465535cb9825c-IAD
timing-allow-origin
*
X-Amz-Cf-Id
6feQMzWObfLYz48ZzU3qFnvOZvfFBgPexL57j9KgIttccJpnL0CS_w==
arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Wed, 20 Sep 2023 07:56:52 GMT
Strict-Transport-Security
max-age=604800
x-content-type-options
nosniff
Via
1.1 19a26748942db0d3fcb162b26019f692.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
2522712
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
7181
Last-Modified
Thu, 20 Jan 2022 21:52:14 GMT
Server
cloudflare
ETag
"0549828edcecd339d8d10ebe6119de70"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
809883ab4f1f3b92-IAD
timing-allow-origin
*
X-Amz-Cf-Id
HYHM_HWDOX6dwMYrjki4yUraWPYnjC61dzmDQ_wlLR2ZezSZ2NIwoQ==
arstechnica_apollo-mission-episode-1.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/arstechnica_apollo-mission-episode-1.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 13:45:03 GMT
x-content-type-options
nosniff
Via
1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169021
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
14040
Last-Modified
Thu, 20 Jan 2022 21:52:14 GMT
Server
cloudflare
ETag
"ecc047c6eed3dc571a78eab647201220"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
817465537d5e57a8-IAD
timing-allow-origin
*
X-Amz-Cf-Id
M2JtS50n0RCQGhZB3V5uEWhM0bzlgCo3cx46fc5h4uEg_sUT_2bSVA==
arstechnica_richard-garriot-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/arstechnica_richard-garriot-war-stories.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
Cloudinary /
Resource Hash
4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Tue, 17 Oct 2023 13:39:02 GMT
Strict-Transport-Security
max-age=604800
X-Content-Type-Options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
169382
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
13885
Last-Modified
Thu, 20 Jan 2022 21:51:41 GMT
Server
Cloudinary
ETag
"13d45a1733ad4d2f3ae707584d6a8a32"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
E--TlxGflbrS2e8R08HRMzuhcFhGm0b_tpwo1bh4nSW5wieDRgxRFQ==
n
elsa.memoinsights.com/ 		370 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://elsa.memoinsights.com/n?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&author%5B%5D=Dan%20Goodin&title=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&date=2023-10-19T04%3A50%3A35Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cb=MEMO.API.callbacks.cbegryjdn&v=v3.0.6
Requested by
Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.7.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-7-21.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
3be54a481bb2b757b47e150fc79a02a059aaa6e36cba8760393eb880f6e90a3a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64, Sec-CH-UA-Form-Factor
server
istio-envoy
content-type
application/javascript
x-envoy-upstream-service-time
1
Connection
keep-alive
Content-Length
254
truncated
/ 		408 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
andoncord
assoc-na.associates-amazon.com/onetag/ 		16 B
411 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assoc-na.associates-amazon.com/onetag/andoncord
Requested by
Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.215.141.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-215-141-48.compute-1.amazonaws.com
Software
Server /
Resource Hash
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:04 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
2M5X2YPNG19AJT5FHX80
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://arstechnica.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
16
id
dpm.demdex.net/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1697719323695
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
5a0a42cc00aba71ce04f0c7f8dee65574ff78b9ae7947d2f496f65143b0791f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-va6-2-v051-028d79f89.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
RZABjfseROg=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://arstechnica.com
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2258
Expires
Thu, 01 Jan 1970 00:00:00 UTC
quant.js
secure.quantserve.com/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.184.68.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
ba34abe5f7db9bccc4e96465f09ab91bf5393f22dd0acfc2c0e304dd3d94e66a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
content-encoding
gzip
etag
"0nVqEbFaTM2zzuiWgn9NwQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Thu, 26 Oct 2023 12:42:04 GMT
uwt.js
static.ads-twitter.com/ 		0
0
spm.v1.min.js
ak.sail-horizon.com/spm/ 		98 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-15.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8ed1c626af66981552aac1e9cd693fb3bbf73411f1af5ad340723545258fab7e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:37:02 GMT
content-encoding
gzip
via
1.1 98e30e5953336545df428a8f5923a288.cloudfront.net (CloudFront)
last-modified
Tue, 29 Aug 2023 21:44:22 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3
age
303
x-amz-server-side-encryption
AES256
etag
W/"edee28fbd3a5c9f3c17e0333554b5646"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=600; must-revalidate
x-amz-cf-id
PmZb4iZsT4z9SMOslHjx7GIlZdeA1KgIqbwWx0ZZ9rwHK7A37c6G-Q==
57
a.ad.gt/api/v1/u/matches/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/u/matches/57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eea4a5de2351219ceacf15d816ef70c890585b2e25729ba7911f150c2fb88a51

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 19 Oct 2023 12:40:29 GMT
server
cloudflare
age
95
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cross-origin-resource-policy
cross-origin
cf-ray
8189194fce2a36a9-YYZ
insight.min.js
snap.licdn.com/li.lms-analytics/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.218.181 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-218-218-181.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b4a73e79ac953f25e7800b5ca583552229ce52f3a8c9dad31ee9da427ffa614e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 19 Oct 2023 05:46:58 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=61505
accept-ranges
bytes
content-length
3855
fbevents.js
connect.facebook.net/en_US/ 		198 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 19 Oct 2023 12:42:05 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
53498
x-xss-protection
0
pragma
public
x-fb-debug
361deqP2ljavDqF7xrmxczzSMthqyQW6zEcMdwnYy9qjO+KE6Mdo0uIOaledUXFWjfx8maCiqzFQB9Jsb2J+yA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
hotjar-1632543.js
static.hotjar.com/c/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1632543.js?sv=6
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.41.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-41-58.iad55.r.cloudfront.net
Software
/
Resource Hash
e3886b2769494260bb98efc1eea9c946aeccf0b621f2f0f76344570966326b81
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 19 Oct 2023 12:41:07 GMT
via
1.1 7d30b02170e051a5fc315a8f4ba8c20c.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD55-P1
age
57
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/f2ccf67db837065c468356184a64b796
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
Nb2Hp8f5WFLV0i4w4F0OYA2FVpL_fqPKF7Z-xkGYns4IlXq5XdT_Bg==
events.js
analytics.tiktok.com/i18n/pixel/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1IQID9FKFK1PHD4UBH0&lib=ttq
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.108 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ab89541cfb97766e460a78f75f45354100a1fadf714326459ed5f41f7d82527e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-akamai-request-id
1d992dcf
date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a23-195-36-76.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0-51618102) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=11
content-length
1332
pragma
no-cache
server
nginx
x-tt-logid
20231019124205E65C8E93DDDF57D58A7D
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
11,23.195.36.76
x-tt-trace-host
01037a650ecd9031ed2a58a27efccdf5f9864616c2eae2c00843044a0cb118a9d6566902fdd572fe7c57dc963e0e819e54ca9f7b0816a08f33cef5415dd00e4f20ff89bf7a5b28b898a6541240508c3c3992a6032958c202ff22338f326171a3f2
expires
Thu, 19 Oct 2023 12:42:05 GMT
condenast_eujdmc753_arstechnica.js
cdn-magiclinks.trackonomics.net/client/static/v2/ 		116 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-96.iad61.r.cloudfront.net
Software
Apache/2.4.34 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.8 /
Resource Hash
283bdcc958d36a7b9cb03a02286e5371f54c33ddb64b391237b0fe65e5cc846b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 06:21:06 GMT
content-encoding
gzip
via
1.1 58de144297b2ef277d1d9fd26ad452dc.cloudfront.net (CloudFront)
last-modified
Tue, 05 Sep 2023 07:43:04 GMT
server
Apache/2.4.34 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.8
x-amz-cf-pop
IAD61-P2
age
22866
etag
W/"1d0e5-60497c6ed4178"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
access-control-allow-origin
*
x-amz-cf-id
2BypKLOvSvoXfIbKUwwJnQkJguEexh1SGMz-VbaHBG3voXY8y0rCuQ==
obtp.js
amplify.outbrain.com/cp/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.93 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-93.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e4c2d3a0af818330c7894d4b6aca390ae9ffdc82dfdc0aed04ba497724ef4dfb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:06 GMT
Content-Encoding
gzip
Last-Modified
Sun, 15 Oct 2023 11:50:59 GMT
Server
AkamaiNetStorage
ETag
"dfb6f6d5d58461b23f35ce5a0b680ab9:1697371201.69772"
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-RG
NA
Cache-Control
max-age=1200
X-CC
CA
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7443
Expires
Thu, 19 Oct 2023 13:02:06 GMT
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 12:42:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
59310
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
c36a75b2-f01e-014c-63fb-b459ac000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8189194d3b5b39dd-YYZ
sync
pippio.com/api/
Redirect Chain
  • https://idsync.rlcdn.com/709387.gif?partner_uid=undefined&gtmcb=2085460807
  • https://idsync.rlcdn.com/1000.gif?memo=CIumKxIVChEIARCFvQkaCXVuZGVmaW5lZBAAGg0IoMjEqQYSBQjoBxAAQgBKAA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=f05e7c1e284e94d742f973e0684d9be6051c26a07c9c33816e2de758d0f46eda791426b5417dce21&_=2
0
0
datadog-logs-v4.js
www.datadoghq-browser-agent.com/ 		0
0
3035
config.aps.amazon-adsystem.com/configs/ 		505 B
781 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/3035
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.191.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-191-57.iad89.r.cloudfront.net
Software
CloudFront /
Resource Hash
9b2b8bc1e7b5aab489d0d1b7cbb57ff43e390e42b098d83620f0e7a60db19c43

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:24:00 GMT
via
1.1 8ba3a4becb51f8eb807e5e3697846e1a.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
IAD89-C2
age
1092
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
505
x-amz-cf-id
65AIjWfZF6Vd3u8_xF8NeWHP7mb_wwdxbZa5PN9p5nEC7Nvg4uK5QA==
config
c.amazon-adsystem.com/cdn/prod/ 		321 B
676 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3035&u=https%3A%2F%2Farstechnica.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.53.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-53-102.iad55.r.cloudfront.net
Software
Server /
Resource Hash
b6219572ff2614c0f7b38815e5f2d8bac96c758d0e455152d2afd7f417395dc4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 11:19:44 GMT
via
1.1 9a7c700290cf80b3334e7dcd07bfe44a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
IAD55-P2
age
4939
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://arstechnica.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
321
x-amz-cf-id
cMOitDl0tIcpQT0EPlLMVBGOGj_R0Cp7V8w4zrJ2mbbm7kafrHwD2w==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.53.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-53-102.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 23:20:22 GMT
x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 96cac0ffcf3fb8fed4b2230b5bdeca6c.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD55-P2
age
48102
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
Ix7B-3XdzRXBu8LvYs3qGy1aC0xSN01xONYZ5lseQUPIrdqaEA2lQw==
pub
pixel.adsafeprotected.com/services/ 		363 B
596 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=931565&slot=%7Bid:_out_of_page_0,ss:%5B1.1%5D,p:3379/conde.ars/interstitial/security/article/1,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=72b22cfd-98f2-bcfd-5a98-05b313bc72e9&url=https%253A%252F%252Farstechnica.com%252Fsecurity%252F2023%252F10%252Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%252F
Requested by
Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.23.9.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-9-104.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5e5f2844e7d1b5f3338f63bd71a5cea4ac63c9df5beb6cb76a8e0b79958f556e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
server
nginx
x-server-name
app12.va.303net.net
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 19 Oct 2023 11:56:42 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
2730
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 19 Oct 2023 13:56:42 GMT
i.js
tag.bounceexchange.com/2806/ 		0
0
pxid
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/v2.0/ 		0
0
getuidj
ib.adnxs.com/ 		0
0
embed-api.json
player.cnevids.com/ 		11 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://player.cnevids.com/embed-api.json?videoId=60abade4dc31e5375248cba6&embedLocation=arstechnica
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.208.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-208-51.iad66.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
73fe14fa5a76b1f55d999d6173147ae0b1c71162cc04bc81646f1bed835b2774
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:39:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Via
1.1 65a9dfba94b72916e09740a3c4fd79ba.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
IAD66-C1
Age
128
X-Cache
Hit from cloudfront
Status
200 OK
Connection
keep-alive
Content-Length
3806
X-XSS-Protection
1; mode=block
X-Request-Id
4bfbd1d7-dbe6-47a1-88b4-04fa7c87eff2
X-Runtime
0.017270
X-Backend-Node
10.110.13.189
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"034c81e48cef5f7b0b0f9d066e5d44b7"
X-Download-Options
noopen
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
max-age=300, public
Vary
Origin,Accept-Encoding
X-Amz-Cf-Id
r0XWmahFBNyRTHDzLCBIJptaSqLcBAHdB8RB5FJAFVcj_OoAfrfv7A==
5f332e3f-53f7-41ce-bfbe-1d52f2b3a978
https://arstechnica.com/ 		529 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://arstechnica.com/5f332e3f-53f7-41ce-bfbe-1d52f2b3a978
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
574e672fde70ecc8ae2056445db161deeff93a0a8da82fdf4f8874faeedfe17b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length
541375
Content-Type
dest5.html
condenast.demdex.net/ Frame BE70 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://condenast.demdex.net/dest5.html?d_nsid=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.107.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-107-207.compute-1.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-va6-2-v051-06f4cd915.edge-va6.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
NScFutaaQG0=
content-encoding
gzip
date
Thu, 19 Oct 2023 12:42:19 GMT
last-modified
Mon, 9 Oct 2023 09:52:24 GMT
vary
accept-encoding
id
sstats.arstechnica.com/ 		0
0
ibs:dpid=411&dpuuid=ZTEkHQAAALZE5wN_
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=34431699753981877840035079370966194637
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZTEkHQAAALZE5wN_
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZTEkHQAAALZE5wN_
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0b81ca64e.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
W/W1SQjIQ6I=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZTEkHQAAALZE5wN_
Date
Thu, 19 Oct 2023 12:42:05 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
cfe99901-870a-41f0-b9af-8a9149f7f4b9
https://arstechnica.com/ 		529 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://arstechnica.com/cfe99901-870a-41f0-b9af-8a9149f7f4b9
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
574e672fde70ecc8ae2056445db161deeff93a0a8da82fdf4f8874faeedfe17b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length
541375
Content-Type
v2
mb.moatads.com/yi/ 		528 B
708 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2Ba%24%3D!!t%2BxBk_lLgxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7B%2CNr1U*%26ujMUU9%3C%24kBjqI&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-S4SpS2PucglBbk5475S6XrSoK4rogWbxm7rLGdl3vY3c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-iHtHGE5B1zA1OQ%3D%3D&sc=1&os=1-sg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=420&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pcode=condenastprebidheader987326845656&rx=192376166760&callback=MoatNadoAllJsonpRequest_14059005
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
150.230.189.108 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
96bb200e5c55d4270594127059818cd6af60cc4b4e7a981b2168bbd7d5bf4d45

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:05 GMT
server
istio-envoy
etag
"c67d2d278396139d9e7394e8a4f693081519634d"
content-type
text/html; charset=UTF-8
cache-control
max-age=900
x-envoy-upstream-service-time
21
timing-allow-origin
*
content-length
528
geoip
permutive.arstechnica.com/v2.0/ 		277 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
a29534efb33ef6d5114d37c47cdf1a2e164dc7b8903a5dfed315f87f2d974d87

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
181
watson
permutive.arstechnica.com/v2.0/ 		483 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/watson?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
fcc123da3f9e6bae17bdf90095e0195a633a56fb312a49eaad731594b6f073dc

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
287
p.js
fpa-cdn.arstechnica.com/keys/arstechnica.com/ 		59 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fpa-cdn.arstechnica.com/keys/arstechnica.com/p.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-98.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5586480e5225277b5f2e77380b3053e91caa8df369856d1251e32e9d92a07534

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 10:17:41 GMT
content-encoding
gzip
via
1.1 3c324ded5bb9b770378ef373690c8a34.cloudfront.net (CloudFront)
last-modified
Fri, 03 Mar 2023 15:20:46 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P1
age
8665
x-amz-server-side-encryption
AES256
etag
W/"173355d553329e44867cd1301ab501fb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
kMMNVAWw4XXWMv1ZqfEBkG-G5ksKzAPkuJwvtDri-Hm1MGM_aTzp8Q==
ars-technica.config.js
pixel.condenastdigital.com/config/v2/production/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.condenastdigital.com/config/v2/production/ars-technica.config.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
86b1750ac3fa82df8295e51912887cc0f10833802b17dc1f76a31293f7ecf049

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Expires
Wed, 20 Sep 2023 16:27:58 GMT
Date
Thu, 19 Oct 2023 12:42:06 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
x-amz-request-id
N1QAHYT900WD983N
Age
185994
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
1280
x-amz-id-2
5jRZjcnMKRTZmg9mU0aejAz0i/fgIO5aB6fw7Y8K8gci6Qz3GrO93sIq4b0tw3XMO5jbgRKVJnk=
X-Served-By
cache-iad-kiad7000098-IAD, cache-yyz4577-YYZ
Last-Modified
Thu, 15 Sep 2022 08:26:17 GMT
Server
AmazonS3
X-Timer
S1697719326.042380,VS0,VE0
ETag
"eb5a28e1cf7fe168b5057e3c330a277e"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, public, max-age=604800
Accept-Ranges
bytes
X-Cache-Hits
242886, 29
userx.20231008-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/userx.20231008-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3be1c5accaf59e8f4ba7cbbdb13f620eea31260f857451281d80691de0a2dcc3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
_rS5vcwgoVCIqdOdAWQQbBl9kb.Bt4vj
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:04 GMT
x-amz-request-id
6EXSPNHDV6SDJBEY
age
712754
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
5398
x-amz-id-2
ueG2rtrae5UR7pwOArZ6Oc9ZmvL2RxioWBagw0ofCwDHlsn3Dpmn1TJZUkICv75WFgwnOK/DZgg=
x-served-by
cache-yyz4525-YYZ
last-modified
Tue, 10 Oct 2023 06:57:46 GMT
server
AmazonS3
x-timer
S1697719324.068179,VS0,VE0
etag
"f8f2b1d6adf22769cef25f77f4bd80d7"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
81
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
30
distance-from-article.20231008-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/distance-from-article.20231008-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
71cc4ff8851d65820ed52b4e9f526a84316368443b8f63f0cb12d57fbc183bb1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
CuhiDzHUIPiiIq8AyIHFl9Fh2LEOsd8z
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:04 GMT
x-amz-request-id
XZR6FT5113NJ48S2
age
797606
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1131
x-amz-id-2
/+gdgFKYKTl9PdN0WpRePZJXp2DCBaJCx0FJKLwz31vreeSnnlJqRaixExz5/BTWI01b+n04kRs=
x-served-by
cache-yyz4525-YYZ
last-modified
Tue, 10 Oct 2023 06:57:13 GMT
server
AmazonS3
x-timer
S1697719324.068524,VS0,VE0
etag
"0fced82cba955ab01d483f6ef35ab2e7"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
52
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
3243
article-detection.20231008-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/article-detection.20231008-7-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
662c50a307f00e6285b0921fc4d9cd47b3a4818134bd948a1fbd68898e2fb113

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
RlDyI8JpkF_4.6TR2QjLuz22WzX5BfNz
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:04 GMT
x-amz-request-id
XZR7QS56TAEDZVEQ
age
797606
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1291
x-amz-id-2
xoiJPyKJaCZHqJ5bMvWMRyjkGAWIvc+LulUNTyz2yyarXWvISiiMuvuII7LXiB6HL3jwReqFa8g=
x-served-by
cache-yyz4525-YYZ
last-modified
Tue, 10 Oct 2023 06:57:06 GMT
server
AmazonS3
x-timer
S1697719324.068752,VS0,VE0
etag
"95e51376965afcc9294ef7cd5bcd656c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
67
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
3248
abtests
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 		0
506 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/abtests?route=US:CH:V&tvi48=11657&tvi50=10882&lti=block-clicks-recurring-click-200_ctrl&ri=e98e5ebe2aabe7565d0105e03efee5d8&sd=v2_17e087eccfea6bdb1dcdd4a19d30ea9d_6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b_1697719323_1697719323_CNawjgYQ1O1cGOKW1L-0MSABKAEwJjiJ6AdAsvEHSOzZ2ANQ____________AVgAYABo6M-UzoD43eJUcAE&ui=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&pi=/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&wi=-6957810810529006185&pt=text&vi=1697719323490&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1697719324052%7D&tim=05%3A42%3A04.052&id=435&llvl=2&cv=20231008-7-RELEASE&
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.124.48 Chicago, United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
1dfc40bb-d155-4f15-970e-99450dbfa0e2-models.bin
cdn.permutive.com/models/v2/ 		352 KB
240 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.permutive.com/models/v2/1dfc40bb-d155-4f15-970e-99450dbfa0e2-models.bin
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.118.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33df84feb984549e7bd1a9bbc0acc1a6dc524aefcd9cc856501a60ae85879cab

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
cf-cache-status
HIT
x-goog-meta-oid
bd1cec50-00d1-4ce9-9572-785857419a1e
age
0
x-guploader-uploadid
ADPycdsdbycbKASbs8GdO7KcdQNklgKF1f_9p89ek3X1cV96LR9J6V_haPdFF5NCCZqKOgivcGPzbymWbjcgKh6VaQor9g
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
244439
last-modified
Thu, 19 Oct 2023 11:16:37 GMT
server
cloudflare
etag
"a697dd564b2d70b28f77831ffcee953a"
vary
Accept-Encoding
x-goog-generation
1697714197761517
content-type
application/x-binary
access-control-allow-origin
*
x-goog-hash
crc32c=OU8+dg==, md5=ppfdVkstcLKPd4Mf/O6VOg==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=900, no-transform
x-goog-stored-content-length
244439
accept-ranges
bytes
timing-allow-origin
*
cf-ray
818919579f6a3a08-YYZ
expires
Thu, 19 Oct 2023 12:26:00 GMT
onetag
assoc-na.associates-amazon.com/ 		64 B
459 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assoc-na.associates-amazon.com/onetag?src=330&pj=%7B%22tracking_id%22%3A%22arstech20-20%22%2C%22assocPayloadId%22%3Anull%2C%22refUrl%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%7D&u=https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Requested by
Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.215.141.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-215-141-48.compute-1.amazonaws.com
Software
Server /
Resource Hash
1810f8a252d6e1a2607005d866ce5dd13a67e1b9a5953c0beeb928ba76a015de
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:04 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
N08WGMWKJC2CJ7BP0B67
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://arstechnica.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
64
rules-p-Jjy-Cyr1NZGRz.js
rules.quantcount.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-Jjy-Cyr1NZGRz.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-82.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7695901c26dfebbe9889ed6a8362cd275b8077bda6e6ecd44e0eb88aa838d8c2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:06:35 GMT
content-encoding
gzip
via
1.1 51391527dd8c879c45b44b119905c872.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C3
age
2131
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Thu, 13 Oct 2022 22:49:44 GMT
server
AmazonS3
etag
W/"81518a8793c3225187fb5508635dec52"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-id
vaU-4nB7vFDr5wtYFiEJEmea8-UQ0gLHXD-IIndBYDgNvPn4ysVBiQ==
supply-feature
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 		0
505 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/supply-feature?route=US:CH:V&tvi48=11657&tvi50=10882&lti=block-clicks-recurring-click-200_ctrl&ri=e98e5ebe2aabe7565d0105e03efee5d8&sd=v2_17e087eccfea6bdb1dcdd4a19d30ea9d_6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b_1697719323_1697719323_CNawjgYQ1O1cGOKW1L-0MSABKAEwJjiJ6AdAsvEHSOzZ2ANQ____________AVgAYABo6M-UzoD43eJUcAE&ui=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&pi=/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&wi=-6957810810529006185&pt=text&vi=1697719323490&d=%7B%22event_type%22%3A%22distance_from_article%22%2C%22event_state%22%3A%22reported%22%2C%22event_value%22%3A%221465.203125%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=05%3A42%3A04.102&id=5556&llvl=2&cv=20231008-7-RELEASE&
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.124.48 Chicago, United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
9b859a12730bcd8588dd5e5a201497c20396dac557d2
planebasin.com/post/dd27c0af/ 		286 B
801 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://planebasin.com/post/dd27c0af/9b859a12730bcd8588dd5e5a201497c20396dac557d2
Requested by
Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.134.78 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.134.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3a3f0908e778b7103ee9988a911a64da973c8aaee07be2745b8dbbe497bee422
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Thu, 19 Oct 2023 12:42:04 GMT
via
1.1 google
x-buildnumber
1033761249
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
286
x-datacenter
gce-us-central1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://arstechnica.com
x-hostname
fen-hoothoot-us-central1-spot-s964
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires
Thu, 19 Oct 2023 12:42:03 GMT
05719fb2f4c0e29a635583db1132a33e5a850d6596
planebasin.com/2a6fcf5703/ 		3 B
73 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://planebasin.com/2a6fcf5703/05719fb2f4c0e29a635583db1132a33e5a850d6596
Requested by
Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.134.78 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.134.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Thu, 19 Oct 2023 12:42:04 GMT
via
1.1 google
x-buildnumber
1033761249
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
x-datacenter
gce-us-central1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://arstechnica.com
x-hostname
fen-hoothoot-us-central1-spot-s964
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
segment
permutive.arstechnica.com/adv/v2/ 		14 B
78 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/adv/v2/segment?new-session=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:04 GMT
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14
content-type
application/json
sync
googlesync.permutive.com/v2.0/px/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm&type=ddp&k=3c5b06e3-9636-482d-9481-33025da5def5&u=0d0f53e2-8056-4315-afc6-5d135b997184
  • https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEBZ_KgDpXdPtH8Ab5Jvjqx0&error=&type=ddp&k=3c5b06e3-9636-482d-9481-33025da5def5&u=0d0f53e2-8056-4315-afc6-5d135b997184&google_cver=1
35 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEBZ_KgDpXdPtH8Ab5Jvjqx0&error=&type=ddp&k=3c5b06e3-9636-482d-9481-33025da5def5&u=0d0f53e2-8056-4315-afc6-5d135b997184&google_cver=1
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:06 GMT
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
vary
Origin
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEBZ_KgDpXdPtH8Ab5Jvjqx0&error=&type=ddp&k=3c5b06e3-9636-482d-9481-33025da5def5&u=0d0f53e2-8056-4315-afc6-5d135b997184&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
404
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		9 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3841502741835802&correlator=1648096346750438&hxva=1&scor=1055876503603680&eid=31079032%2C31078933&output=ldjh&gdfp_req=1&vrg=202310180101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=3379%2Cconde.ars%2Cinterstitial%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=1x1&ifi=1&didk=3762192304&sfv=1-0-40&ists=1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1697719324469&lmt=1697744524&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&vis=1&psz=1600x0&msz=1600x0&fws=4&ohw=1600&ga_vid=1498663598.1697719324&ga_sid=1697719324&ga_hid=1279237386&ga_fc=false&dlt=1697719323008&idt=706&prev_scp=pos%3Dinterstitial%26ctx_slot_type%3Dout_of_page%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dout_of_page_0%26slot_name%3Dinterstitial_1%26id%3De7edb76c-6e7c-11ee-a90e-0228b59eedc5&cust_params=permutive%3Drts%26prmtvvid%3D90d1defc-7ad3-430d-822c-01dafd1bd9af%26prmtvwid%3D1dfc40bb-d155-4f15-970e-99450dbfa0e2%26env_device_type%3Ddesktop%26ctx_template%3Darticle%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26env_server%3Dproduction%26ctx_cns_version%3D6.72.17%26ctx_page_slug%3Dgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%26cnt_tags%3Dgoogle-2%252Cmalvertising%252Cmalware%252Cpunycode%26cnt_platform%3Dwordpress%26cnt_copilotid%3D%26pageview_id%3D4070980938%26usr_bkt_eva%3D100%26usr_bkt_ses%3D57%26usr_bkt_pv%3D52%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dnone%26usr_auth%3Dfalse%26vnd_prx_segments%3D112200%252C112222%252C117700%252C117736%252C120000%252C121100%252C131100%252C131127%252C230004%252C230014%252C603525%252C230000%252C300003%252C210002%252C240002%252C240003%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240017%252C240015%252C240016%252C240018%252C240019%252C9lt9vf%26amznbid%3D0%26amznp%3D0%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3D%26m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting%26puid%3D0d0f53e2-8056-4315-afc6-5d135b997184%26ptime%3D1697719324012%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_3006647_PG%252CIAS_11733_KW%252CIAS_1506339_PG%252CIAS_1507080_PG%252CIAS_14113_KW%252CIAS_9283_KW%252CIAS_2644_KW%252CIAS_1507654_PG%26prmtvsdk%3Dweb%26prmtvsid%3Deb6dc643-5d9a-453e-ad5a-5c6f742d88ea&adks=3527177383&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
334716b81549047b3b1b3de61ed8a2c8b96e1fc766526c269196b8c0115404ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4270
x-xss-protection
0
google-lineitem-id
6194187599
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138418609128
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4FFA 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f132.1e100.net
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 19 Oct 2023 12:42:04 GMT
expires
Fri, 18 Oct 2024 12:42:04 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
ct.pinterest.com/v3/ 		35 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?tid=2613993160362&event=PermutiveSegmentEntry&ed[segment_id]=%229710%22
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
referrer-policy
origin
x-cdn
fastly
content-type
image/gif
access-control-allow-origin
*
pinterest-version
6b5218ade0d05685881b70d3473495bf89d60013
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
3
x-pinterest-rid
1664260225148272
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
tag
a.teads.tv/page/11552/ Frame 4758 		994 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/page/11552/tag
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.205.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-205-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
25724ef372fb2df581dd3797a58b961c46f99eb779991c44807bc2443ae7979c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate, no-store
access-control-allow-credentials
true
content-length
601
expires
0
truncated
/ Frame 4758 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
acf64de073bf7f798638c676b1d17eface8798072d62c3791f5f0b553cfa8de6

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 4758 		0
29 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv-Y46J_X_7guXC3U4QNzfmcwcl9Wz3NHCtRlRt3-qWJo5sI2_jP_8ar1Tm5Xef5BG1E_XCH5b85b94wS-KesvDI9RWQn2oOYu-orrQKCz9j8prBy7kNUZ9_OYO0vb9qB8ML9O8xjvRFvoiq6JiLLXf6T_LQ4xr0Olh95UKP8D4Y0LDRv1gCzgU0vAqpzdNJyFL-2hn80ZN4Rs0G7Gc8DOAPjY451vs6blWAq63tXJ-76cOhhnIa-coSJN7P0NmAvjQbiJAOBwaZ11SzegBNfUGOvvt9lZhXEDeAmUatKV0BLhcXmtl1Y_A_CnUv-HO-cCrwtSaxcRwJtud27FSoKBeYm6jb-Huh7qRab9EYmk&sai=AMfl-YRALAE3R70m6KanlBjQA1lVdo4Q1dLbijziXyWq0Tp2Ohh6uqWdf-KGHspnQrxEVLIcUNKgXJet36U8h-JLseascf_EfZ99R1pfzAuQdFHpnqGHHSqth5Dk3WL6BMCxf0VTQhi1bvni48kMEMQe&sig=Cg0ArKJSzCYnoFce-21oEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 19 Oct 2023 12:42:04 GMT
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.80991775.Campaign%20ID.3133317359.Line%20Item%20ID.6194187599
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.184.68.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
simple
api.sail-personalize.com/v1/personalize/ 		288 B
495 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by
Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa7557bb34ea5624b.awsglobalaccelerator.com
Software
/
Resource Hash
5f677ea65dbfaac4bdbb14f565649e0ffc6b657f4f9a92a5ee10e4e60a3ca9b2

Request headers

x-lib-version
v1.0.1
accept-language
en-CA,en;q=0.9
authorization
Bearer 96cc6d73eeadca5c51a196378f9bf3d1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
application/json
accept
application/json
Referer
https://arstechnica.com/
x-referring-url
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
allowedorigins
*
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
allowedmethods
GET,OPTIONS
cache-control
no-store
access-control-allow-credentials
true
allowedheaders
Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length
194
expires
-1
simple
api.sail-personalize.com/v1/personalize/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa7557bb34ea5624b.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method
GET
Origin
https://arstechnica.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods
OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin
https://arstechnica.com
access-control-max-age
1800
allow
HEAD,GET,OPTIONS
content-length
18
content-type
text/plain
date
Thu, 19 Oct 2023 12:42:05 GMT
hadron.js
cdn.hadronid.net/ 		55 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.hadronid.net/hadron.js?partner_id=57&sync=1&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/57
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.52.173 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ee69abe38a87fd8aa0867401e1e14d2831eab6dfb1bb2d97abf65ac57cb5705

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 07 Sep 2023 17:31:32 GMT
server
cloudflare
x-amz-request-id
907Z07N0H4YQRTZE
age
3652
etag
W/"8bbf05f440008747d4df642e30fc4ddc"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
cf-ray
818919612f050f80-EWR
x-amz-id-2
FTX4uTVOoCJnlfZvtg3cS2GHfBFAI/wkwGXMvvfwDzP+hX8bS7Tqr3U+IhvV3h140Zc4iKtAHTg=
57
p.ad.gt/api/v1/p/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.ad.gt/api/v1/p/57
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/57
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.4.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f643b3d50f4f99b00fb602af9831e3f02768cf3f8a2fbee3d183c7373dd20cee

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 19 Oct 2023 12:41:27 GMT
server
cloudflare
age
39
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cf-ray
81891960496239fb-YYZ
match
ids.ad.gt/api/v1/
Redirect Chain
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&adnxs_id=$UID&gdpr=0
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26adnxs_id%3D%24UID%26gdpr%3D0
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&adnxs_id=2587657505101497831&gdpr=0
43 B
170 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&adnxs_id=2587657505101497831&gdpr=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891963ea610fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:07 GMT
an-x-request-uuid
2f666646-1a19-4c5e-8825-6d6f18e7084c
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&adnxs_id=2587657505101497831&gdpr=0
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
t_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001697719325-1FM99NM9-7HUZ&gdpr=0
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001697719325-1FM99NM9-7HUZ&gdpr=0
  • https://ids.ad.gt/api/v1/t_match?tdid=f9a8042c-c9a0-4948-ac45-f91d636ac944&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/t_match?tdid=f9a8042c-c9a0-4948-ac45-f91d636ac944&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891967ce040fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

location
https://ids.ad.gt/api/v1/t_match?tdid=f9a8042c-c9a0-4948-ac45-f91d636ac944&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
date
Thu, 19 Oct 2023 12:42:07 GMT
server
Kestrel
content-length
259
pbm_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001697719325-1FM99NM9-7HUZ
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001697719325-1FM99NM9-7HUZ
  • https://ids.ad.gt/api/v1/pbm_match?pbm=C18A64E5-70A4-44C7-A2DF-1C891A6DCB07&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
43 B
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/pbm_match?pbm=C18A64E5-70A4-44C7-A2DF-1C891A6DCB07&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891964ab000fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

location
https://ids.ad.gt/api/v1/pbm_match?pbm=C18A64E5-70A4-44C7-A2DF-1C891A6DCB07&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
date
Thu, 19 Oct 2023 05:32:26 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
token
token.rubiconproject.com/ 		0
696 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001697719325-1FM99NM9-7HUZ&gdpr=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Expires
0
Pragma
no-cache
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
382e2818ca015d35b02cd449aa60881d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tapad_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001697719325-1FM99NM9-7HUZ&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001697719325...
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001697719325-1FM99NM9-7HUZ&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001697...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=799ee752-e8b5-42ef-94ee-452166b4bfab%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fi...
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=799ee752-e8b5-42ef-94ee-452166b4bfab%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fi...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttd_puid=799ee752-e8b5-42ef-94ee-452166b4bfab%2Chttps%253A%252F%252Fids.ad.gt%252Fap...
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&tapad_id=799ee752-e8b5-42ef-94ee-452166b4bfab
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&tapad_id=799ee752-e8b5-42ef-94ee-452166b4bfab
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
818919682e490fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

date
Thu, 19 Oct 2023 12:42:07 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&tapad_id=799ee752-e8b5-42ef-94ee-452166b4bfab
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
g_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
  • https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&google_gid=CAESECwrHur-0DkHeAqO_x1tikg&google_cver=1&google_ula=450542624,0
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&google_gid=CAESECwrHur-0DkHeAqO_x1tikg&google_cver=1&google_ula=450542624,0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891965fc390fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:07 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&google_gid=CAESECwrHur-0DkHeAqO_x1tikg&google_cver=1&google_ula=450542624,0
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
357
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001697719325-1FM99NM9-7HUZ
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY5NzcxOTMyNS0xRk05OU5NOS03SFVa
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY5NzcxOTMyNS0xRk05OU5NOS03SFVa
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY5NzcxOTMyNS0xRk05OU5NOS03SFVa
date
Thu, 19 Oct 2023 12:42:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891965abe00fa3-EWR
content-type
text/html; charset=utf-8
taboola
ids.ad.gt/api/v1/
Redirect Chain
  • https://trc.taboola.com/sg/audigent/1/cm?redirect=http%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Ftaboola%3Fpartner_uid%3D%3CTUID%3E%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ
  • https://ids.ad.gt/api/v1/taboola?partner_uid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b?id=AU1D-0100-001697719325-1FM99NM9-7HUZ
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/taboola?partner_uid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b?id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
818919661c5e0fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

x-vcl-time-ms
15
date
Thu, 19 Oct 2023 12:42:07 GMT
via
1.1 varnish
x-served-by
cache-yyz4525-YYZ
server
nginx
x-timer
S1697719328.650536,VS0,VE15
x-fastly-to-nlb-rtt
13607
x-cache
MISS
location
https://ids.ad.gt/api/v1/taboola?partner_uid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b?id=AU1D-0100-001697719325-1FM99NM9-7HUZ
accept-ranges
bytes
content-length
0
x-service-version
v1
x-cache-hits
0
ppnt_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
  • https://ids.ad.gt/api/v1/ppnt_match?uid=lnMVtV6triGM&ev=1&pid=562316&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
43 B
118 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/ppnt_match?uid=lnMVtV6triGM&ev=1&pid=562316&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891967ce030fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-CA
location
https://ids.ad.gt/api/v1/ppnt_match?uid=lnMVtV6triGM&ev=1&pid=562316&id=AU1D-0100-001697719325-1FM99NM9-7HUZ
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-cdf9fc9cc-vf7wc
expires
-1
impr_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26impr_uid%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001697719325-1FM99NM9-7HUZ%26impr_uid%3D%7BPUB_USER_ID%7D
  • https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&impr_uid=a9498315-4021-4aa6-aaef-69b30ce42fe2
43 B
118 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&impr_uid=a9498315-4021-4aa6-aaef-69b30ce42fe2
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:15 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
81891998fb990fa3-EWR
content-length
43
content-type
image/gif

Redirect headers

location
https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&impr_uid=a9498315-4021-4aa6-aaef-69b30ce42fe2
access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:15 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
modules.e1dfa7708b9d9a8bea71.js
script.hotjar.com/ 		228 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.e1dfa7708b9d9a8bea71.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1632543.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.191.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-191-77.iad89.r.cloudfront.net
Software
/
Resource Hash
37c5cc6fa83a5392f51d53cba3892630c02c0e02219d88a043db6d530aa64664
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:05:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 48c70f7a0c91fc5e8cb64d6c71ad9826.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C2
age
2222
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56552
last-modified
Thu, 19 Oct 2023 12:04:32 GMT
etag
"6767acf9424d83d0946202b3a45c9012"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
WKs4SMYy4s2K1wZck1G0WlbmVtefd5IieuMZiNCPZODJOlTLgmE2Jw==
events
permutive.arstechnica.com/v2.0/batch/ 		301 B
182 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/batch/events?enrich=false&sdkp=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
36a84ce09efc04ed17bf367a237c1d45dc1373b267aad9ae3951e105b8c224e9

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
bulk
trc.taboola.com/condenast-arstechnica/log/3/ 		0
588 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/condenast-arstechnica/log/3/bulk?tvi48=11657&tvi50=10882&route=US%3ACH%3AV&lti=block-clicks-recurring-click-200_ctrl&bulkSize=1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
15
date
Thu, 19 Oct 2023 12:42:05 GMT
via
1.1 varnish
x-fastly-to-nlb-rtt
13636
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version
v1
x-served-by
cache-yyz4525-YYZ
pragma
no-cache
server
nginx
x-timer
S1697719325.084594,VS0,VE15
content-type
image/gif
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 		254 B
684 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
date
Thu, 19 Oct 2023 12:42:05 GMT
via
1.1 varnish
x-amz-request-id
C4YX393BV63BMCS9
age
18421
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
hJZ9rVKYX0/8YTS367+n1JLWaWxjxwlUGV9luK6w6nrhJtmZXbtiGq/h5BjCJKdhOOZFYFppGpg=
x-served-by
cache-yyz4525-YYZ
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1697719325.099925,VS0,VE0
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
content-type
image/png
abp
77
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
x-cache-hits
1263
pub
pixel.adsafeprotected.com/services/ 		359 B
591 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=931565&slot=%7Bid:post_nav_0,ss:%5B728.90,970.250,9.1,10.1%5D,p:3379/conde.ars/hero/security/article/1,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=72b22cfd-98f2-bcfd-5a98-05b313bc72e9&url=https%253A%252F%252Farstechnica.com%252Fsecurity%252F2023%252F10%252Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%252F
Requested by
Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.23.9.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-9-104.compute-1.amazonaws.com
Software
nginx /
Resource Hash
896de1d40b86a58595ff634e3d933307262227498dbc42a0ce02210834d2a6cf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:05 GMT
server
nginx
x-server-name
app15.va.303net.net
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
pub
pixel.adsafeprotected.com/services/ 		359 B
591 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=931565&slot=%7Bid:siderail_0,ss:%5B300.250,300.600%5D,p:3379/conde.ars/rail/security/article/1,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=72b22cfd-98f2-bcfd-5a98-05b313bc72e9&url=https%253A%252F%252Farstechnica.com%252Fsecurity%252F2023%252F10%252Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%252F
Requested by
Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.23.9.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-9-104.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4a0ee2dfcccb0fd1b13bc8abda03a49eeaf8c11596d58ddfefe02cd907401bc4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:05 GMT
server
nginx
x-server-name
app33.va.303net.net
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
bid
aax.amazon-adsystem.com/e/dtb/ 		0
0
config
prebid.media.net/rtb/prebid/analytics/ 		72 B
340 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid/analytics/config?cid=8CU65UN7R&dn=arstechnica.com
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
becaecc6663d091f14a00c80317ebc9fa3beeab411becf786f6df9f266192a6a

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:04 GMT
via
1.1 google
server
envoy
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://arstechnica.com
cache-control
max-age=900, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 19 Oct 2023 12:57:05 GMT
cdb
bidder.criteo.com/ 		0
194 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.12.0&cb=33488129963&lsavail=1
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
bidder.va1.vip.prod.criteo.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://arstechnica.com
date
Thu, 19 Oct 2023 12:42:05 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
auction
tlx.3lift.com/header/ 		0
0
prebid
prebid.media.net/rtb/ 		0
0
prebid
ib.adnxs.com/ut/v3/ 		0
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		0
0
pbjs
htlb.casalemedia.com/openrtb/ 		0
0
prebidjs
rtb.openx.net/openrtbb/ 		0
0
cdb
bidder.criteo.com/ 		0
193 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.12.0&cb=4726771793&lsavail=1
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
bidder.va1.vip.prod.criteo.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://arstechnica.com
date
Thu, 19 Oct 2023 12:42:05 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ 		0
0
auction
tlx.3lift.com/header/ 		19 B
526 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.12.0&referrer=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&tmax=2000&us_privacy=1---
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.26.15.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-26-15-60.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
accept-ch
sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch
content-type
application/json; charset=utf-8
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebidjs
rtb.openx.net/openrtbb/ 		0
0
pbjs
htlb.casalemedia.com/openrtb/ 		0
0
prebid
ib.adnxs.com/ut/v3/ 		0
0
prebid
prebid.media.net/rtb/ 		0
0
228464857488266
connect.facebook.net/signals/config/ 		374 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/228464857488266?v=2.9.134&r=stable&domain=arstechnica.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
955050ac0db3090907de08d3a6d6959c5570481927c17395ced046318297dbfd
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 19 Oct 2023 12:42:05 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
118378
x-xss-protection
0
pragma
public
x-fb-debug
BFV4oc+kgjPOyBXizrLfEDhbZ7JLM0uwP353AGFAsrCc0Q1qH26xMyWunsf3J1LbaJ/4o9sQO1vL8Ow2T7pIPQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
main.MTEyYzFhMzhjMA.js
analytics.tiktok.com/i18n/pixel/static/ 		370 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTEyYzFhMzhjMA.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1IQID9FKFK1PHD4UBH0&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.108 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
49b93c833617a437b5b14a4e3ac687b49b6920d126dfd7be76bacf546fe63d78

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-akamai-request-id
1d992ecc
date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202310181535363992CE35B3CA74181E54
vary
Accept-Encoding
x-cache
TCP_HIT from a23-195-36-76.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0-51618102) (-)
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
015afc2f0eafa438fb267b2dea49514ffa3e822260837f7f5ca66089fd7d1df9a83a8fdc757720d771dfe7b0e8b68f4d938a96cd7269c76d4cac1f0cf8e56861a28660bf6e63640d6ccc1342f55e0f87ef8f952a26a5c15b790942c7f93e1e155a
server-timing
cdn-cache; desc=HIT, edge; dur=0, inner; dur=5
content-length
100970
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=PageView&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&rl=&if=false&ts=1697719325332&cd[SiteSection]=security&cd[PageTags]=google%7Cmalvertising%7Cmalware%7Cpunycode&cd[Brand]=Pitchfork&sw=1600&sh=1200&v=2.9.134&r=stable&ec=0&o=30&fbp=fb.1.1697719325304.1494258696&ic=fbpixel&cs_est=true&ler=empty&it=1697719325194&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 12:42:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&rl=&if=false&ts=1697719325334&cd[segment_id]=9710&sw=1600&sh=1200&v=2.9.134&r=stable&ec=1&o=30&fbp=fb.1.1697719325304.1494258696&ic=fbpixel&ler=empty&it=1697719325194&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 12:42:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
identify_6291e.js
analytics.tiktok.com/i18n/pixel/static/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_6291e.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTEyYzFhMzhjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.108 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
92e48936531fc7dd51fa4799d53b25be293b2a198bee7b434d269bb2518d709f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-akamai-request-id
1d9931a1
date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202310181535363992CE35B3CA74181E5A
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-195-36-76.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0-51618102) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
0175dc0eed7cc51fe9278611c43ec542b0f44499e7e118ae21fa0b3ce22814ae5a2241eef12eb76d212922cfcb0b0d751ee2458a7af308180e849e7ba63fdc406529364d06c696abd2fcfff8235d6e208c576f6192a85a449b1c7e8f4ab1b974d5
server-timing
cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length
35910
pixel
analytics.tiktok.com/api/v2/ 		0
647 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTEyYzFhMzhjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.108 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1d993295
date
Thu, 19 Oct 2023 12:42:05 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a23-195-36-76.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0-51618102) (-)
server-timing
inner; dur=107, cdn-cache; desc=MISS, edge; dur=4, origin; dur=117
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20231019124205CEE29CAAA138FE650066
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
117,23.195.36.76
x-tt-trace-host
01037a650ecd9031ed2a58a27efccdf5f9864616c2eae2c00843044a0cb118a9d61542f221d5201482a83a9ea921a6cea49876545c70066ce1d29ba3dfb0302b57340e2ad6eb4371fc2d6f14f3ec580fc52ba979c91de4faa8eca9c8af69e94dd4
access-control-allow-headers
Authorization,*
expires
Thu, 19 Oct 2023 12:42:05 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
646 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTEyYzFhMzhjMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.108 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1d99372e
date
Thu, 19 Oct 2023 12:42:05 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a23-195-36-76.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0-51618102) (-)
server-timing
inner; dur=39, cdn-cache; desc=MISS, edge; dur=7, origin; dur=49
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202310191242055A4BBA7B2D3165DFDB11
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
50,23.195.36.76
x-tt-trace-host
01037a650ecd9031ed2a58a27efccdf5f9864616c2eae2c00843044a0cb118a9d614a0d3d13870a7a381179cf62fb9d2c50f9b8c6b4b1e0c8bad4ca7bfdad7c033ff5971691fbee091d517b1f2ddb667e5dfcb32d1df8049d159cf5cb6a3915c94
access-control-allow-headers
Authorization,*
expires
Thu, 19 Oct 2023 12:42:05 GMT
state
permutive.arstechnica.com/v1.0/ 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v1.0/state?fetch_unseen=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
usage
permutive.arstechnica.com/v2.0/tpd/ 		0
36 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/tpd/usage?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:05 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&rl=&if=false&ts=1697719325686&cd[segment_id]=78900&sw=1600&sh=1200&v=2.9.134&r=stable&ec=2&o=30&fbp=fb.1.1697719325304.1494258696&ic=&ler=empty&it=1697719325194&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 12:42:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
p1.parsely.com/plogger/ 		43 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.161.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-161-83.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:08 GMT
Cache-Control
no-cache
Last-Modified
Thursday, 19-Oct-2023 12:42:08 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
/
fpa-events.arstechnica.com/plogger/ 		43 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fpa-events.arstechnica.com/plogger/?rand=1697719326005&plid=a0285560-410b-46c2-9f67-4800b87c3b17&idsite=arstechnica.com&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22parsely%3Ametadata-detection%22%3A%7B%22version%22%3A0%2C%22url%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F%22%2C%22hash%22%3A1585861468%7D%7D&sid=1&surl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&sref=&sts=1697719325995&slts=0&title=Google-hosted+malvertising+leads+to+fake+Keepass+site+that+looks+genuine+%7C+Ars+Technica&date=Thu+Oct+19+2023+05%3A42%3A05+GMT-0700+(Pacific+Daylight+Time)&action=pageview&pvid=308b26ee-d0ad-4423-9bd9-e3ad8fa58da0&u=pid%3D3001b76d-6da9-412f-b8fd-22131c411f5a
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.206.105.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-206-105-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:08 GMT
Cache-Control
no-cache
Last-Modified
Thursday, 19-Oct-2023 12:42:08 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
rtb-h
sync.taboola.com/sg/supershiprtb-display-network/1/ Frame AAD2
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=taboola
  • https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZTEkIcCo8XYAALgU9wkAAAAA
0
374 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZTEkIcCo8XYAALgU9wkAAAAA
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
19296

Redirect headers

X-SO-Cluster-ID
0
Date
Thu, 19 Oct 2023 12:42:10 GMT
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=taboola","cluster_id":0,"gdpr":false,"ipv4":"37.19.212.193","key":"ZTEkIcCo8XYAALgU9wkAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40153"}
X-SO-Key
ZTEkIcCo8XYAALgU9wkAAAAA
Server
nginx
X-SO-Upstream-ID
a-ad40153
P3P
CP="See also http://www.scaleout.jp/privacy/"
Location
https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZTEkIcCo8XYAALgU9wkAAAAA
Cache-Control
private
X-SO-HostName
a-ad40153.dc2p.scaleout.jp
Connection
keep-alive
X-SO-Ads-Time
3
Content-Length
0
X-SO-LB-Hostname
m-tgng18.dc4p.scaleout.jp
X-SO-IP
37.19.212.193
/
sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__&nut&uu=c17a9a0da91544cc85...
  • https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=c17a9a0da91544cc85c52a70b450fe9f
0
364 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=c17a9a0da91544cc85c52a70b450fe9f
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
19296

Redirect headers

location
https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=c17a9a0da91544cc85c52a70b450fe9f
date
Thu, 19 Oct 2023 12:42:09 GMT
content-length
0
sync
ssbsync.smartadserver.com/api/ Frame AAD2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=4
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.105.12.170 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers
/
sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698
  • https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LNX694ZK-1C-FIOA
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LNX694ZK-1C-FIOA
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
19297

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LNX694ZK-1C-FIOA
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
e71ccbe96f42d70fa40603ada4c96b28
Expires
0
/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/taboola/6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b?gdpr=0&gdpr_consent=&us_privacy=1---
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-AEqXIzFE2oTGYN1FOQ0xNYamqhYkaJ8llr3OsA--~A
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-AEqXIzFE2oTGYN1FOQ0xNYamqhYkaJ8llr3OsA--~A
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
19297

Redirect headers

date
Thu, 19 Oct 2023 12:42:11 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-AEqXIzFE2oTGYN1FOQ0xNYamqhYkaJ8llr3OsA--~A
content-length
0
/
sync.taboola.com/sg/baidurtb-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://trace.mediago.io/ju/cs/taboola
  • https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=afe098ab3733be052dzc2g00lnx6981z
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=afe098ab3733be052dzc2g00lnx6981z
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
24651

Redirect headers

date
Thu, 19 Oct 2023 12:42:11 GMT
via
1.1 google
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
location
https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=afe098ab3733be052dzc2g00lnx6981z
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
sync.taboola.com/sg/google-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
  • https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESENjbo7vBbViQunNBcASyqM4&google_cver=1
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESENjbo7vBbViQunNBcASyqM4&google_cver=1
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
19337

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESENjbo7vBbViQunNBcASyqM4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
305
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame AAD2 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b:$UID
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 19 Oct 2023 05:30:52 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pixel
cm.g.doubleclick.net/ Frame AAD2
Redirect Chain
  • https://sync.taboola.com/sg/google-network/1/rtb/?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
23976
/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f9a8042c-c9a0-4948-ac45-f91d636ac944
0
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f9a8042c-c9a0-4948-ac45-f91d636ac944
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-vcl-time-ms
15
date
Thu, 19 Oct 2023 12:42:11 GMT
via
1.1 varnish
x-served-by
cache-yyz4525-YYZ
server
nginx
x-timer
S1697719332.707162,VS0,VE15
x-fastly-to-nlb-rtt
13544
x-cache
MISS
accept-ranges
bytes
content-length
0
x-service-version
v1
x-cache-hits
0

Redirect headers

location
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=f9a8042c-c9a0-4948-ac45-f91d636ac944
date
Thu, 19 Oct 2023 12:42:11 GMT
server
Kestrel
content-length
239
rtset
bh.contextweb.com/bh/ Frame AAD2 		49 B
618 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.148.27.131 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-CA
content-type
image/gif;charset=iso-8859-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-cdf9fc9cc-vf7wc
expires
-1
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&gdpr=0&gdpr_consent=&us_privacy=1---&gpp=&gpp_sid=&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h...
  • https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&gdpr=0&gdpr_consent=&us_privacy=1---
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
25429

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&gdpr=0&gdpr_consent=&us_privacy=1---
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1686612
content-length
0
expires
Thu, 19 Oct 2023 00:00:00 GMT
/
sync.taboola.com/sg/id5-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://id5-sync.com/s/464/9.gif?puid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
  • https://id5-sync.com/c/464/464/7/1.gif?puid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&gdpr=0&gdpr_consent=&us_privacy=
  • https://uipglob.semasio.net/id5/1/get?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F6%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://uipglob.semasio.net/id5/1/get2?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F6%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/464/112/6/2.gif?puid=9AC7735EB9337274&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F434%2F5%2F3.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&consent=
  • https://id5-sync.com/c/464/434/5/3.gif?puid=fdcf140f-0fe6-4858-9f2d-2fa16adfb8b8&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F441%2F4%2F4.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/464/441/4/4.gif?puid=u_db69b023-30aa-48e0-a1d9-2aa2ba1d5ded&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/464/2/3/5.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/464/2/3/5.gif?puid=2587657505101497831&gdpr=0&gdpr_consent=
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F429%2F2%2F6.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0
  • https://id5-sync.com/c/464/429/2/6.gif?puid=C18A64E5-70A4-44C7-A2DF-1C891A6DCB07&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F1%2F7.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/464/108/1/7.gif?puid=799ee752-e8b5-42ef-94ee-452166b4bfab&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttl=%%TTL%%
  • https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-988eSOxfZZPeuZVUjj-jVXFrDDFOggkuL6Wu_Piu-g
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-988eSOxfZZPeuZVUjj-jVXFrDDFOggkuL6Wu_Piu-g
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:18 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
31655

Redirect headers

location
https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-988eSOxfZZPeuZVUjj-jVXFrDDFOggkuL6Wu_Piu-g
date
Thu, 19 Oct 2023 12:42:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame AAD2
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=0&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dtabo...
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=044da294b98c4c0d82076bebc05574cb&ssp=taboola&bsw_param=b34e2818-48d7-42a0-96b6-6b342bc67604&gdpr=0&consent=&gdpr_pd=&expires=7
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=b34e2818-48d7-42a0-96b6-6b342bc67604&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=b34e2818-48d7-42a0-96b6-6b342bc67604&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
27374

Redirect headers

Location
//sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=b34e2818-48d7-42a0-96b6-6b342bc67604&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Date
Thu, 19 Oct 2023 12:42:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame AAD2
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=taboola
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
  • https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=c7f82738-1dfe-4ea0-944e-e955d69c3dd0
  • https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=c7f82738-1dfe-4ea0-944e-e955d69c3dd0&tbid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&query=taboola_hm%3Dc7f82738-1dfe-...
0
77 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=c7f82738-1dfe-4ea0-944e-e955d69c3dd0&tbid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&query=taboola_hm%3Dc7f82738-1dfe-4ea0-944e-e955d69c3dd0&isDirect=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 19 Oct 2023 12:42:13 GMT
via
1.1 varnish
server
nginx
x-timer
S1697719333.471474,VS0,VE20
x-cache
MISS
accept-ranges
bytes
content-length
0
x-served-by
cache-yyz4525-YYZ

Redirect headers

location
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=c7f82738-1dfe-4ea0-944e-e955d69c3dd0&tbid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&query=taboola_hm%3Dc7f82738-1dfe-4ea0-944e-e955d69c3dd0&isDirect=0
date
Thu, 19 Oct 2023 12:42:13 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
28538
xuid
eb2.3lift.com/ Frame AAD2
Redirect Chain
  • https://eb2.3lift.com/xuid?mid=7772&xuid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&dongle=tbla&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://eb2.3lift.com/xuid?ld=1&mid=7772&xuid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=1---
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=7772&xuid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=7772&xuid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=1---
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/ Frame AAD2
Redirect Chain
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Fr...
  • https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=e2bcfedc-1c62-0cc6-117f-58c5b90d065e
0
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=e2bcfedc-1c62-0cc6-117f-58c5b90d065e
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:12 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
29867

Redirect headers

date
Thu, 19 Oct 2023 12:42:12 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=e2bcfedc-1c62-0cc6-117f-58c5b90d065e
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
cds-pips.js
cdn.taboola.com/scripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:06 GMT
x-amz-request-id
345CDBWW70P2J4KQ
age
1256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1340
x-amz-id-2
RXZ9eF1pCd0CDN+zmZsBdUvWy9zP/THQYOkdE0w5cIOOD+5zdquMw/vB8dFwYkBREq+fn3ZvR+o=
x-served-by
cache-yyz4525-YYZ
last-modified
Wed, 12 Oct 2022 13:57:57 GMT
server
AmazonS3
x-timer
S1697719326.049750,VS0,VE0
etag
"383fa66d2a0a09f4a6e64a9593ad43bb"
vary
Accept-Encoding
content-type
application/javascript
abp
44
access-control-allow-origin
*
cache-control
private, max-age=3600
accept-ranges
bytes
x-cache-hits
2059
eid.es5.js
cdn.taboola.com/scripts/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/eid.es5.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
Bqo64Ai0BniIkPPSnUb8_cZLJGu.sClo
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:06 GMT
x-amz-request-id
F0ERNPAEKW73Z8P2
age
5144
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
6467
x-amz-id-2
plsZvdnyCt2i8Bpor4XZ/Hw8FQ82hV+hAUU7z72e8PcCioobdkLHvDkUimb10ggYrfGsRVEk5hI=
x-served-by
cache-yyz4525-YYZ
last-modified
Sun, 02 Apr 2023 13:09:57 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1697719326.050020,VS0,VE0
etag
"2fdf3e79d5e851201a0d52a886453d8b"
vary
Accept-Encoding
content-type
application/javascript
abp
21
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
5980
fraud-detect.js
cdn.taboola.com/scripts/ 		121 B
407 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/fraud-detect.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
392c32f20b9f867852a946a6ed1c5e21476df9619083548b6585d80a3b5f9bd4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
vOXBAr_FxKHpU348.XTQhP6DWnVyKple
content-encoding
gzip
via
1.1 varnish
date
Thu, 19 Oct 2023 12:42:06 GMT
x-amz-request-id
S9J5BFAA7WPTMDGJ
age
3972
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
125
x-amz-id-2
wWtPRy+nUtfHDp77gPzlWCF3v6EWhngazARKv0aGBw+bq/wfsPbkn4AZ0roXloZfIZagWP16wbs=
x-served-by
cache-yyz4525-YYZ
last-modified
Thu, 15 Dec 2022 16:50:08 GMT
server
AmazonS3
x-timer
S1697719326.049980,VS0,VE0
etag
"f7a185d92ac2162dc0bc36c5d7ef7dfe"
vary
Accept-Encoding
content-type
application/javascript
abp
49
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
4324
sparrow.min.js
pixel.condenastdigital.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.condenastdigital.com/sparrow.min.js
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cff3ff7513a42187f914df965c0006c8756f549dc13ffb64540767042902a748

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Expires
Thu, 18 Nov 2021 11:29:56 GMT
Date
Thu, 19 Oct 2023 12:42:12 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-amz-request-id
EBEXQT0GEV9FPCDC
Age
32378
X-Cache
HIT, HIT, HIT
Connection
keep-alive
Content-Length
13370
x-amz-id-2
9IE1XFLhUZqEbeKFiVGbH05pLDORsexvRApvw0DmjWLw20Y6Lome+ghxYd+FNTqFRmH8nOGUZNg=
X-Served-By
cache-bwi5122-BWI, cache-iad-kcgs7200167-IAD, cache-yyz4577-YYZ
Last-Modified
Mon, 18 Oct 2021 11:33:31 GMT
Server
AmazonS3
X-Timer
S1697719332.379680,VS0,VE0
ETag
"e6b88c6f7c41eb887a206c62c62867a9"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, public, max-age=604800
Accept-Ranges
bytes
X-Cache-Hits
1, 9087, 630
/
pips.taboola.com/ 		4 B
178 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-served-by
cache-yyz4529-YYZ
date
Thu, 19 Oct 2023 12:42:06 GMT
via
1.1 varnish
server
Varnish
access-control-allow-methods
GET
x-cache
HIT
access-control-allow-origin
https://arstechnica.com
cache-control
no-store
accept-ranges
bytes
content-length
4
retry-after
0
x-cache-hits
0
log
qsearch-a.akamaihd.net/ 		35 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=projectevents&project=prebid&acid=1947e7ff-8684-4e08-acfa-98260701bec4&cid=8CU65UN7R&crid=625635970&adunit_count=1&dn=arstechnica.com&requrl=https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/&istop=true&event=client_timeout&value=1&rd=1000
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.106.147 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-205-106-147.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:12 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
35
Expires
Thu, 19 Oct 2023 12:42:12 GMT
publishertag.prebid.139.js
static.criteo.net/js/ld/ 		94 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.139.js
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
17882276150f09461415088bd161e0242ce0327673dc9233e11bf1f7cbe28762
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:12 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Jul 2023 13:25:47 GMT
server
nginx
etag
W/"64ad585b-17893"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 20 Oct 2023 12:42:12 GMT
events
permutive.arstechnica.com/v2.0/batch/ 		201 B
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/batch/events?enrich=false&sdkp=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
307b2b47714e18c4f04b11cae4463037ced7ade93f4dfaf7691da578e481b1a5

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
139
pixel;r=2036633917;labels=Culture.Ars%20Technica.security.;source=gtm;rf=0;a=p-Jjy-Cyr1NZGRz;url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keep...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=2036633917;labels=Culture.Ars%20Technica.security.;source=gtm;rf=0;a=p-Jjy-Cyr1NZGRz;url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F;uht=2;fpan=1;fpa=P0-1784730416-1697719324094;pbc=;ns=0;ce=1;qjs=1;qv=d48babbb-20231018122215;cm=;gdpr=0;us_privacy=1---;ref=;d=arstechnica.com;dst=1;et=1697719326258;tzo=420;ogl=site_name.Ars%20Technica%2Curl.https%3A%2F%2Farstechnica%252Ecom%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fak%2Ctitle.Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine%2Cimage.https%3A%2F%2Fcdn%252Earstechnica%252Enet%2Fwp-content%2Fuploads%2F2023%2F08%2Fwarning-760x380%252Ejpg%2Cdescription.Google-verified%20advertiser%20%2B%20legit-looking%20URL%20%2B%20valid%20TLS%20cert%20%3D%20convincing%20loo%2Ctype.article;ses=6c166fa6-0242-48ea-bcf5-d91e55893c5b;mdl=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.184.68.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
strict-transport-security
max-age=86400
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
unifiedPixel
tr.outbrain.com/ 		53 B
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/unifiedPixel?optOut=false&bust=09515003397572024&referrer=&cht=ot&marketerId=00c1076881eb5352ee07e7589585aa30bb&name=PAGE_VIEW&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&g=1&obApiVersion=1.1&obtpVersion=2.0.5
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.255 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:15 GMT
Cache-Control
no-cache
content-encoding
br
X-TraceId
d003ff71c1db4955b3d006458192b5e8
Content-Length
54
Content-Type
image/gif;
cachedClickId
tr.outbrain.com/ 		35 B
220 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=00c1076881eb5352ee07e7589585aa30bb
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.255 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:12 GMT
content-encoding
br
X-TraceId
8605f14f514ffe54e3fc6f43cb44556c
Content-Length
39
Content-Type
application/javascript
00c1076881eb5352ee07e7589585aa30bb
wave.outbrain.com/mtWavesBundler/handler/ 		2 B
443 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wave.outbrain.com/mtWavesBundler/handler/00c1076881eb5352ee07e7589585aa30bb
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.93 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-93.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:13 GMT
Content-Encoding
gzip
ob-sent-time
1697657647271
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-RG
NA
Cache-Control
max-age=60
X-CC
CA
Connection
keep-alive
X-TraceId
c1c9d41cd10586e2ec8e9a6cd92ed27d
Content-Length
22
Expires
Thu, 19 Oct 2023 12:43:13 GMT
log
pb-logs.media.net/ 		35 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pb-logs.media.net/log?logid=kfk&evtid=prebid_analytics_events_client&requrl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dn=arstechnica.com&ref=&screen=1600x1200&cid=8CU65UN7R&lper=1&plper=&gdpr=0&ccpa=1---&ajx=1&pbv=v8.12.0&pbav=1.0.0&flt=1&supcrid=post_nav_0&tmax=1000&ismn=1&vplcmtt=&sts=0&ets=1004&tts=1122&aucstatus=completed&acid=1947e7ff-8684-4e08-acfa-98260701bec4&flrdata=ln%3D%7C%7Cskp%3D%7C%7Cenfj%3D%7C%7Cenfd%3D%7C%7Csr%3D%7C%7Cfs%3D&lgtp=APPR&reqId=-1&ogReqId=-1&adid=&pvnm=-2&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=1&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=293c1c935a3ec5&ogReqId=293c1c935a3ec5&adid=&pvnm=criteo&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=2&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=4b52e6e0a54092&ogReqId=4b52e6e0a54092&adid=&pvnm=triplelift&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=68a9552cd008aa&ogReqId=68a9552cd008aa&adid=&pvnm=medianet&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=625635970&pubcrid=625635970&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=8b87dffc7fae1f&ogReqId=8b87dffc7fae1f&adid=&pvnm=appnexus&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=10e895a0b9b0472&ogReqId=10e895a0b9b0472&adid=&pvnm=rubicon&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=12b0be55813bebe&ogReqId=12b0be55813bebe&adid=&pvnm=ix&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=14d464222ff6119&ogReqId=14d464222ff6119&adid=&pvnm=openx&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=728x90%7C970x250&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&targ=%7B%7D
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.180.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-196-180-24.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 19 Oct 2023 12:42:12 GMT
content-length
35
content-type
image/gif
/
cds.taboola.com/ 		0
82 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cds.taboola.com/?uid=6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b&mbl=ZmFsc2U=
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:06 GMT
cache-control
no-store
server
nginx
teads-format.min.js
a.teads.tv/media/format/v3/ 		579 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/media/format/v3/teads-format.min.js
Requested by
Host: a.teads.tv
URL: https://a.teads.tv/page/11552/tag
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.205.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-205-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a609604e115bdb416bb719acef9d33a6aae34f2b84773ea21b77b77bc412e17e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
br
last-modified
Thu, 19 Oct 2023 09:07:20 GMT
x-amz-request-id
TEEV46FR4VSHJ0PX
etag
"eebcd2bbcd067fef674e6dd96965075a"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
private, must-revalidate, max-age=1800, no-transform
x-bucket
e
accept-ranges
bytes
content-length
135009
x-amz-id-2
R04XuDNt+2vcPbA8oNZMGmYpMW5YGrZRZqZLxCoAOskwCnhayWa6RzHAZw4DGmY/sJOmlrPEtK8=
expires
Thu, 19 Oct 2023 13:12:06 GMT
track
t.teads.tv/ 		23 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=placementCall&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&pageId=11552&pid=35410&debug_metadata=dsXb3VdNvS&fv=1272&ts=1697719326633&f=1&referer=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.216.85.43 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-216-85-43.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
cache-control
private, max-age=3666
content-length
23
content-type
image/gif
track
t.teads.tv/ 		23 B
134 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.teads.tv/track?action=slotAvailable&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&pageId=11552&pid=35410&slot=native&fv=1272&ts=1697719326640&f=1&referer=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.216.85.43 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-216-85-43.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires
Sat, 26 Jul 1997 05:00:00 GMT
date
Thu, 19 Oct 2023 12:42:14 GMT
cache-control
max-age=0, no-cache, no-store
content-length
23
content-type
image/gif
ad
a.teads.tv/page/11552/ 		569 B
851 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/page/11552/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&windowReferrerUrl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&autoplay=true&formatVersion=1272&env=js-web&netBw=10&ttfb=70
Requested by
Host: a.teads.tv
URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.205.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-205-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
02e66a8a67f939e4af978d1f04ab655758b78d78a0a0dbe401fb8ac95bcf05dc

Request headers

Accept
application/json; charset=UTF-8
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://arstechnica.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
398
expires
Thu, 19 Oct 2023 12:42:06 GMT
state
permutive.arstechnica.com/v1.0/ 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v1.0/state?fetch_unseen=false&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:06 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&rl=&if=false&ts=1697719326768&cd[segment_id]=82865&sw=1600&sh=1200&v=2.9.134&r=stable&ec=3&o=30&fbp=fb.1.1697719325304.1494258696&ic=&ler=empty&it=1697719325194&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 12:42:13 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/tr/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&rl=&if=false&ts=1697719326769&cd[segment_id]=82866&sw=1600&sh=1200&v=2.9.134&r=stable&ec=4&o=30&fbp=fb.1.1697719325304.1494258696&ic=&ler=empty&it=1697719325194&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 12:42:13 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
collect
a.ad.gt/api/v1/ 		0
161 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/collect
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/57
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
text/html; charset=utf-8
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
cf-ray
818919615b8ac484-EWR
getpixels
pixels.ad.gt/api/v1/ 		0
108 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pixels.ad.gt/api/v1/getpixels?tagger_id=4bf79c3b69b6f1ecdced2f7bbb17b00b&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&code=%27none%27
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/57
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
8189198e2d655497-YYZ
content-type
text/html; charset=utf-8
iframe
sync.teads.tv/ Frame D929 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Requested by
Host: a.teads.tv
URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.165.62 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-165-62.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
5099ad43044c8f6eed96f559c3938dc929223323f5fb35f6836814d556a33719

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
754
content-type
text/html; charset=UTF-8
date
Thu, 19 Oct 2023 12:42:07 GMT
expires
Thu, 19 Oct 2023 12:42:07 GMT
pragma
no-cache
server
pekko-http/1.0.0
vary
Accept-Encoding
hadron.json
id.hadron.ad.gt/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=0&partner_id=57&sync=1&domain=arstechnica.com&url=https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.23.234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://arstechnica.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cache-control
max-age=31536000 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
81891969c905a210-YYZ
content-length
0
content-type
application/json
date
Thu, 19 Oct 2023 12:42:08 GMT
debug
OPTIONS block
expires
Fri, 18 Oct 2024 12:42:08 GMT
server
cloudflare
hadron.json
id.hadron.ad.gt/v1/ 		109 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=0&partner_id=57&sync=1&domain=arstechnica.com&url=https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?partner_id=57&sync=1&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.23.234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a2434f90e1f040193f30c11120ba7fdf87412f51be40ecda209e67692e4bbed

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 19 Oct 2023 12:42:08 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
private,max-age=30
access-control-allow-credentials
true
debug
NON-OPTIONS
access-control-allow-headers
authorization
cf-ray
8189196a194ca210-YYZ
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 7218 		361 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f95.1e100.net
Software
sffe /
Resource Hash
8cbb913d075f48fea47711f393c162c69066118acb543879dc77cf69d6345682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
126236
x-xss-protection
0
expires
Thu, 19 Oct 2023 12:42:13 GMT
vans-adapter-google-ima.js
static.adsafeprotected.com/ Frame 7218 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/vans-adapter-google-ima.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-75.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c1dd93cc3f1638f369af566115ae74546e64bdafc4319d9853b5c15a3d3f4970

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
4UvdbwUsN2CunQyNARaRw4ABpoiv.VmX
content-encoding
gzip
via
1.1 05f4e6c9553ff5b6620e13adbd08b064.cloudfront.net (CloudFront)
date
Sat, 14 Oct 2023 15:14:15 GMT
x-amz-cf-pop
IAD61-P3
age
422873
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 08 Jul 2021 19:25:58 GMT
server
AmazonS3
etag
W/"8ec0c211dda60907ae57f46e621bc794"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
_x7Lfmdon8wqaEUc9U9dk8-HTCLxRl7AAqP1EpIrVctNLCALd_yQ7Q==
gpt_proxy.js
imasdk.googleapis.com/js/sdkloader/ 		81 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/gpt_proxy.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f95.1e100.net
Software
sffe /
Resource Hash
cff4ad771c9bfb45d280e8df735aff7c07deb54774ec16f188a6621b149f81b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:30:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
674
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29572
x-xss-protection
0
last-modified
Tue, 10 Oct 2023 20:32:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=900
accept-ranges
bytes
expires
Thu, 19 Oct 2023 12:45:59 GMT
player-style-2cf7e3c125f7b0cc5c9e.css
player-frontend.cnevids.com/player/ Frame 7218 		90 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
948c1b95f1dbdcb68ad1c83e789f24968a3e487563b42fd5451f4430791b7e30

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 20:10:20 GMT
Content-Encoding
gzip
Via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
x-amz-version-id
R5m98vrL8kZelKVVheKBOtelJMEgrmJE
X-Amz-Cf-Pop
IAD89-P1
Age
3601911
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
13029
Last-Modified
Thu, 07 Sep 2023 20:00:59 GMT
Server
AmazonS3
ETag
"6f3c3978d344c16ec2263748c6106086"
Content-Type
text/css; charset=utf-8
Cache-Control
max-age=63072000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
WV-DO80ePZwHEez45iGZ0U-IR0d3A6tytWP_PLJdHPCVa6rFcjlNlQ==
Expires
Tue, 01 Jan 2030 00:00:00 GMT
main-7f40040d423dc64a5a13.js
player-frontend.cnevids.com/player/ Frame 7218 		977 KB
255 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady27548757
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
26ade026aef73d3267f1b1dc06ff74adb6818239ea4512919a791ce1d9c7a4d1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Wed, 18 Oct 2023 17:33:24 GMT
Content-Encoding
gzip
Via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
x-amz-version-id
BaGoRXFRbhDIZtJk1nJRizAREYCXmH6t
X-Amz-Cf-Pop
IAD89-P1
Age
68930
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
PENDING
Connection
keep-alive
Content-Length
260138
Last-Modified
Wed, 18 Oct 2023 17:21:54 GMT
Server
AmazonS3
ETag
"ad6041d9d62a04b54842444926ab4c42"
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=63072000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
tFEOfRzaR4Dm2fAYzRpN9IMDf_lM__VuQChHFTgKgjSRVjZX5s1K9g==
Expires
Tue, 01 Jan 2030 00:00:00 GMT
log
qsearch-a.akamaihd.net/ 		35 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=projectevents&project=prebid&acid=da76242d-710e-42d0-8d3b-ff206ab9d085&cid=8CU65UN7R&crid=330789210&adunit_count=1&dn=arstechnica.com&requrl=https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/&istop=true&event=client_timeout&value=1&rd=2000
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.106.147 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-205-106-147.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:14 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
35
Expires
Thu, 19 Oct 2023 12:42:14 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		29 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3841502741835802&correlator=1648096346750438&hxva=1&scor=1055876503603680&eid=31079032%2C31078933&output=ldjh&gdfp_req=1&vrg=202310180101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=3379%2Cconde.ars%2Chero%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=728x90%7C970x250%7C9x1%7C10x1&ifi=2&didk=1556244986&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Db66362e837050d1e%3AT%3D1697719324%3ART%3D1697719324%3AS%3DALNI_MaP5WsfuLYyja1oqA6ZFeFCkz0eVw&gpic=UID%3D00000d9aee521ea6%3AT%3D1697719324%3ART%3D1697719324%3AS%3DALNI_MY7th0c5NioG9AS5H6cVddSOQQnKQ&abxe=1&dt=1697719327186&lmt=1697744527&adxs=436&adys=125&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&vis=1&psz=1600x0&msz=1600x0&fws=4&ohw=1600&ga_vid=1498663598.1697719324&ga_sid=1697719324&ga_hid=1279237386&ga_fc=false&dlt=1697719323008&idt=706&prev_scp=pos%3Dhero%26ctx_slot_type%3Dpost_nav%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dpost_nav_0%26slot_name%3Dhero_1%26maxbid%3D0%26amznbid%3D1%26amznp%3D1%26id%3De88cb727-6e7c-11ee-bf79-02881295e6ad%26m_mv%3DslotNoHistData%26m_gv%3DslotNoHistData%26bidType%3Dlow&cust_params=permutive%3D9710%252C78900%252C82865%252C82866%252Crts%26prmtvvid%3D90d1defc-7ad3-430d-822c-01dafd1bd9af%26prmtvwid%3D1dfc40bb-d155-4f15-970e-99450dbfa0e2%26env_device_type%3Ddesktop%26ctx_template%3Darticle%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26env_server%3Dproduction%26ctx_cns_version%3D6.72.17%26ctx_page_slug%3Dgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%26cnt_tags%3Dgoogle-2%252Cmalvertising%252Cmalware%252Cpunycode%26cnt_platform%3Dwordpress%26cnt_copilotid%3D%26pageview_id%3D4070980938%26usr_bkt_eva%3D100%26usr_bkt_ses%3D57%26usr_bkt_pv%3D52%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dnone%26usr_auth%3Dfalse%26vnd_prx_segments%3D112200%252C112222%252C117700%252C117736%252C120000%252C121100%252C131100%252C131127%252C230004%252C230014%252C603525%252C230000%252C300003%252C210002%252C240002%252C240003%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240017%252C240015%252C240016%252C240018%252C240019%252C9lt9vf%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26puid%3D0d0f53e2-8056-4315-afc6-5d135b997184%26ptime%3D1697719324012%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_3006647_PG%252CIAS_11733_KW%252CIAS_1506339_PG%252CIAS_1507080_PG%252CIAS_14113_KW%252CIAS_9283_KW%252CIAS_2644_KW%252CIAS_1507654_PG%26prmtvsdk%3Dweb%26prmtvsid%3Deb6dc643-5d9a-453e-ad5a-5c6f742d88ea%26ctx_line_items%3D6194187599&adks=516311950&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
8dc41e2e71233a6f39bf3f08ad148b1fc936c0eb7b0576eff4fa123b9b5dcc7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12504
x-xss-protection
0
google-lineitem-id
6395454414
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138450351855
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		29 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3841502741835802&correlator=1648096346750438&hxva=1&scor=1055876503603680&eid=31079032%2C31078933&output=ldjh&gdfp_req=1&vrg=202310180101&ptt=17&impl=fifs&us_privacy=1---&iu_parts=3379%2Cconde.ars%2Crail%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=300x250%7C300x600&ifi=3&didk=2931862664&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Db66362e837050d1e%3AT%3D1697719324%3ART%3D1697719324%3AS%3DALNI_MaP5WsfuLYyja1oqA6ZFeFCkz0eVw&gpic=UID%3D00000d9aee521ea6%3AT%3D1697719324%3ART%3D1697719324%3AS%3DALNI_MY7th0c5NioG9AS5H6cVddSOQQnKQ&abxe=1&dt=1697719327190&lmt=1697744527&adxs=1110&adys=789&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&vis=1&psz=300x0&msz=300x0&fws=516&ohw=300&ga_vid=1498663598.1697719324&ga_sid=1697719324&ga_hid=1279237386&ga_fc=false&dlt=1697719323008&idt=706&prev_scp=pos%3Drail%26ctx_slot_type%3Dsiderail%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dsiderail_0%26slot_name%3Drail_1%26maxbid%3D0%26amznbid%3D1%26amznp%3D1%26id%3De88d2bd5-6e7c-11ee-978f-020d3116955b%26m_mv%3DslotNoHistData%26m_gv%3DslotNoHistData%26bidType%3Dlow&cust_params=permutive%3D9710%252C78900%252C82865%252C82866%252Crts%26prmtvvid%3D90d1defc-7ad3-430d-822c-01dafd1bd9af%26prmtvwid%3D1dfc40bb-d155-4f15-970e-99450dbfa0e2%26env_device_type%3Ddesktop%26ctx_template%3Darticle%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26env_server%3Dproduction%26ctx_cns_version%3D6.72.17%26ctx_page_slug%3Dgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%26cnt_tags%3Dgoogle-2%252Cmalvertising%252Cmalware%252Cpunycode%26cnt_platform%3Dwordpress%26cnt_copilotid%3D%26pageview_id%3D4070980938%26usr_bkt_eva%3D100%26usr_bkt_ses%3D57%26usr_bkt_pv%3D52%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dnone%26usr_auth%3Dfalse%26vnd_prx_segments%3D112200%252C112222%252C117700%252C117736%252C120000%252C121100%252C131100%252C131127%252C230004%252C230014%252C603525%252C230000%252C300003%252C210002%252C240002%252C240003%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240017%252C240015%252C240016%252C240018%252C240019%252C9lt9vf%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26puid%3D0d0f53e2-8056-4315-afc6-5d135b997184%26ptime%3D1697719324012%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_3006647_PG%252CIAS_11733_KW%252CIAS_1506339_PG%252CIAS_1507080_PG%252CIAS_14113_KW%252CIAS_9283_KW%252CIAS_2644_KW%252CIAS_1507654_PG%26prmtvsdk%3Dweb%26prmtvsid%3Deb6dc643-5d9a-453e-ad5a-5c6f742d88ea%26ctx_line_items%3D6194187599&adks=1336601853&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
18aab0ec80f12072bb21f507aed8ea6563f6492264cf11d58dd7afc27026ee83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12492
x-xss-protection
0
google-lineitem-id
6395452770
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138450351042
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
pb-logs.media.net/ 		35 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pb-logs.media.net/log?logid=kfk&evtid=prebid_analytics_events_client&requrl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dn=arstechnica.com&ref=&screen=1600x1200&cid=8CU65UN7R&lper=1&plper=&gdpr=0&ccpa=1---&ajx=1&pbv=v8.12.0&pbav=1.0.0&flt=1&supcrid=siderail_0&tmax=2000&ismn=1&vplcmtt=&sts=0&ets=2001&tts=2124&aucstatus=completed&acid=da76242d-710e-42d0-8d3b-ff206ab9d085&flrdata=ln%3D%7C%7Cskp%3D%7C%7Cenfj%3D%7C%7Cenfd%3D%7C%7Csr%3D%7C%7Cfs%3D&lgtp=APPR&reqId=-1&ogReqId=-1&adid=&pvnm=-2&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=1&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=163204e62d61f9d&ogReqId=163204e62d61f9d&adid=&pvnm=criteo&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=2&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=2092809d351ca54&ogReqId=2092809d351ca54&adid=&pvnm=triplelift&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=2&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=18eda3d71b5c919&ogReqId=18eda3d71b5c919&adid=&pvnm=rubicon&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=222d1049d51e3af&ogReqId=222d1049d51e3af&adid=&pvnm=openx&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=24ccbf09e9c3c19&ogReqId=24ccbf09e9c3c19&adid=&pvnm=ix&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=269a124670a6b79&ogReqId=269a124670a6b79&adid=&pvnm=appnexus&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=&pubcrid=&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&reqId=280efba39aa6c2e&ogReqId=280efba39aa6c2e&adid=&pvnm=medianet&src=client&ogbdp=&bdp=&cbdp=&dfpbd=&szs=300x250%7C300x600&size=&mtype=banner&dId=&curr=&rests=&status=3&iwb=0&crid=330789210&pubcrid=330789210&mpvid=&bidflr=&flrrule=&ext=%7B%7D&rtime=&targ=%7B%7D
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.180.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-196-180-24.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 19 Oct 2023 12:42:14 GMT
content-length
35
content-type
image/gif
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.218.218.181 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-218-218-181.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
313
date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 15 Oct 2023 08:32:45 GMT
x-cdn
AKAM
x-edgeconnect-midmile-rtt
0
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=24317
accept-ranges
bytes
content-length
3272
events
permutive.arstechnica.com/v2.0/batch/ 		201 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/batch/events?enrich=false&sdkp=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
3b1291df05d696a256c988c8050782f5684264e3fd8351b3d810b6acd1700cba

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1697719327352&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-lo...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D434737%26time%3D1697719327352%26url%3Dhttps%253A%252F%252Farstechnica.com%252Fsec...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1697719327352&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-lo...
0
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1697719327352&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&liSync=true
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 0503608AD27A4915811034913D0195F4 Ref B: YTO01EDGE0506 Ref C: 2023-10-19T12:42:14Z
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
application/javascript
x-li-fabric
prod-lva1
x-cache
CONFIG_NOCACHE
x-li-proto
http/2
content-length
0
x-li-uuid
AAYIERXb6pVfLly8vi6V1g==

Redirect headers

strict-transport-security
max-age=31536000
content-security-policy
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-content-type-options
nosniff
date
Thu, 19 Oct 2023 12:42:13 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-length
0
x-li-uuid
AAYIERXZusSzmk50rUoytg==
pragma
no-cache
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 06B72A6BD65B42C9975D085356A4E696 Ref B: YTO01EDGE0506 Ref C: 2023-10-19T12:42:14Z
x-frame-options
sameorigin
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1697719327352&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&liSync=true
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame AD5B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstLarzZpgcl35qC4RxGylvdhiGv-mdgATi1moQqgb5wnMdZdN5lh6ZNYPVwxl8PJ_ot-Tp0QJaa9tPpDljJO3P_eUd31qOHoa5lMBBNU64dER2Gd3VeDOHidmBYOVQZ25i_H4-HKH6rhVC7atcHmOKWD9b0DHFRsldUAA7d_L0B6f1eNi-O9kR1IVzuLOGg4i4oyDxNCpS8oqNYFfc1hpDYhnvEaNjp25AF0RVbvr5uW6I8Rlcu9Tu1am_4by9OX6OuDc2bb28zjTzctsSlNhiX4lTd6q58IU4BT5ZCgEvzQTAAN61aKncUzli4YlsRXF7FJbTQjVYBAatkA2mEmw_AGBQzpS_LCRWtLfE9eBmZQF05lt0VKN3NA0x-Yw&sai=AMfl-YTurqIZOF895qYEekaHHWZ2AjuUmdOhkAK9rjejS8wnqDYqsCzfOVcnZ2l4FzShWhCuB9aWXW0V2g_UPv6a7NzbuR6oyzTBTYatwcK4fkKCWjuDzU8niy8NUMe0WYE&sig=Cg0ArKJSzKBUXxWC3LttEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
dcmads.js
www.googletagservices.com/dcm/ Frame AD5B 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
c548a30c41171b00c7d332fc539aa7fa0dceb71fc7d91d4bc7b65ed3bfed8382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:27:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
871
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9959
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 13:24:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 19 Oct 2023 13:27:36 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame AD5B 		187 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
100e1bd433b0fbe35e8d609395d4f9a1cbafbeddb64a30b6ac6fcc7888f9310a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60178
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1697628223465749"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 12:42:07 GMT
moatad.js
z.moatads.com/condenastdfp9588492144/ Frame AD5B 		340 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastdfp9588492144/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48a9dfbe1026b2e8b6209e8c2aaec51010ec16548fa59c4e577aae042d3b598c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
last-modified
Thu, 05 Oct 2023 09:39:45 GMT
server
AmazonS3
x-amz-request-id
2C08SD2JRXVDBPTQ
etag
"677dc59a9bf6498d01bec84b13beccfc"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=56290
accept-ranges
bytes
content-length
117099
x-amz-id-2
QOi4EgFkzhqb3VujSsBiFdPX4zZD1kZ+5puJIsRLNKr32E4cBsEyOpEglKkL3Yc59HCyvB2oQrE=
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.4478484671.Campaign%20ID.3258585100.Line%20Item%20ID.6395454414
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.184.68.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
strict-transport-security
max-age=86400
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
impl_v97.js
www.googletagservices.com/dcm/ Frame AD5B 		57 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v97.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
6b23a2a55e15ddffdc187b1107030f6ed53d4abe5d4c0900022451d20c3dfb54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 18:25:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
584199
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23166
x-xss-protection
0
last-modified
Tue, 12 Sep 2023 13:28:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 11 Oct 2024 18:25:28 GMT
B28106158.378061212;dc_ver=97.287;sz=970x250;u_sd=1;dc_adk=2550138417;ord=u806ml;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssF1blkNY6UROX1oRCpk_gCHsIPKPFTNSWruxT3zyKh...
ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/ Frame AD5B 		66 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.378061212;dc_ver=97.287;sz=970x250;u_sd=1;dc_adk=2550138417;ord=u806ml;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssF1blkNY6UROX1oRCpk_gCHsIPKPFTNSWruxT3zyKhoQdHiX_16GgF_oOHqfbyn2CC9NQBrbu_7WE64WCaWoCZjDnjH5ElkPpgGMvENDHra2ZLkGwiVDMg5RFJCOQ-9iRQ4kkEUdMyPALmraMD2yCXuZDK5z5kr0jpFnJdDogF4fnCDbolqPl0c_KSwFXCYUwvWatIpF_fYTIb6OIv8zIIieoJvEPB-eAmVMdIHFvmLJG88oj6VHvy8oIEc8N91X0IlpFQRjpkqcHZ4Mc22spXgpqss7_oXoWLN4z_PYlczr2J3_5ABJlIZD9_HNv0Y1fH9pCsPsFCek4w81kK_5671t8aFpLcWvtbrnMvptDqCzPcRIFs3TtL6w%26sai%3DAMfl-YQlKpr9muMqK3AvDqiXUV7EK4dsvVYkUQXiYX-ncqoZZNuvvFbZpG1FfiJ7ffzEG7xtVrhz9stzo7Sh-qDyfPeMEZMwL52Nh1YXlSXfm_efLAuN65PoO0Agd2WfNXU%26sig%3DCg0ArKJSzC1ejRn0vWfQEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=92;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v97.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f148.1e100.net
Software
cafe /
Resource Hash
791dc6e19ceb7fe5c40631c3b679f4d5668d5223783e5b0bc46ce108c1f62f33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30769
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
state
permutive.arstechnica.com/v1.0/ 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v1.0/state?fetch_unseen=false&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
view
securepubads.g.doubleclick.net/pcs/ Frame 9BB9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstmrDBleh64YUQA1aiNobBuzjPmdmX7CwIL_tmk_ahz_RvXb6XI2CbcuzGXIsQztAdtxT65WM3Ewn2ZP_iLcQaE5mmUjcaf98RIt0qSqBDFXRtV6N_5r8RCOyuVn9xpzqTAJHko6ofRcxvVCrG-ZzdfvGrwIwzuVxPijAzv8L89_IvGKw4kPhDKX2EvAdrPvR1sqfQSVrUy9QwzHIalY7lWsDRWDeNGlXA34xXVyrqi7qqlSlAmKOA_LpsfgXsYNtIq4prbLnspGWpWoYay_IpLT6weFtyQUM3MVhf-E48TKbO1Ig0w318jwZbyecdzaY4_oP5ywPiaoEFDNhDzyn8Gt0mmZtFHfH4JX66xuczPCSLlgnhLsnkCC5RcdQ&sai=AMfl-YRlSb6WvHkZzYlJake4FrLt-w-6LqXzBg2ZkzhH1a5swMetsJBj0k7cLH8WXRqHXgFDG-h4HPw68EgiG2veNHucD_bvRgE0VQhIb3VnKN0naNBp8_JL_dRVez72MXY&sig=Cg0ArKJSzLo5WgBWtPRvEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
dcmads.js
www.googletagservices.com/dcm/ Frame 9BB9 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
c548a30c41171b00c7d332fc539aa7fa0dceb71fc7d91d4bc7b65ed3bfed8382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:27:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
871
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9959
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 13:24:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 19 Oct 2023 13:27:36 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9BB9 		187 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
100e1bd433b0fbe35e8d609395d4f9a1cbafbeddb64a30b6ac6fcc7888f9310a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60178
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1697628223465749"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 12:42:07 GMT
moatad.js
z.moatads.com/condenastdfp9588492144/ Frame 9BB9 		340 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastdfp9588492144/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310180101/pubads_impl.js?cb=31079032
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48a9dfbe1026b2e8b6209e8c2aaec51010ec16548fa59c4e577aae042d3b598c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
last-modified
Thu, 05 Oct 2023 09:39:45 GMT
server
AmazonS3
x-amz-request-id
2C08SD2JRXVDBPTQ
etag
"677dc59a9bf6498d01bec84b13beccfc"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=56290
accept-ranges
bytes
content-length
117099
x-amz-id-2
QOi4EgFkzhqb3VujSsBiFdPX4zZD1kZ+5puJIsRLNKr32E4cBsEyOpEglKkL3Yc59HCyvB2oQrE=
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.4478484671.Campaign%20ID.3258585100.Line%20Item%20ID.6395452770
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.184.68.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
strict-transport-security
max-age=86400
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231011/r20110914/elements/html/ Frame AD5B 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231011/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.378061212;dc_ver=97.287;sz=970x250;u_sd=1;dc_adk=2550138417;ord=u806ml;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssF1blkNY6UROX1oRCpk_gCHsIPKPFTNSWruxT3zyKhoQdHiX_16GgF_oOHqfbyn2CC9NQBrbu_7WE64WCaWoCZjDnjH5ElkPpgGMvENDHra2ZLkGwiVDMg5RFJCOQ-9iRQ4kkEUdMyPALmraMD2yCXuZDK5z5kr0jpFnJdDogF4fnCDbolqPl0c_KSwFXCYUwvWatIpF_fYTIb6OIv8zIIieoJvEPB-eAmVMdIHFvmLJG88oj6VHvy8oIEc8N91X0IlpFQRjpkqcHZ4Mc22spXgpqss7_oXoWLN4z_PYlczr2J3_5ABJlIZD9_HNv0Y1fH9pCsPsFCek4w81kK_5671t8aFpLcWvtbrnMvptDqCzPcRIFs3TtL6w%26sai%3DAMfl-YQlKpr9muMqK3AvDqiXUV7EK4dsvVYkUQXiYX-ncqoZZNuvvFbZpG1FfiJ7ffzEG7xtVrhz9stzo7Sh-qDyfPeMEZMwL52Nh1YXlSXfm_efLAuN65PoO0Agd2WfNXU%26sig%3DCg0ArKJSzC1ejRn0vWfQEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=92;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 10:28:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
7996
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 02 Nov 2023 10:28:58 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame AD5B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRew6Uqj_SrIzRP5n_19ehOjJw_JgkWNOGWA58wP9Ui_n6JNmF6WHUEmXjdDAdz3g7EoFtkL413Fhjvzd5SZ1G1CFqyIvHNOUvCj77DTLtxxcfct-nA6ZMYH-uXEstklk_7j4MAXsOC-LZRRoCiPrmzZ7VxdTBXy8bQgU&sai=AMfl-YSQHhJIJd-0J6zdmqYJxYeaOAd2Dds9pcBjyCx2cb2szhqeGqvqq9KcWvHoNS3wL3rlKaD5fYqRr9HuVHnpfnGDsJzJ_NdKvhyrIg&sig=Cg0ArKJSzGc1Aw35VEBeEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231011.73739&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.378061212;dc_ver=97.287;sz=970x250;u_sd=1;dc_adk=2550138417;ord=u806ml;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssF1blkNY6UROX1oRCpk_gCHsIPKPFTNSWruxT3zyKhoQdHiX_16GgF_oOHqfbyn2CC9NQBrbu_7WE64WCaWoCZjDnjH5ElkPpgGMvENDHra2ZLkGwiVDMg5RFJCOQ-9iRQ4kkEUdMyPALmraMD2yCXuZDK5z5kr0jpFnJdDogF4fnCDbolqPl0c_KSwFXCYUwvWatIpF_fYTIb6OIv8zIIieoJvEPB-eAmVMdIHFvmLJG88oj6VHvy8oIEc8N91X0IlpFQRjpkqcHZ4Mc22spXgpqss7_oXoWLN4z_PYlczr2J3_5ABJlIZD9_HNv0Y1fH9pCsPsFCek4w81kK_5671t8aFpLcWvtbrnMvptDqCzPcRIFs3TtL6w%26sai%3DAMfl-YQlKpr9muMqK3AvDqiXUV7EK4dsvVYkUQXiYX-ncqoZZNuvvFbZpG1FfiJ7ffzEG7xtVrhz9stzo7Sh-qDyfPeMEZMwL52Nh1YXlSXfm_efLAuN65PoO0Agd2WfNXU%26sig%3DCg0ArKJSzC1ejRn0vWfQEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=92;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame AD5B 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.378061212;dc_ver=97.287;sz=970x250;u_sd=1;dc_adk=2550138417;ord=u806ml;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssF1blkNY6UROX1oRCpk_gCHsIPKPFTNSWruxT3zyKhoQdHiX_16GgF_oOHqfbyn2CC9NQBrbu_7WE64WCaWoCZjDnjH5ElkPpgGMvENDHra2ZLkGwiVDMg5RFJCOQ-9iRQ4kkEUdMyPALmraMD2yCXuZDK5z5kr0jpFnJdDogF4fnCDbolqPl0c_KSwFXCYUwvWatIpF_fYTIb6OIv8zIIieoJvEPB-eAmVMdIHFvmLJG88oj6VHvy8oIEc8N91X0IlpFQRjpkqcHZ4Mc22spXgpqss7_oXoWLN4z_PYlczr2J3_5ABJlIZD9_HNv0Y1fH9pCsPsFCek4w81kK_5671t8aFpLcWvtbrnMvptDqCzPcRIFs3TtL6w%26sai%3DAMfl-YQlKpr9muMqK3AvDqiXUV7EK4dsvVYkUQXiYX-ncqoZZNuvvFbZpG1FfiJ7ffzEG7xtVrhz9stzo7Sh-qDyfPeMEZMwL52Nh1YXlSXfm_efLAuN65PoO0Agd2WfNXU%26sig%3DCg0ArKJSzC1ejRn0vWfQEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=92;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f132.1e100.net
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 16:06:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
246932
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13692
x-xss-protection
0
last-modified
Sun, 25 Jun 2023 02:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Oct 2024 16:06:43 GMT
11384173780447929955
s0.2mdn.net/simgad/ Frame AD5B 		101 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/11384173780447929955
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f149.1e100.net
Software
sffe /
Resource Hash
22fe1d515cd92ae8673719af71e87eaa407e6e97d088625af40931cae10dca25
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 04:36:58 GMT
x-content-type-options
nosniff
age
201911
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
103608
x-xss-protection
0
last-modified
Wed, 04 Oct 2023 20:52:30 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 16 Oct 2024 04:36:58 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame AD5B 		187 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
100e1bd433b0fbe35e8d609395d4f9a1cbafbeddb64a30b6ac6fcc7888f9310a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60178
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1697628223465749"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 12:42:07 GMT
impl_v97.js
www.googletagservices.com/dcm/ Frame 9BB9 		57 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v97.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
6b23a2a55e15ddffdc187b1107030f6ed53d4abe5d4c0900022451d20c3dfb54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 18:25:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
584199
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23166
x-xss-protection
0
last-modified
Tue, 12 Sep 2023 13:28:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 11 Oct 2024 18:25:28 GMT
pixel
cm.g.doubleclick.net/ Frame D929
Redirect Chain
  • https://sync.teads.tv/um?eid=3&fp=1&uid=&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D&gdpr=0&gdpr_co...
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YWFlNmE5NGUtZWU5ZC00MDQ5LWEyMjYtOGU1NDE3Nzg4ZTVh&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YWFlNmE5NGUtZWU5ZC00MDQ5LWEyMjYtOGU1NDE3Nzg4ZTVh&us_privacy=1---
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
server
pekko-http/1.0.0
content-type
text/html; charset=UTF-8
location
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YWFlNmE5NGUtZWU5ZC00MDQ5LWEyMjYtOGU1NDE3Nzg4ZTVh&us_privacy=1---
cache-control
max-age=0, no-cache, no-store
content-length
205
expires
Thu, 19 Oct 2023 12:42:08 GMT
um
sync.teads.tv/ Frame D929
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=teads&ttd_tpi=1&gdpr=0&gdpr_consent=&_t=1697719327993
  • https://sync.teads.tv/um?eid=22&uid=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=
23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=22&uid=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Server
23.62.165.62 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-165-62.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires
Thu, 19 Oct 2023 12:42:08 GMT
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif

Redirect headers

location
https://sync.teads.tv/um?eid=22&uid=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=
date
Thu, 19 Oct 2023 12:42:08 GMT
server
Kestrel
content-length
217
um
sync.teads.tv/ Frame D929
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=79&p=145&cp=teads&cu=1&url=https%3A%2F%2Fsync.teads.tv%2Fum%3Ffp%3D1%26eid%3D80%26uid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent=&_t=1697719327993
  • https://sync.teads.tv/um?fp=1&eid=80&uid=a05261df-e4fa-4944-8bb0-b6f8662218f4&gdpr=0&gdpr_consent=
23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?fp=1&eid=80&uid=a05261df-e4fa-4944-8bb0-b6f8662218f4&gdpr=0&gdpr_consent=
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Server
23.62.165.62 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-165-62.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires
Thu, 19 Oct 2023 12:42:11 GMT
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync.teads.tv/um?fp=1&eid=80&uid=a05261df-e4fa-4944-8bb0-b6f8662218f4&gdpr=0&gdpr_consent=
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1212938
content-length
0
expires
Thu, 19 Oct 2023 00:00:00 GMT
um
sync.teads.tv/ Frame D929
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/teads/aae6a94e-ee9d-4049-a226-8e5417788e5a?gdpr=0&gdpr_consent=&_t=1697719327993
  • https://sync.teads.tv/um?eid=132&uid=y-IVzlnwxE2oTb5xn6wcJUcRwX_BRjKxkWJhc-~A
23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=132&uid=y-IVzlnwxE2oTb5xn6wcJUcRwX_BRjKxkWJhc-~A
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Server
23.62.165.62 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-165-62.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires
Thu, 19 Oct 2023 12:42:08 GMT
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif

Redirect headers

date
Thu, 19 Oct 2023 12:42:08 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.teads.tv/um?eid=132&uid=y-IVzlnwxE2oTb5xn6wcJUcRwX_BRjKxkWJhc-~A
content-length
0
pixel.gif
load77.exelator.com/ Frame D929
Redirect Chain
  • https://loadm.exelator.com/load/?p=204&g=810&j=0&buid=aae6a94e-ee9d-4049-a226-8e5417788e5a_us_ca&gdpr_consent=&us_privacy=1---&_t=1697719327993
  • https://loadm.exelator.com/load/?p=204&g=810&j=0&buid=aae6a94e-ee9d-4049-a226-8e5417788e5a_us_ca&gdpr_consent=&us_privacy=1---&_t=1697719327993&xl8blockcheck=1
  • https://load77.exelator.com/pixel.gif
43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://load77.exelator.com/pixel.gif
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Server
156.146.36.23 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
137173278.nyc.cdn77.com
Software
CDN77-Turbo /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-77-pop
newyorkUSNY
date
Thu, 19 Oct 2023 12:42:10 GMT
x-cache
HIT
x-77-cache
HIT
x-age
797426
x-accel-date
1696921904
content-length
43
x-77-nzt
AZySJBY3Nzf/8ioMAA
x-accel-expires
@1697958704
x-77-age
797426
last-modified
Wed, 25 Oct 2017 17:03:56 GMT
server
CDN77-Turbo
etag
"59f0c3fc-2b"
x-77-nzt-ray
1e192d085632297c22243165aed96311
content-type
image/gif
access-control-allow-origin
*
accept-ranges
bytes

Redirect headers

date
Thu, 19 Oct 2023 12:42:09 GMT
server
nginx
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://load77.exelator.com/pixel.gif
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
content-length
0
44858
tags.bluekai.com/site/ Frame D929 		62 B
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/44858?id=aae6a94e-ee9d-4049-a226-8e5417788e5a_us_ca&limit=1&gdpr_consent=&us_privacy=1---&_t=1697719327993
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.200.222 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-200-222.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date
Thu, 19 Oct 2023 12:42:15 GMT
content-length
62
content-type
image/gif
474599.gif
idsync.rlcdn.com/ Frame D929 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/474599.gif?partner_uid=aae6a94e-ee9d-4049-a226-8e5417788e5a_ca&cv=&us_privacy=1---&_t=1697719327993
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers
g.pixel
aa.agkn.com/adscores/ Frame D929 		43 B
653 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212301178&puid=aae6a94e-ee9d-4049-a226-8e5417788e5a_ca&_tid=aae6a94e-ee9d-4049-a226-8e5417788e5a&gdpr_consent=&us_privacy=1---&_t=1697719327993
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.39.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-110.iad89.r.cloudfront.net
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
via
1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
server
AAWebServer
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-cache
Miss from cloudfront
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
43
x-amz-cf-id
gmX5AdB9MWo2c8qGCbLQe_e1W2Sps1tuXY44xeKyuf1cMz7144ZMlg==
expires
0
usermatch.gif
beacon.krxd.net/ Frame D929 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=teadspartner&partner_uid=aae6a94e-ee9d-4049-a226-8e5417788e5a_ca&gdpr_consent=&us_privacy=1---&_t=1697719327993
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.225.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-225-194.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-served-by
beacon-n026-ash-prod.krxd.net
date
Thu, 19 Oct 2023 12:42:09 GMT
cache-control
private, no-cache, no-store
x-request-time
D=43 t=1697719329
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
usersync
sync.springserve.com/ Frame D929
Redirect Chain
  • https://sync.teads.tv/um?fp=1&ssb_provider_id=1&uid=&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&fb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000024%26uuid%3D%5BVID%5D&gdpr=0&gdpr_consent...
  • https://sync.springserve.com/usersync?aid=1000024&uuid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---
43 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.springserve.com/usersync?aid=1000024&uuid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Server
107.20.22.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-22-234.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:09 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
server
pekko-http/1.0.0
content-type
text/html; charset=UTF-8
location
https://sync.springserve.com/usersync?aid=1000024&uuid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---
cache-control
max-age=0, no-cache, no-store
content-length
180
expires
Thu, 19 Oct 2023 12:42:08 GMT
report
sync.teads.tv/um/ Frame D929
Redirect Chain
  • https://sync.teads.tv/um?fp=1&ssb_provider_id=3&google_nid=teadstv_ab&uid=&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_...
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=YWFlNmE5NGUtZWU5ZC00MDQ5LWEyMjYtOGU1NDE3Nzg4ZTVh&us_privacy=1---
  • https://sync.teads.tv/um/report?ssb_provider_id=3&google_nid=teadstv_ab&fp=1
23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um/report?ssb_provider_id=3&google_nid=teadstv_ab&fp=1
Requested by
Host: sync.teads.tv
URL: https://sync.teads.tv/iframe?pid=35410&gdprIab={%22reason%22:220,%22status%22:22,%22consent%22:%22%22,%22apiVersion%22:null,%22cmpId%22:null}&fromFormat=true&env=js-web&auctid=3ba6e954-3c54-428f-8739-8ed5f56be3ad&vid=aae6a94e-ee9d-4049-a226-8e5417788e5a&us_privacy=1---&1697719326861
Protocol
H2
Server
23.62.165.62 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-165-62.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync.teads.tv/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires
Thu, 19 Oct 2023 12:42:08 GMT
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.teads.tv/um/report?ssb_provider_id=3&google_nid=teadstv_ab&fp=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
B28106158.377621837;dc_ver=97.287;dc_eid=40004001;sz=300x600;u_sd=1;dc_adk=3381720797;ord=qeaakk;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssbelBiJreeMA5O4kJb2HuHNwGk...
ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/ Frame 9BB9 		66 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.377621837;dc_ver=97.287;dc_eid=40004001;sz=300x600;u_sd=1;dc_adk=3381720797;ord=qeaakk;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssbelBiJreeMA5O4kJb2HuHNwGk5ePKdJ0UuiXXcUfDODw4vGpBpJxnWaxtfBbidAZgRLLQqjD3Ci0r06wJzRc3wPlOiwFU2ToB_44Dhx0plzOz6bhyAq09kZSPsaFg4Fh2CyzMUmC_Ofss7KBM4c6HK6Ho7R7IjYjlH_whYBATw5Hem_0iDNpHzN9QKWud9ow8M9Kt5O_793aOl9TjfT7zBElD57fzsc7ucoBlAyf9tlVN5DWzdI360xmSPbeSDIUk3zb4ViTwozen1VaItr6gLWH5FNPgxQHwoZWAYkhwNMtsOOZTdrSfMwVTdq7AcufmVTaS164bY_bnownTx_qNy6UxZ7QIe1XM2BTty7bhpVqxZlkUdaaAvw%26sai%3DAMfl-YQJqEXB0ThLc-FBAdINrhJMDwJh4GmImD2Hi3Obu0GHmdDF20YPOy4_FJ-UT2FeskSM5u_68gW0TvkoTxgVi1wkwTGF64RcUbcErDIlHl4e35USr7RhE50u9k4uxtE%26sig%3DCg0ArKJSzD1IpYmeVJpLEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=72;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v97.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f148.1e100.net
Software
cafe /
Resource Hash
78c559ad7a52609d80c8b954c5168a3dbca3a5574f3fa217c71d91e0b1e5d0e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:08 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30756
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame AD5B 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf201a21937429984b484b9f2d537ba25e2980d8a729e1f0dc67253ef31c66d8

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/png
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231011/r20110914/elements/html/ Frame 9BB9 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231011/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.377621837;dc_ver=97.287;dc_eid=40004001;sz=300x600;u_sd=1;dc_adk=3381720797;ord=qeaakk;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssbelBiJreeMA5O4kJb2HuHNwGk5ePKdJ0UuiXXcUfDODw4vGpBpJxnWaxtfBbidAZgRLLQqjD3Ci0r06wJzRc3wPlOiwFU2ToB_44Dhx0plzOz6bhyAq09kZSPsaFg4Fh2CyzMUmC_Ofss7KBM4c6HK6Ho7R7IjYjlH_whYBATw5Hem_0iDNpHzN9QKWud9ow8M9Kt5O_793aOl9TjfT7zBElD57fzsc7ucoBlAyf9tlVN5DWzdI360xmSPbeSDIUk3zb4ViTwozen1VaItr6gLWH5FNPgxQHwoZWAYkhwNMtsOOZTdrSfMwVTdq7AcufmVTaS164bY_bnownTx_qNy6UxZ7QIe1XM2BTty7bhpVqxZlkUdaaAvw%26sai%3DAMfl-YQJqEXB0ThLc-FBAdINrhJMDwJh4GmImD2Hi3Obu0GHmdDF20YPOy4_FJ-UT2FeskSM5u_68gW0TvkoTxgVi1wkwTGF64RcUbcErDIlHl4e35USr7RhE50u9k4uxtE%26sig%3DCg0ArKJSzD1IpYmeVJpLEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=72;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 10:28:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
7996
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 02 Nov 2023 10:28:58 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9BB9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDwY8jKq_mUifaiyBGEaQaQ-v2adVLNbfTzsTyc2WgVebuFFMmk0fuBYdrfI7XHfnVxAREmwQVjVvru1y_Mg-PEop3zFSVv4TYx9wHpse9HTZyCUAwgpndBHYx04dmapMkRniDPZuN2MwNhof17jYEGaqc8iYIVUOf4JY&sai=AMfl-YRacZDiW9R0prMfqbTM4hB0Uo1wjM_aqIctzFBl4DIijg40IjUf0qiezuMXqKfzZqOrVhkGD6kFD03jcP1S_eluxzoMsKfHq-xbRw&sig=Cg0ArKJSzG4jt_lyZPRrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20231011.49914&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.377621837;dc_ver=97.287;dc_eid=40004001;sz=300x600;u_sd=1;dc_adk=3381720797;ord=qeaakk;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssbelBiJreeMA5O4kJb2HuHNwGk5ePKdJ0UuiXXcUfDODw4vGpBpJxnWaxtfBbidAZgRLLQqjD3Ci0r06wJzRc3wPlOiwFU2ToB_44Dhx0plzOz6bhyAq09kZSPsaFg4Fh2CyzMUmC_Ofss7KBM4c6HK6Ho7R7IjYjlH_whYBATw5Hem_0iDNpHzN9QKWud9ow8M9Kt5O_793aOl9TjfT7zBElD57fzsc7ucoBlAyf9tlVN5DWzdI360xmSPbeSDIUk3zb4ViTwozen1VaItr6gLWH5FNPgxQHwoZWAYkhwNMtsOOZTdrSfMwVTdq7AcufmVTaS164bY_bnownTx_qNy6UxZ7QIe1XM2BTty7bhpVqxZlkUdaaAvw%26sai%3DAMfl-YQJqEXB0ThLc-FBAdINrhJMDwJh4GmImD2Hi3Obu0GHmdDF20YPOy4_FJ-UT2FeskSM5u_68gW0TvkoTxgVi1wkwTGF64RcUbcErDIlHl4e35USr7RhE50u9k4uxtE%26sig%3DCg0ArKJSzD1IpYmeVJpLEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=72;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:08 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9BB9 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.377621837;dc_ver=97.287;dc_eid=40004001;sz=300x600;u_sd=1;dc_adk=3381720797;ord=qeaakk;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssbelBiJreeMA5O4kJb2HuHNwGk5ePKdJ0UuiXXcUfDODw4vGpBpJxnWaxtfBbidAZgRLLQqjD3Ci0r06wJzRc3wPlOiwFU2ToB_44Dhx0plzOz6bhyAq09kZSPsaFg4Fh2CyzMUmC_Ofss7KBM4c6HK6Ho7R7IjYjlH_whYBATw5Hem_0iDNpHzN9QKWud9ow8M9Kt5O_793aOl9TjfT7zBElD57fzsc7ucoBlAyf9tlVN5DWzdI360xmSPbeSDIUk3zb4ViTwozen1VaItr6gLWH5FNPgxQHwoZWAYkhwNMtsOOZTdrSfMwVTdq7AcufmVTaS164bY_bnownTx_qNy6UxZ7QIe1XM2BTty7bhpVqxZlkUdaaAvw%26sai%3DAMfl-YQJqEXB0ThLc-FBAdINrhJMDwJh4GmImD2Hi3Obu0GHmdDF20YPOy4_FJ-UT2FeskSM5u_68gW0TvkoTxgVi1wkwTGF64RcUbcErDIlHl4e35USr7RhE50u9k4uxtE%26sig%3DCg0ArKJSzD1IpYmeVJpLEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=72;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f132.1e100.net
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 16:06:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
246932
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13692
x-xss-protection
0
last-modified
Sun, 25 Jun 2023 02:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Oct 2024 16:06:43 GMT
10013916123554137403
s0.2mdn.net/simgad/ Frame 9BB9 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/10013916123554137403
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f149.1e100.net
Software
sffe /
Resource Hash
ce4727f8e12a770b82552111a6cede9c48e7ef09f24a119d5cbbc0f50fb3f0f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76109
x-xss-protection
0
last-modified
Wed, 04 Oct 2023 20:52:26 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 18 Oct 2024 12:42:09 GMT
truncated
/ Frame 9BB9 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4f309c20d413215d935e3c93bec13d1bbb13c8149a2e8410be85944d55e7a7d7

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/png
halo_match
ids.ad.gt/api/v1/ 		43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001697719325-1FM99NM9-7HUZ&halo_id=0608c677bfladhbgjjakfecech86kcaj7a84i022go0eksgqwweyomimis40yiew2
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.5.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:08 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
8189196a684e0fa3-EWR
content-length
43
content-type
image/gif
t
elsa.memoinsights.com/ 		105 B
459 B 		Script
General
Check archive.org
Download Go to
Full URL
https://elsa.memoinsights.com/t?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&author%5B%5D=Dan%20Goodin&title=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&date=2023-10-19T04%3A50%3A35Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cb=MEMO.API.callbacks.cbdjiagbu&v=v3.0.6&t=5000&e=5000&s=0
Requested by
Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.7.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-7-21.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
b5ebbea6db47650b8f0cba98ba940d18e3001c2e71098eabec63045126f12a78

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
x-envoy-upstream-service-time
1
server
istio-envoy
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64, Sec-CH-UA-Form-Factor
Connection
keep-alive
Content-Length
105
content-type
application/javascript
view
googleads4.g.doubleclick.net/pcs/ Frame AD5B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRew6Uqj_SrIzRP5n_19ehOjJw_JgkWNOGWA58wP9Ui_n6JNmF6WHUEmXjdDAdz3g7EoFtkL413Fhjvzd5SZ1G1CFqyIvHNOUvCj77DTLtxxcfct-nA6ZMYH-uXEstklk_7j4MAXsOC-LZRRoCiPrmzZ7VxdTBXy8bQgU&sai=AMfl-YSQHhJIJd-0J6zdmqYJxYeaOAd2Dds9pcBjyCx2cb2szhqeGqvqq9KcWvHoNS3wL3rlKaD5fYqRr9HuVHnpfnGDsJzJ_NdKvhyrIg&sig=Cg0ArKJSzGc1Aw35VEBeEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1225&vt=11&dtpt=1224&dett=2&cstd=0&cisv=r20231011.73739&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.378061212;dc_ver=97.287;sz=970x250;u_sd=1;dc_adk=2550138417;ord=u806ml;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssF1blkNY6UROX1oRCpk_gCHsIPKPFTNSWruxT3zyKhoQdHiX_16GgF_oOHqfbyn2CC9NQBrbu_7WE64WCaWoCZjDnjH5ElkPpgGMvENDHra2ZLkGwiVDMg5RFJCOQ-9iRQ4kkEUdMyPALmraMD2yCXuZDK5z5kr0jpFnJdDogF4fnCDbolqPl0c_KSwFXCYUwvWatIpF_fYTIb6OIv8zIIieoJvEPB-eAmVMdIHFvmLJG88oj6VHvy8oIEc8N91X0IlpFQRjpkqcHZ4Mc22spXgpqss7_oXoWLN4z_PYlczr2J3_5ABJlIZD9_HNv0Y1fH9pCsPsFCek4w81kK_5671t8aFpLcWvtbrnMvptDqCzPcRIFs3TtL6w%26sai%3DAMfl-YQlKpr9muMqK3AvDqiXUV7EK4dsvVYkUQXiYX-ncqoZZNuvvFbZpG1FfiJ7ffzEG7xtVrhz9stzo7Sh-qDyfPeMEZMwL52Nh1YXlSXfm_efLAuN65PoO0Agd2WfNXU%26sig%3DCg0ArKJSzC1ejRn0vWfQEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=92;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame AD5B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstjmgKZ8rlAEtX4TPj1OGwUX5hUg65PC_gNXQYkJLV4uWywG6Y9-1K64WHkesmb1JKiq8l-q2Xbb0amrAZF46yi8ID3o0wzE-peAc0hAPcpbhO-3q9L0hok47AtHogNBUDFFLOOjtu-2MTMG_51qWKuZi44XJlpsL5ACbKeWn0KW-rTp_4fn036OufNBentu6f-VMy3iIsyf2f_xGY7bwW6L-C8-l0OZ1Ho-iePh_sWjRp739hkoyLh6f91RVMLvf9Q3ZXINh8yA0jUmXbZHmgELVROAOV2Gmxi09sKVsyDKZ8zYhjhORAfcRrnAqEW4rIyCDPBi4yKWN9Pc4M2O935CCZ1dQU2AxZPpZ2Q8UCcu6xnqdNQd1MMuveG28NL&sai=AMfl-YTKQT1dv-qnnGa4CNAKxkL9bgN3ievGplJQOO_nQCVAxRuAZlFTN03d_EwcsWkYI7ovowQVz3Qdy2F09VU2yagODWVXvrhHTAsw0IelEm_f7m9i3ojSRjND-kwiVVY&sig=Cg0ArKJSzKfTekRuI9YzEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 19 Oct 2023 12:42:09 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9BB9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDwY8jKq_mUifaiyBGEaQaQ-v2adVLNbfTzsTyc2WgVebuFFMmk0fuBYdrfI7XHfnVxAREmwQVjVvru1y_Mg-PEop3zFSVv4TYx9wHpse9HTZyCUAwgpndBHYx04dmapMkRniDPZuN2MwNhof17jYEGaqc8iYIVUOf4JY&sai=AMfl-YRacZDiW9R0prMfqbTM4hB0Uo1wjM_aqIctzFBl4DIijg40IjUf0qiezuMXqKfzZqOrVhkGD6kFD03jcP1S_eluxzoMsKfHq-xbRw&sig=Cg0ArKJSzG4jt_lyZPRrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1022&vt=11&dtpt=1020&dett=2&cstd=0&cisv=r20231011.49914&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.2573CONDNASTDIGITALWIRED/B28106158.377621837;dc_ver=97.287;dc_eid=40004001;sz=300x600;u_sd=1;dc_adk=3381720797;ord=qeaakk;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssbelBiJreeMA5O4kJb2HuHNwGk5ePKdJ0UuiXXcUfDODw4vGpBpJxnWaxtfBbidAZgRLLQqjD3Ci0r06wJzRc3wPlOiwFU2ToB_44Dhx0plzOz6bhyAq09kZSPsaFg4Fh2CyzMUmC_Ofss7KBM4c6HK6Ho7R7IjYjlH_whYBATw5Hem_0iDNpHzN9QKWud9ow8M9Kt5O_793aOl9TjfT7zBElD57fzsc7ucoBlAyf9tlVN5DWzdI360xmSPbeSDIUk3zb4ViTwozen1VaItr6gLWH5FNPgxQHwoZWAYkhwNMtsOOZTdrSfMwVTdq7AcufmVTaS164bY_bnownTx_qNy6UxZ7QIe1XM2BTty7bhpVqxZlkUdaaAvw%26sai%3DAMfl-YQJqEXB0ThLc-FBAdINrhJMDwJh4GmImD2Hi3Obu0GHmdDF20YPOy4_FJ-UT2FeskSM5u_68gW0TvkoTxgVi1wkwTGF64RcUbcErDIlHl4e35USr7RhE50u9k4uxtE%26sig%3DCg0ArKJSzD1IpYmeVJpLEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F$0;xdt=0;crlt=ossswZ5g)q;stc=1;chaa=1;sttr=72;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 9BB9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuVq01ZrxxbZUH8Njd5RAOD6Ymdb5XMKtRDNjVoq0H7voJ8dgfw_lcb_HkVh28ih2OsP4dDNb1bPLFE5RZ0nd0grhjfer5ro7cyGiuq_S6PRBSg6CiaX62lp7QQB4pmX3g3HHQ6A6ag5yfgWjCXgghXqezZawf68SHtlrTVttIbjLX3lkwVtjh2oTYweoRjAzZqTKWqlXJNjcZv_NsDaHso9MKg4MCHa6cUYxyWOEr45QOMT5nf7qCIVd3LU8rla3nuDY0i6ZwFhUOsh97do6nn95jF4YYstdPU9As1UcHAoR1av2ya9MinCGeCaUHLLoGwb85_8Np-CfazXUToCU7O9j2E8vX5UbhemxF8r8ePEvr2Mmfu-m-R4XjV43_B&sai=AMfl-YQ5ThOP8WNhrx-NyAks9wQYMs9ARsFKLECbG1jQi3ZLmiGKvHrw9rYbUwMIsQvHDcfH4qNNT1M_l0TRsrg_OrAJ5gwr1oiVmeWZpFK-ZqlOQwoSgi_oRoWjLN_K4uE&sig=Cg0ArKJSzBvm0hdmCMmrEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 19 Oct 2023 12:42:09 GMT
ixmatch.html
js-sec.indexww.com/um/ Frame 1818 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
658
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
818919702dcf1865-EWR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 19 Oct 2023 12:42:09 GMT
expires
Thu, 19 Oct 2023 16:42:09 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame BFEF
Redirect Chain
  • https://u.openx.net/w/1.0/pd?us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
  • https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
749 B
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
9c6b1d9dd1e37c142aa874e30e4ebb7cdc3a4c8c971715e45b2a6546296b4ff4

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
479
content-type
text/html
date
Thu, 19 Oct 2023 12:42:09 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Thu, 19 Oct 2023 12:42:09 GMT
location
https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 674C 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
9984
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 19 Oct 2023 12:42:16 GMT
ETag
W/"623de86a-cf34"
Expires
Sun, 01 Oct 2023 09:55:16 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
165, 23138
X-Served-By
cache-lga13626-LGA, cache-yyz4580-YYZ
X-Timer
S1697719336.489517,VS0,VE0
usync.html
eus.rubiconproject.com/ Frame E16D 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?us_privacy=1---
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.50.125.215 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-125-215.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 19 Oct 2023 12:42:10 GMT
ETag
"4014f-119-6051b805b8000"
Last-Modified
Mon, 11 Sep 2023 20:52:16 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://eb2.3lift.com/sync?us_privacy=1---&
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Requested by
Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
de81cab457662de3735b2a0bb228c7cd0719439f5804c40ee6da4d4c89054c9e

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
1300
content-type
text/html; charset=utf-8
date
Thu, 19 Oct 2023 12:42:12 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Thu, 19 Oct 2023 12:42:12 GMT
location
/sync?us_privacy=1---&&ld=1
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
usermatch
ssum-sec.casalemedia.com/ Frame 4BA3
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
  • https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
2 KB
825 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a32e5b7cc51739680000938ea2933fde4f5d9635cd0c7c80bf9a10d6bee01da

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
81891972b9e75419-YYZ
content-encoding
br
content-type
text/html
date
Thu, 19 Oct 2023 12:42:09 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2F0LdTeKl6qgKSBx00wDp6VJwdigx%2FtSlfvsH0pUMxPOilQWMgMoj%2BJnlPUlCo7qcG4%2BN0spWSYJvYdtLXpOElm5X2a7w8T1mfHdv%2BcCmWPxvuw0g2gWk3v%2BV0XKSNwMcwYurhUCeVB5tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8189197269ac5419-YYZ
content-length
0
date
Thu, 19 Oct 2023 12:42:09 GMT
expires
0
location
/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IROQM%2Bwc%2F5QfuQAFssKqm8tfnzPo76DgL9o%2BF2yStJvFjuD6tJ26eJRk4iGfKP6K2rSAKwmdlIkb9fQ3yKYA7k2YvpEKiSWjbJZlGQg7w6vCBdRoSLQ5vtzbwcxGjVgjqo%2FxE0bBssksjA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
events
permutive.arstechnica.com/v2.0/batch/ 		201 B
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/batch/events?enrich=false&sdkp=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
9a465e259a2d8a030ece60ec2600d12db8676811265001ded2b393b6b9409593

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
140
sd
us-u.openx.net/w/1.0/ Frame BFEF
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719330.933883,VS0,VE0
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
f1417bbb-66cf-afd8-5206-4fb6e7276fa3
pr-bh.ybp.yahoo.com/sync/openx/ Frame BFEF 		43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/f1417bbb-66cf-afd8-5206-4fb6e7276fa3?gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.207.229.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-207-229-222.compute-1.amazonaws.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
dcm
s.amazon-adsystem.com/ Frame BFEF
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=3d506182-eac9-866b-a3df-dbd47043690a
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=3d506182-eac9-866b-a3df-dbd47043690a&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=3d506182-eac9-866b-a3df-dbd47043690a&dcc=t
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Protocol
HTTP/1.1
Server
52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
9VMFGWY8R5RENVZ5NNQ5
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
P8VAXMXX93822GXHQDWC
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=3d506182-eac9-866b-a3df-dbd47043690a&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame BFEF
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=65861dff-f663-3d91-63d1-59431870a2ea&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttd_puid=65861dff-f663-3d91-63d1-59431870a2ea&gdpr=0&gdpr_consent=
43 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttd_puid=65861dff-f663-3d91-63d1-59431870a2ea&gdpr=0&gdpr_consent=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=f9a8042c-c9a0-4948-ac45-f91d636ac944&ttd_puid=65861dff-f663-3d91-63d1-59431870a2ea&gdpr=0&gdpr_consent=
date
Thu, 19 Oct 2023 12:42:09 GMT
server
Kestrel
content-length
335
pixel
cm.g.doubleclick.net/ Frame BFEF 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDllOWNlMzUtM2YxNC02MzM1LTc2MzEtMDNmYWQyOTI2Yzhh
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame BFEF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOJKbaG4bTsVZPDsdNHSKu0&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOJKbaG4bTsVZPDsdNHSKu0&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1&us_privacy=1---&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOJKbaG4bTsVZPDsdNHSKu0&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 4BA3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEOsKCytSzsxlzyeGWJMF4Ss&google_cver=1
43 B
776 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEOsKCytSzsxlzyeGWJMF4Ss&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=laP8PY4U966%2FfNoWRV0ydzwbchj1R2C9LI0UydkxBU6WYkuNncrR%2FrJRqYKakm0KVHfNi2yJRZ6E9ozR%2B0VzvXLy0QmbZMzJny8VP7kVU%2FRCwS%2F6TTjbCmcb%2FR3AqY9yq8g3%2B3%2Bgk6qLhw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
818919735e9a0f77-EWR
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEOsKCytSzsxlzyeGWJMF4Ss&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4BA3
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f9a8042c-c9a0-4948-ac45-f91d636ac944&expiration=1700311329&gdpr=0&gdpr_consent=
43 B
342 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f9a8042c-c9a0-4948-ac45-f91d636ac944&expiration=1700311329&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mF1gjUJ%2Frutp8ff450jAUZumORfz%2BKZauWn3SX6uaeL1mpBdngqDjnTmueWygJe7Tq39zZ6n9Xq495JkNS%2BpQLy3rtSIW6qBgVHMWLjEVHasFeMtDU35%2FdGCm%2Fc%2FVCd%2B1xJ5YbFN2w0wMg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
818919734a6d5419-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=f9a8042c-c9a0-4948-ac45-f91d636ac944&expiration=1700311329&gdpr=0&gdpr_consent=
date
Thu, 19 Oct 2023 12:42:09 GMT
server
Kestrel
content-length
323
crum
dsum-sec.casalemedia.com/ Frame 4BA3
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZTEkIZQ-ZbquyGLs87LjvAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM89x6ZNcM1veZZsG46r_7w&google_cver=1
43 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM89x6ZNcM1veZZsG46r_7w&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BtFN2WGriRQhdfnFuQtanqS5u99PAWNXmAyx3rhhqhCv6Dec1uVESCjxaBi8Aefml0YoqgRxLMR3kpt3ZvE5eEakulCkzIbFiP4SLc9%2FYXO2eFfsvQe1w8qweff3GtUBI3K5tW6JIQZjiA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
81891973aef70f77-EWR
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:09 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM89x6ZNcM1veZZsG46r_7w&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 4BA3
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Server
52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
N25QGPHY0ZGQE00YGRVV
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
RGGNT3VM91TQHPNDN7ZH
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZTEkIZQ_ZbquyGLs87LjvAAAAdYAAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
CookieIndex
rtb.adentifi.com/ Frame 4BA3 		0
285 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.12.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-12-45.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:10 GMT
crum
dsum-sec.casalemedia.com/ Frame 4BA3
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALFH07KYkgAABp9jQkCKw&expiration=1698928931
43 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALFH07KYkgAABp9jQkCKw&expiration=1698928931
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iq7U8iaMIXDhxHamz61P465FzS4pn1llajcLVvGauaoKIVS4Tlw95sdazY1md0Qkvc87UK8nWHqTMq3xVM27K8wW%2BfpXkj4m1HrAZz6fcti%2FAPi0x7fpKHqlSW4bk8wN8PsTxKtTkr23zg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
81891980fbe10f77-EWR
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALFH07KYkgAABp9jQkCKw&expiration=1698928931
Date
Thu, 19 Oct 2023 12:42:11 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
crum
dsum-sec.casalemedia.com/ Frame 4BA3
Redirect Chain
  • https://trace.mediago.io/ju/cs/indexexchange
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=afe098ab31f103f52r3j8c00lnx6981y
43 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=afe098ab31f103f52r3j8c00lnx6981y
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0nOEF%2FCnK1GE1NePxwzH4K0hcAOpDN2rZ5i4XrVXfgNFmbwObn%2FBUGUrevRPSEmNMcbI%2FLPVHPC2JuwE3apFAN4B7kFdeP9lK%2F5WrOiuUXO4VishVx0juOMMn6hDFsD%2F5K6DepWhJXTQ3g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8189197eb9a80f77-EWR
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Thu, 19 Oct 2023 12:42:11 GMT
via
1.1 google
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=afe098ab31f103f52r3j8c00lnx6981y
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tp_out
d.adroll.com/cm/index/ Frame 4BA3 		42 B
181 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.174.197.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-197-87.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.22.1
content-length
42
vary
Cookie
content-type
image/gif
htw-pixel.gif
cdn.indexww.com/ht/ Frame 4BA3 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?ZTEkIZQ-ZbquyGLs87LjvAAA%26470
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Farstechnica.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:09 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
70793
etag
"da1f1d-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
81891973181d1865-EWR
content-length
43
expires
Fri, 20 Oct 2023 12:42:09 GMT
state
permutive.arstechnica.com/v1.0/ 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v1.0/state?fetch_unseen=false&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:09 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
activeview
pagead2.googlesyndication.com/pcs/ Frame AD5B 		42 B
404 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssZLLXWyPmNDvnYRdamY0U2OcpkWTpW4oy7vsSQB5_KPCb62ujONa_fwaL30TwTkdwvkTrsBbVlDHG-szrvqo-71gsC-GLDgqumBNibREx_&sig=Cg0ArKJSzMewBwooz3VGEAE&id=lidar2&mcvt=1000&p=0,0,250,970&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231018&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=32&adk=2550138417&rs=6&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697719327583&rpt=1556&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame AD5B 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvzBlZLm8IuJByxBVVf1LHapeqeAu3eLKOCLZeT7e_J7CZEPtvnVfA0jbNfo0z3pMLFDW40ff0UJPex6QG6a9hvTcY6lcjpGKbu6_Z6UXdFx_lUg5CyYVySWWN4djr_&sig=Cg0ArKJSzCUYpWn0-2G2EAE&id=lidar2&mcvt=1003&p=0,315,250,1285&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20231018&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=516311950&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697719327583&rpt=1550&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9BB9 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssXr3mUVLySSdb1kC6CikPss-m27ly_5D4vdi8tuUoVSpvZjdpsDzoBLFKAiJcK4MnDVb7eRaTQLdbAnEigAWq7FW2SdgqBAD20dhplEZRHCETHugAWZu5s5g_LLsg-&sig=Cg0ArKJSzEmYNNuGBwbqEAE&id=lidar2&mcvt=1000&p=661,1110,1261,1410&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20231018&bin=7&avms=nio&bs=1600,1200&mc=0.9&vu=1&app=0&itpl=19&adk=1336601853&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697719327875&rpt=1278&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9BB9 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuxk1T3lDKL1CCRb3gEMi1pTFjdpIRG15a-UtB3prgjzaDLpQ1-kne9u8BYQBc6KMGszQD7g1nfDJ0puuLYWrTXN7URCRf8XUtP0M93gZUq&sig=Cg0ArKJSzLVFii3E4UDIEAE&id=lidar2&mcvt=1003&p=0,0,600,300&mtos=0,1003,1003,1003,1003&tos=0,1003,0,0,0&v=20231018&bin=7&avms=nio&bs=1600,1200&mc=0.9&vu=1&app=0&itpl=32&adk=3381720797&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697719327875&rpt=1284&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame E16D 		41 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.50.125.215 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-125-215.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
dc4506fa2f39c30ca17faf927bb8f26e6fc78344c6867e69637afd5c17afa75c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:10 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Oct 2023 11:36:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=82451
Connection
keep-alive
Content-Length
11097
Expires
Fri, 20 Oct 2023 11:36:21 GMT
khaos.json
token.rubiconproject.com/ Frame E16D 		7 B
862 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
b5ba23d75d0dcd35432b720d73e3149b
Expires
0
pixel
cm.g.doubleclick.net/ Frame E16D
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE5YNjk0WkstMUMtRklPQQ==&us_privacy=1---
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHEvn7xYmKWWumHWAkQ8rbM&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5YNjk0WkstMUMtRklPQQ==&google_push=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5YNjk0WkstMUMtRklPQQ==&google_push=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5YNjk0WkstMUMtRklPQQ==&google_push=
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
0190a17a18f2299b1b85aeb1793e601c
Expires
0
pixel
cm.g.doubleclick.net/ Frame E16D
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDA3ZDU2NWYzNmZiZjRmMTc0MTQ2NDQxNmYwZDcxMDQ5ODczMTZjNw&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDA3ZDU2NWYzNmZiZjRmMTc0MTQ2NDQxNmYwZDcxMDQ5ODczMTZjNw&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDA3ZDU2NWYzNmZiZjRmMTc0MTQ2NDQxNmYwZDcxMDQ5ODczMTZjNw&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b5ba23d75d0dcd35432b720d73e3149b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame E16D
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=&expires=30
42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
574abe46412f7df61ec8713ff1a5b646
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=f9a8042c-c9a0-4948-ac45-f91d636ac944&gdpr=0&gdpr_consent=&expires=30
date
Thu, 19 Oct 2023 12:42:10 GMT
server
Kestrel
content-length
289
tap.php
pixel.rubiconproject.com/ Frame E16D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHWSGyIEmJHVKvUk1VS2dcw&google_cver=1
42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHWSGyIEmJHVKvUk1VS2dcw&google_cver=1
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
382e2818ca015d35b02cd449aa60881d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHWSGyIEmJHVKvUk1VS2dcw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
px.ads.linkedin.com/ Frame E16D
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584&us_privacy=1---
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LNX694ZK-1C-FIOA&us_privacy=1---
0
513 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LNX694ZK-1C-FIOA&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 29870C86A5124B22AE3605CE5C71B9C9 Ref B: YTO01EDGE0506 Ref C: 2023-10-19T12:42:11Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYIERW13vhhyc91nPsdOQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LNX694ZK-1C-FIOA&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
19ea072139d67f7022c6e463249c998e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame E16D
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&us_privacy=1---
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=FiLLnMhhSHi1rc_9qRNVGQ&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FiLLnMhhSHi1rc_9qRNVGQ
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FiLLnMhhSHi1rc_9qRNVGQ
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:11 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
CT1XNHY9QZPZAND2DF60
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=FiLLnMhhSHi1rc_9qRNVGQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
0b388c490ecfef74be7d13328a4f3ac3
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame E16D
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1---
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/ugHPhKlJC6WrC94l5SeZuMn5EUdSAgOZEtemQ7w0kco?csrc=&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-1Qd0.cNE2oJYiaVKDztiazTgkV.JoM0zbL4UAw--~A
42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-1Qd0.cNE2oJYiaVKDztiazTgkV.JoM0zbL4UAw--~A
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
966e54b6201ecd300c4db0efc0f5781a
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Thu, 19 Oct 2023 12:42:10 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-1Qd0.cNE2oJYiaVKDztiazTgkV.JoM0zbL4UAw--~A
content-length
0
dcm
aax-eu.amazon-adsystem.com/s/ Frame E16D 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.115.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:11 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
Y0565B8VXBEHXRM4WADG
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame E16D
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&us_privacy=1---
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&us_privacy=1---&_bee_ppp=1
  • https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEyrU7KYkgAABxDkiALIQ&expires=30
42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEyrU7KYkgAABxDkiALIQ&expires=30
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
83041abbe8494cb29eff3083edd6dff6
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEyrU7KYkgAABxDkiALIQ&expires=30
Date
Thu, 19 Oct 2023 12:42:12 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
receive
pixel.tapad.com/idsync/ex/ Frame E16D
Redirect Chain
  • https://token.rubiconproject.com/token?pid=37556&a=1&us_privacy=1---
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LNX694ZK-1C-FIOA&us_privacy=1---
95 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LNX694ZK-1C-FIOA&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:10 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

Location
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LNX694ZK-1C-FIOA&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
314e432eb2d967cf733b82bdbbe35231
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
match.sharethrough.com/sync/ Frame E16D
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694&us_privacy=1---
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LNX694ZK-1C-FIOA&us_privacy=1---
68 B
280 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LNX694ZK-1C-FIOA&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
100.24.248.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-24-248-59.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LNX694ZK-1C-FIOA&us_privacy=1---
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
83041abbe8494cb29eff3083edd6dff6
Expires
0
cksync
hb.yahoo.net/ Frame E16D
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&us_privacy=1---
  • https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LNX694ZK-1C-FIOA&redir=true&us_privacy=1---
  • https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LNX694ZK-1C-FIOA&redir=true&us_privacy=1---
  • https://hb.yahoo.net/cksync?cs=63&axid_e=eS12a21TcFk1RTJ1SHdvampuVzdydmdhOHJlLlhwWmhkbX5B&ovsid=LNX694ZK-1C-FIOA&dpid=58160&us_privacy=1---
53 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hb.yahoo.net/cksync?cs=63&axid_e=eS12a21TcFk1RTJ1SHdvampuVzdydmdhOHJlLlhwWmhkbX5B&ovsid=LNX694ZK-1C-FIOA&dpid=58160&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
23.222.5.142 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-222-5-142.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=86400 ; includeSubDomains, max-age=604800
date
Thu, 19 Oct 2023 12:42:12 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
53
x-mnet-hl2
E
expires
Thu, 19 Oct 2023 12:42:12 GMT

Redirect headers

location
https://hb.yahoo.net/cksync?cs=63&axid_e=eS12a21TcFk1RTJ1SHdvampuVzdydmdhOHJlLlhwWmhkbX5B&ovsid=LNX694ZK-1C-FIOA&dpid=58160&us_privacy=1---
date
Thu, 19 Oct 2023 12:42:12 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
liveCS.php
live.primis.tech/live/ Frame E16D
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis&us_privacy=1---
  • https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LNX694ZK-1C-FIOA&us_privacy=1---
0
285 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LNX694ZK-1C-FIOA&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
52.85.151.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-129.iad89.r.cloudfront.net
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
via
1.1 ac28147bf6a75debb0811f62b6224e6e.cloudfront.net (CloudFront)
server
CloudFront
x-amzn-waf-action
challenge
x-amz-cf-pop
IAD89-C3
x-cache
Error from cloudfront
content-type
text/html; charset=UTF-8
cache-control
no-store, max-age=0
content-length
0
x-amz-cf-id
OAQjfBn8BjdsL4rzuXLx2e4iCrZ8OPDqYcKSzheHptXXNqABxJ7bZQ==

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LNX694ZK-1C-FIOA&us_privacy=1---
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
Expires
0
tap.php
pixel.rubiconproject.com/ Frame E16D
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=4d8d0e3a-1f42-4d05-a0c1-36418d686e12&expires=30&us_privacy=1---
42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=4d8d0e3a-1f42-4d05-a0c1-36418d686e12&expires=30&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
2fcb300b847bad3e7dd1184ec8a1c2f5
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=4d8d0e3a-1f42-4d05-a0c1-36418d686e12&expires=30&us_privacy=1---
Date
Thu, 19 Oct 2023 12:42:11 GMT
Connection
keep-alive
X-CI-RTID
9afb5f97-47ef-4619-b8dd-8a9c463696b0
Content-Length
164
Content-Type
text/html; charset=utf-8
magnite
prebid.a-mo.net/setuid/ Frame E16D
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&us_privacy=1---
  • https://prebid.a-mo.net/setuid/magnite?uid=LNX694ZK-1C-FIOA&us_privacy=1---
0
449 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid/magnite?uid=LNX694ZK-1C-FIOA&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
147.28.146.89 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
3
server
envoy
vary
Accept-Encoding

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://prebid.a-mo.net/setuid/magnite?uid=LNX694ZK-1C-FIOA&us_privacy=1---
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
84e0f527cd81a00b0210e20b4ee7ed94
Expires
0
setuid
ib.adnxs.com/prebid/ Frame E16D
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn&us_privacy=1---
  • https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LNX694ZK-1C-FIOA&us_privacy=1---
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LNX694ZK-1C-FIOA&us_privacy=1---
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
68.67.179.166 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:11 GMT
an-x-request-uuid
466ff4e1-cedf-408c-ba7e-76e2e2e67d16
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LNX694ZK-1C-FIOA&us_privacy=1---
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
Expires
0
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 11:48:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
3193
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
697
x-xss-protection
0
last-modified
Fri, 30 Jun 2023 18:58:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 19 Oct 2023 12:48:59 GMT
ecommerce.js
www.google-analytics.com/plugins/ua/ 		1 KB
744 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:29:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
739
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
630
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 19 Oct 2023 13:29:53 GMT
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:02:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
2362
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1129
x-xss-protection
0
last-modified
Tue, 27 Jun 2023 17:28:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 19 Oct 2023 13:02:50 GMT
publisher:getClientId
ampcid.google.com/v1/ 		74 B
438 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f102.1e100.net
Software
ESF /
Resource Hash
ae8264ec552f76003b5335b0839b6fe29284e27617923b0b2c50357ade389091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94
x-xss-protection
0
xuid
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3658&xuid=f9a8042c-c9a0-4948-ac45-f91d636ac944&dongle=0cfd&gdpr=0&gdpr_consent=
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3658&xuid=f9a8042c-c9a0-4948-ac45-f91d636ac944&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=3658&xuid=f9a8042c-c9a0-4948-ac45-f91d636ac944&dongle=0cfd&gdpr=0&gdpr_consent=
date
Thu, 19 Oct 2023 12:42:12 GMT
server
Kestrel
content-length
251
ebda
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzI0MzkzMDU3MTc4MzUyNzUwNTYy
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
248
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFs9sjJ73W11_EQJSt7Z2e0&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFs9sjJ73W11_EQJSt7Z2e0&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFs9sjJ73W11_EQJSt7Z2e0&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 6248
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzI0MzkzMDU3MTc4MzUyNzUwNTYy
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzI0MzkzMDU3MTc4MzUyNzUwNTYy
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzI0MzkzMDU3MTc4MzUyNzUwNTYy
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 6248 		0
582 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=324393057178352750562&dbredirect=true&gdpr=0&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:11 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: CD2853DC60BF4D02B7AAA8B34AFE7A6E Ref B: YTO01EDGE0506 Ref C: 2023-10-19T12:42:12Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYIERW8bQeHQKv5di+pIA==
xuid
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/324393057178352750562?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-eK_dblpE2oTGH8t8tK_1T.fenQWBjJTqHzH0X5M94A--~A&dongle=0883
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-eK_dblpE2oTGH8t8tK_1T.fenQWBjJTqHzH0X5M94A--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Thu, 19 Oct 2023 12:42:12 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-eK_dblpE2oTGH8t8tK_1T.fenQWBjJTqHzH0X5M94A--~A&dongle=0883
content-length
0
c.gif
c.bing.com/ Frame 6248 		42 B
690 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=324393057178352750562&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
a-0001.a-msedge.net
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:13 GMT
last-modified
Wed, 30 Aug 2023 19:01:59 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5A11AA2722E14C7A9C7B54FAE8B840E5 Ref B: YTO01EDGE0721 Ref C: 2023-10-19T12:42:13Z
etag
"3f4a4a7474dbd91:0"
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type
image/gif
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42
sync
x.bidswitch.net/ Frame 6248 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=324393057178352750562&gdpr=0&gdpr_consent=${GDPR_CONSENT}
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.211.178.172 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
172.178.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 12:42:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
xuid
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=1---&gpp=${GPP_STRING_28}&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3...
  • https://eb2.3lift.com/xuid?mid=2711&xuid=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=1---
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2711&xuid=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://eb2.3lift.com/xuid?mid=2711&xuid=bec94b2c-93a2-45bc-8e1c-cece4fcb6c34&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=1---
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2290803
content-length
0
expires
Thu, 19 Oct 2023 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 6248
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3335&xuid=2587657505101497831&dongle=4d58&gdpr=0&gdpr_consent=
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3335&xuid=2587657505101497831&dongle=4d58&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 19 Oct 2023 12:42:12 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:12 GMT
an-x-request-uuid
2471175c-5eb1-40f0-aa94-2ee4636b61ab
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://eb2.3lift.com/xuid?mid=3335&xuid=2587657505101497831&dongle=4d58&gdpr=0&gdpr_consent=
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
infinityid.condenastdigital.com/ 		36 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://infinityid.condenastdigital.com/?rand=1697719332403
Requested by
Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-108.iad61.r.cloudfront.net
Software
/
Resource Hash
e31d2b7f489d004beace4a24bbfe757cdeaee26e95b6ba73a700a45d43a6097f

Request headers

Accept
text/plain
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
via
1.1 52ac015dacdf6aed9db953cf96e66dda.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P3
vary
origin,accept-encoding
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
access-control-allow-credentials
true
x-amz-cf-id
sQyKCxriIJESp37Kb9abijxyx0HmEfCYm3nSa5n7canR3YCxETM3WQ==
expires
0
content
4d.condenastdigital.com/ 		306 B
651 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://4d.condenastdigital.com/content?url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by
Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.98.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-98-107.iad55.r.cloudfront.net
Software
/
Resource Hash
de00a389e81b8bb68d531bb4d41469d0f0723442f1c62234808f53b638d00ee0

Request headers

Accept
text/plain
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:12 GMT
content-encoding
gzip
via
1.1 09208ddc267fc8039508c732fcfcfa64.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD55-P4
vary
origin,accept-encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
access-control-allow-credentials
true
x-amz-cf-id
wiAQAGSp8ovLH8iI6tBY852WKxbJdi5QrBjDBRG9Fn3n8haL6ye0CA==
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.405Z&_t=pubadsReady&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&uNw=1&uUq=1&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22pageContext%22%3A%7B%22contentType%22%3A%22article%22%2C%22templateType%22%3A%22article%22%2C%22channel%22%3A%22security%22%2C%22slug%22%3A%22google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%22%2C%22server%22%3A%22production%22%2C%22keywords%22%3A%7B%22tags%22%3A%5B%22google-2%22%2C%22malvertising%22%2C%22malware%22%2C%22punycode%22%5D%2C%22cm%22%3A%5B%5D%2C%22platform%22%3A%5B%22wordpress%22%5D%2C%22copilotid%22%3A%22%22%7D%7D%2C%22version%22%3A%226.72.17%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.423Z&_t=renderEnded&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22interstitial%22%2C%22size%22%3A%221x1%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.436Z&_t=impressionViewable&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22interstitial%22%2C%22size%22%3A%221x1%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.445Z&_t=renderEnded&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22hero%22%2C%22size%22%3A%22970x250%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.453Z&_t=renderEnded&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22rail%22%2C%22size%22%3A%22300x600%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.464Z&_t=impressionViewable&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22hero%22%2C%22size%22%3A%22970x250%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A12.473Z&_t=impressionViewable&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22wordpress%22%2C%22template%22%3A%22article%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22rail%22%2C%22size%22%3A%22300x600%22%7D&_o=ars-technica&_c=ad_metrics&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
publishertag.prebid.139.js
static.criteo.net/js/ld/ 		94 KB
30 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.139.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.139.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
17882276150f09461415088bd161e0242ce0327673dc9233e11bf1f7cbe28762
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:16 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Jul 2023 13:25:47 GMT
server
nginx
etag
W/"64ad585b-17893"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 20 Oct 2023 12:42:16 GMT
perf
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 		0
520 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/perf?tvi48=11657&tvi50=10882&route=US%3ACH%3AV&lti=block-clicks-recurring-click-200_ctrl
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.124.48 Chicago, United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://arstechnica.com
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:13 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
publisher:getClientId
ampcid.google.ca/v1/ 		3 B
94 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.ca/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f102.1e100.net
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
collect
www.google-analytics.com/j/ 		3 B
23 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1279237386&t=event&ni=1&_s=1&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dr=%2F&dp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&ul=en-us&de=UTF-8&dt=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine%20%7C%20Ars%20Technica&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=proxy%20pageviews&ea=pageload&_u=aChAgUI7AAQCACAFK~&jid=950884427&gjid=906995402&cid=1498663598.1697719324&tid=UA-31997-1&_gid=23912761.1697719334&_slc=1&gtm=45He3ai0n81NLXNPCQ&cg1=article%7Creport&cg2=security&cg3=security&cd1=GTM-NLXNPCQ&cd2=322&cd4=&cd6=Thu%20Oct%2019%202023%2005%3A42%3A03%20GMT-0700%20(Pacific%20Daylight%20Time)&cd7=1697719323774.bhnl626&cd8=7&cd9=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F118.0.5993.88%20Safari%2F537.36&cd11=5&cd12=0&cd13=Tag%20Name%3A%20GA%20Events%20-%20Proxy%20Pageviews%20-%20Pageload&cd20=none&cd25=Dan%20Goodin&cd26=1977141&cd27=725&cd28=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cd29=web&cd32=2023-10-19T04%3A50%3A35-04%3A00&cd33=1&cd34=2023-10-19T12%3A15%3A34-04%3A00&cd35=google%7Cmalvertising%7Cmalware%7Cpunycode&cd36=web&cd43=Ars%20Technica&cd45=Adblock%20Enabled%20-%20false&cd62=https%3A%2F%2Farstechnica.com%2F%3Fp%3D1977141&cd63=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cd65=&cd72=1.0.0&cd92=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cd93=security&cd95=%2CC0001%2CC0003%2CC0004%2CC0002%2C&cd97=-408604571&cd98=article%7Creport&cd102=1&cd103=&cd113=gtm.triggerGroup&cd116=100&cd127=Thursday&cd129=America%2FVancouver&cd131=9&cm21=1&cd3=1498663598.1697719324&z=350296792
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-31997-1&cid=1498663598.1697719324&jid=950884427&gjid=906995402&_gid=23912761.1697719334&_u=aChAgUI7AAQCAGAFK~&z=590660955
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.155 Oxford, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 19 Oct 2023 12:42:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1279237386&t=pageview&_s=1&dl=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dr=%2F&dp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&ul=en-us&de=UTF-8&dt=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine%20%7C%20Ars%20Technica&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCjAgUI7AAQCAGAFK~&jid=&gjid=&cid=1498663598.1697719324&tid=UA-31997-1&_gid=23912761.1697719334&gtm=45He3ai0n81NLXNPCQ&cg1=article%7Creport&cg2=security&cg3=security&cd1=GTM-NLXNPCQ&cd2=322&cd4=&cd6=Thu%20Oct%2019%202023%2005%3A42%3A03%20GMT-0700%20(Pacific%20Daylight%20Time)&cd7=1697719323786.v2djktu&cd8=7&cd9=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F118.0.5993.88%20Safari%2F537.36&cd11=5&cd12=0&cd20=none&cd25=Dan%20Goodin&cd26=1977141&cd27=725&cd28=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cd29=web&cd32=2023-10-19T04%3A50%3A35-04%3A00&cd33=1&cd34=2023-10-19T12%3A15%3A34-04%3A00&cd35=google%7Cmalvertising%7Cmalware%7Cpunycode&cd36=web&cd43=Ars%20Technica&cd45=Adblock%20Enabled%20-%20false&cd62=https%3A%2F%2Farstechnica.com%2F%3Fp%3D1977141&cd63=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cd65=&cd72=1.0.0&cd92=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&cd93=security&cd95=%2CC0001%2CC0003%2CC0004%2CC0002%2C&cd97=-408604571&cd98=article%7Creport&cd102=1&cd103=&cd113=gtm.triggerGroup&cd116=100&cd127=Thursday&cd129=America%2FVancouver&cd131=9&cd3=1498663598.1697719324&z=37734151
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Oct 2023 14:09:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
81177
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
infinityid
arstechnica.com/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://arstechnica.com/infinityid
Requested by
Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.17.33.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-17-33-209.us-east-2.compute.amazonaws.com
Software
nginx/1.23.4 /
Resource Hash
94160b07500c6fdca2c5cd3f81ed8772cd9f0d2c12ac5b9d3cd401edccd1510b

Request headers

Accept
text/plain
Referer
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
server
nginx/1.23.4
etag
W/"6525d9d4-deb"
content-type
text/html
identify
permutive.arstechnica.com/v2.0/ 		50 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/v2.0/identify?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
ac0abcbdc0804fe709df0d8827593dc35781e6a08b04f90a6137c3200dc18e96

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://arstechnica.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
user
4d.condenastdigital.com/ 		67 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://4d.condenastdigital.com/user?xid=c4a2eec5-5efa-4c38-9ead-992e087dd9aa
Requested by
Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.98.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-98-107.iad55.r.cloudfront.net
Software
/
Resource Hash
9d16ed137499a170edc86815e2d3785b862c9cffde320f3ae65a920a0684fa62

Request headers

Accept
text/plain
Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:13 GMT
content-encoding
gzip
via
1.1 09208ddc267fc8039508c732fcfcfa64.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD55-P4
vary
origin,accept-encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
https://arstechnica.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
access-control-allow-credentials
true
x-amz-cf-id
-lDqghPsKJJgcCzzomosJma82l7jnVZxxFY6NkpN1bJv-B7pV-lVHw==
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A13.785Z&_t=pageview&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&_o=ars-technica&_c=general&xID=c4a2eec5-5efa-4c38-9ead-992e087dd9aa&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
transfer-encoding
chunked
Content-Type
image/gif
audiences
permutive.arstechnica.com/audience-matching/v1/id/0d0f53e2-8056-4315-afc6-5d135b997184/ 		12 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://permutive.arstechnica.com/audience-matching/v1/id/0d0f53e2-8056-4315-afc6-5d135b997184/audiences?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by
Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.161.9 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
9.161.107.34.bc.googleusercontent.com
Software
/
Resource Hash
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 19 Oct 2023 12:42:13 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12
content-type
application/json
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-31997-1&cid=1498663598.1697719324&jid=950884427&_u=aChAgUI7AAQCAGAFK~&z=330558733
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f105.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-31997-1&cid=1498663598.1697719324&jid=950884427&_u=aChAgUI7AAQCAGAFK~&z=330558733
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.94 Oxford, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sf-ui-display-medium-webfont.woff2
player-frontend.cnevids.com/assets/fonts/ Frame 7218 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://player-frontend.cnevids.com/assets/fonts/sf-ui-display-medium-webfont.woff2
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3

Request headers

Referer
https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
jNwTnDrOXQCtwNbzpCCrw4_AQmswfr1J
Content-Encoding
gzip
Via
1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
Date
Thu, 19 Oct 2023 12:42:16 GMT
X-Amz-Cf-Pop
IAD89-P1
x-amz-server-side-encryption
AES256
X-Cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
29632
Last-Modified
Thu, 01 Jun 2023 16:30:06 GMT
Server
AmazonS3
ETag
"7d18db04f980971f2a9c5026bbc34bed"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=63072000, public
Vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges
bytes
X-Amz-Cf-Id
6FuAmAfO3O4qsXlpGdXen6oW4kFeFPF6UWU1xqPPjSRnjdbRkhJBuQ==
Expires
Tue, 01 Jan 2030 00:00:00 GMT
bridge3.595.0_en.html
imasdk.googleapis.com/js/core/ Frame E3E2 		726 KB
233 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.595.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f95.1e100.net
Software
sffe /
Resource Hash
e9de6cf1275e2335cae4231d25e6119cd5bb53cfadd831de5cdfc411de862c6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
514852
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
238136
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 13 Oct 2023 13:41:22 GMT
expires
Sat, 12 Oct 2024 13:41:22 GMT
last-modified
Tue, 10 Oct 2023 20:31:50 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 7218 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f149.1e100.net
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 12:42:14 GMT
fbevents.js
connect.facebook.net/en_US/ Frame 7218 		198 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 19 Oct 2023 12:42:14 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
53498
x-xss-protection
0
pragma
public
x-fb-debug
+uR7QSt41FiqcPXYVrF0QNCuCfd+t6tHgWFUOlMpHX+1JUmi1FJ6OR/VpOf8zmCMnI1wfAm9usmv2GSW7LL8Gw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
comscore-min.js
player-frontend.cnevids.com/player/ Frame 7218 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player-frontend.cnevids.com/player/comscore-min.js
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
833a86642252016b29f08dd45ffd27f9e00ca237f28d8c5f0147a6e15d009377

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id
Pu3vAQgXCda0KLw5xmB4fqB2xpvV.qI0
Content-Encoding
gzip
Via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
Date
Thu, 19 Oct 2023 12:40:28 GMT
X-Amz-Cf-Pop
IAD89-P1
Age
107
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Last-Modified
Thu, 01 Jun 2023 16:30:50 GMT
Server
AmazonS3
ETag
W/"054acb6fbd2b2a6c1ac561705bffb0cc"
Vary
Accept-Encoding
Content-Type
text/javascript
X-Amz-Cf-Id
V_lJ_5LyhMsizK3YEB1pYpRA0qkv-DVX1JahW9BNHccTguItFYCXpw==
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
destination
www.googletagmanager.com/gtag/ 		217 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=G-P1P55J3LNW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
bd5a7a8b46be3969e295bac6fafe3fbceb6a3c8d29abb73ff8443dc0d511753c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79279
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 19 Oct 2023 12:42:14 GMT
track
capture.condenastdigital.com/ Frame 7218 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2023-10-19T12%3A42%3A14.120Z&_c=&_t=Player%20Requested&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D70D 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
sffe /
Resource Hash
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:28:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
796
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13893
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 15:57:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 19 Oct 2023 13:28:58 GMT
track
capture.condenastdigital.com/ Frame 7218 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2023-10-19T12%3A42%3A14.185Z&_c=initial&_t=gptData&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dim1=%7B%22adBlocked%22%3Afalse%2C%22adUnits%22%3A%5B%223379%2Fconde.ars%2Finterstitial%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Fhero%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Frail%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Frail%2Fsecurity%2Farticle%2F2%22%2C%223379%2Fconde.ars%2Frail%2Fsecurity%2Farticle%2F3%22%2C%223379%2Fconde.ars%2Fmid-content%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Fmid-content%2Fsecurity%2Farticle%2F2%22%5D%2C%22embedLocation%22%3A%22arstechnica%22%2C%22error%22%3A%22%22%2C%22lineItems%22%3A%5B%226194187599%22%5D%2C%22publicaEnabled%22%3Afalse%2C%22videoId%22%3A%2260abade4dc31e5375248cba6%22%7D
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:14 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 7218 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:19:38 GMT
x-content-type-options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166956
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
51500
Last-Modified
Tue, 25 May 2021 15:04:45 GMT
Server
cloudflare
ETag
"1631177d1131925333a3b2b652f3d8b2"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
81700cb59d522d20-IAD
timing-allow-origin
*
X-Amz-Cf-Id
Jk-FX5fyAwBFwF6GSMIMLb1OpamLUxHep7eNgD4q2HFg1Byp0rkX4g==
9297c89d-e121-48cd-8642-4e684145beb3
https://arstechnica.com/ Frame 7218 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://arstechnica.com/9297c89d-e121-48cd-8642-4e684145beb3
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7218 		64 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.85.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-85-70.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://arstechnica.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Range
bytes=0-

Response headers

Date
Thu, 19 Oct 2023 07:22:58 GMT
Via
1.1 8a5a55219dfdbca831a0a40e05aaa842.cloudfront.net (CloudFront)
Last-Modified
Mon, 24 May 2021 13:51:20 GMT
Server
AmazonS3
X-Amz-Cf-Pop
IAD12-P2
Age
19157
ETag
"580642a938142bddde48207109f78d2b"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
video/mp4
Content-Range
bytes 0-2480938/2480939
Connection
keep-alive
Accept-Ranges
bytes
X-Amz-Cf-Id
p2m7hqbDu8Rri1RqzPFz_9S886u_YmuYx_p37KSL0NN_G7EXI5ZwIA==
Content-Length
2480939
1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7218 		16 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.85.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-85-70.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://arstechnica.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Range
bytes=0-

Response headers

Date
Thu, 19 Oct 2023 07:32:28 GMT
Via
1.1 6400936fc4525d1c60e3e8fee9d4806e.cloudfront.net (CloudFront)
Last-Modified
Mon, 24 May 2021 13:51:20 GMT
Server
AmazonS3
X-Amz-Cf-Pop
IAD12-P2
Age
19159
ETag
"580642a938142bddde48207109f78d2b"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
video/mp4
Content-Range
bytes 0-2480938/2480939
Connection
keep-alive
Accept-Ranges
bytes
X-Amz-Cf-Id
LHSsJm6MQFEWzEUtSK9OtQ7gi0fdEX3IwfOGjcVv2YOIEQ68QXby0w==
Content-Length
2480939
track
capture.condenastdigital.com/ Frame 7218 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2023-10-19T12%3A42%3A14.341Z&_c=Player%20Event&_t=Player%20Loaded&app=playerservice&cBr=arstechnica&cCh=videos%2Fshow&cCu=https%3A%2F%2Fwww.arstechnica.com%2Fvideo%2Fwatch%2Funsolved-mysteries-unsolved-mysteries-of-quantum-leap-with-donald-p-bellisario&cId=60abade4dc31e5375248cba6&cKe=Unsolved%20Mysteries%2CArs%20Technica%20Unsolved%20Mysteries%2CQuantum%20Leap%2CUnsolved%20Mysteries%20Quantum%20Leap%2CQuantum%20leap%20show%2Cquantum%20leap%20ending%2Cquantum%20leap%20bakula%2CDonald%20P%20Bellisario%2CQuantum%20Leap%20Finale%2CQuantum%20Leap%20JFK%2CQuantum%20Leap%20Lee%20Harvey%20Oswald%2CQuantum%20Leap%20interview%2CScott%20Bakula%2CDean%20Stockwell%2CQuantum%20Leap%20Ziggy%2CQuantum%20Leap%20Al%2CQuantum%20Leap%20NBC%2CNBC%20Quantum%20Leap%2CQuantum%20Leap%20Episodes%2Cquantum%20leap%20intro%2Cquantum%20leap%20ars%20technica%2Cars%20technica%20quantum%20leap&cPd=2021-05-25T15%3A00%3A00%2B00%3A00&cTi=Unsolved%20Mysteries%20Of%20Quantum%20Leap%20With%20Donald%20P.%20Bellisario&mDu=854&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pID=e15ded94-427e-408f-9626-8e232f61f119&pWw=584&pWh=328.5&sID=80447642-8672-4ac6-bf2d-51db90babe97&uId=9987f057-656e-4537-867f-3b49d2e5f732&xid=c4a2eec5-5efa-4c38-9ead-992e087dd9aa&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22gitBranch%22%3A%22main%22%2C%22gitSha%22%3A%22af9c35e%22%2C%22guid%22%3A%22f5c082cd-3916-b447-80e4-f863c5657c10%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Afalse%2C%22initialPlayerStartType%22%3A%22manual%22%2C%22playerDepth%22%3A4990.5625%2C%22playerType%22%3A%22video-continuous%22%2C%22playsOnPage%22%3A0%2C%22prerollPlayed%22%3Afalse%2C%22recAlgorithm%22%3Anull%2C%22recStrategy%22%3Anull%2C%22sticky%22%3Afalse%2C%22stickyPosition%22%3A%22%22%2C%22disableVastPrefetch%22%3Afalse%2C%22disableVideoPrebid%22%3Afalse%2C%22isRightRail%22%3Afalse%2C%22tabStatus%22%3A%22active%22%2C%22muted%22%3Afalse%2C%22videoEmbedPosition%22%3A%22%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3Anull%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%2C%22podIndex%22%3A%22%22%7D&adId=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
1c5e052d-9221-44ad-9785-4ca784ceb60dmanifest-ios.m3u8
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7218 		918 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dmanifest-ios.m3u8?videoIndex=0&requester=oo
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.85.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-85-70.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
005f315d6f7cf50f04161a51e17287b5040b513267560b083a3cf39d0b892ba8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 08:37:53 GMT
Via
1.1 55545918b0c914bb8f5282930649df4c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD12-P2
Age
14663
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
918
Last-Modified
Mon, 24 May 2021 13:49:14 GMT
Server
AmazonS3
ETag
"4300fd3b9bba40f219ea54c572764fe0"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Vary
Accept-Encoding,Origin
Accept-Ranges
bytes
X-Amz-Cf-Id
CYIaEzW1_JD6ilpJxxrfdwHqXpQ5P6Q5eUFI4mdSQ9Er-3DWIXx8pw==
13c2dacb-4007-40ed-9f80-12063549e4f5
https://arstechnica.com/ Frame 7218 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://arstechnica.com/13c2dacb-4007-40ed-9f80-12063549e4f5
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7fa4a530da785217eeac7d69df2b2eac2ff8f1a7a05d622d8026bd80bbfcafe8

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length
4973
Content-Type
application/javascript
319ec478-b244-4da1-8a78-39529720892d
https://arstechnica.com/ Frame 7218 		68 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://arstechnica.com/319ec478-b244-4da1-8a78-39529720892d
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
246deaa46e55f47aa7a2be298a475478fcdacb65c6f49264f977b4981f7580aa

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length
70012
Content-Type
application/javascript
c6e5f22a-8a6c-45a4-a949-78c04f7e355e
https://arstechnica.com/ Frame 7218 		68 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://arstechnica.com/c6e5f22a-8a6c-45a4-a949-78c04f7e355e
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
246deaa46e55f47aa7a2be298a475478fcdacb65c6f49264f977b4981f7580aa

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length
70012
Content-Type
application/javascript
collect
analytics.google.com/g/ 		0
253 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-P1P55J3LNW&gtm=45je3ai0&_p=1279237386&_gaz=1&cid=1498663598.1697719324&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dl=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dr=%2F&sid=1697719334&sct=1&seg=0&dt=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine%20%7C%20Ars%20Technica
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-P1P55J3LNW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-P1P55J3LNW&cid=1498663598.1697719324&gtm=45je3ai0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-P1P55J3LNW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.155 Oxford, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-P1P55J3LNW&cid=1498663598.1697719324&gtm=45je3ai0&aip=1&z=1456345827
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.94 Oxford, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 7218 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?sz=640x480|480x70&iu=/3379/conde.ars/player/security/article&ciu_szs=300x60&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&cust_params=permutive%3D9710%252C78900%252C82865%252C82866%252Crts%26prmtvvid%3D90d1defc-7ad3-430d-822c-01dafd1bd9af%26prmtvwid%3D1dfc40bb-d155-4f15-970e-99450dbfa0e2%26env_device_type%3Ddesktop%26ctx_template%3Darticle%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26env_server%3Dproduction%26ctx_cns_version%3D6.72.17%26ctx_page_slug%3Dgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%26cnt_tags%3Dgoogle-2%252Cmalvertising%252Cmalware%252Cpunycode%26cnt_copilotid%3D%26pageview_id%3D4070980938%26usr_bkt_eva%3D100%26usr_bkt_ses%3D57%26usr_bkt_pv%3D52%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dnone%26usr_auth%3Dfalse%26vnd_prx_segments%3D112200%252C112222%252C117700%252C117736%252C120000%252C121100%252C131100%252C131127%252C230004%252C230014%252C603525%252C230000%252C300003%252C210002%252C240002%252C240003%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240017%252C240015%252C240016%252C240018%252C240019%252C9lt9vf%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26puid%3D0d0f53e2-8056-4315-afc6-5d135b997184%26ptime%3D1697719324012%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_3006647_PG%252CIAS_11733_KW%252CIAS_1506339_PG%252CIAS_1507080_PG%252CIAS_14113_KW%252CIAS_9283_KW%252CIAS_2644_KW%252CIAS_1507654_PG%26prmtvsdk%3Dweb%26prmtvsid%3Deb6dc643-5d9a-453e-ad5a-5c6f742d88ea%26ctx_line_items%3D6194187599%26height%3D328%26muted%3D0%26right_rail%3D0%26sensitive%3D0%26series%3D5c82bcebbcdfff6f132fc5e6%26width%3D584%26player_type%3Dembedded-player%26feature_flags%3Dclick-to-play%252Chorizontal-format%252Csound-on&correlator=1648096346750438&description_url=https%3A%2F%2Fwww.arstechnica.com%2Fvideo%2Fwatch%2Funsolved-mysteries-unsolved-mysteries-of-quantum-leap-with-donald-p-bellisario&vid=60abade4dc31e5375248cba6&cmsid=1495&ppid=c4a2eec55efa4c389ead992e087dd9aa
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
eda0d05923798454f45a2efdb6849e3d4190ac26061b12b9c157620a40cea0fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1615
x-xss-protection
0
google-lineitem-id
0
pragma
no-cache
server
cafe
google-creative-id
0
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatvideo.js
z.moatads.com/condenastjsvideocontent160527792519/ Frame 7218 		327 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastjsvideocontent160527792519/moatvideo.js
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
3596731c0a7ee21324124d3eb1c79d89048ec89cf0fdbcaefd95a654d68f49f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
content-encoding
gzip
last-modified
Thu, 05 Oct 2023 09:39:45 GMT
server
AmazonS3
x-amz-request-id
Q4HEMYRAZT4740KS
etag
"a59377c2b90d92af0d62156d4dab21ad"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=56413
accept-ranges
bytes
content-length
112579
x-amz-id-2
DQ89GZOuaAfr1RvpPB2GZ/Rem2ijn1+SK3Sc8uJQV5wpv6QfahdQxEL37oLKH95vaNPZf87fEhM=
track
capture.condenastdigital.com/ Frame 7218 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2023-10-19T12%3A42%3A14.596Z&_c=Video%20Ad&_t=Ad%20Call%20Made&app=playerservice&cBr=arstechnica&cCh=videos%2Fshow&cCu=https%3A%2F%2Fwww.arstechnica.com%2Fvideo%2Fwatch%2Funsolved-mysteries-unsolved-mysteries-of-quantum-leap-with-donald-p-bellisario&cId=60abade4dc31e5375248cba6&cKe=Unsolved%20Mysteries%2CArs%20Technica%20Unsolved%20Mysteries%2CQuantum%20Leap%2CUnsolved%20Mysteries%20Quantum%20Leap%2CQuantum%20leap%20show%2Cquantum%20leap%20ending%2Cquantum%20leap%20bakula%2CDonald%20P%20Bellisario%2CQuantum%20Leap%20Finale%2CQuantum%20Leap%20JFK%2CQuantum%20Leap%20Lee%20Harvey%20Oswald%2CQuantum%20Leap%20interview%2CScott%20Bakula%2CDean%20Stockwell%2CQuantum%20Leap%20Ziggy%2CQuantum%20Leap%20Al%2CQuantum%20Leap%20NBC%2CNBC%20Quantum%20Leap%2CQuantum%20Leap%20Episodes%2Cquantum%20leap%20intro%2Cquantum%20leap%20ars%20technica%2Cars%20technica%20quantum%20leap&cPd=2021-05-25T15%3A00%3A00%2B00%3A00&cTi=Unsolved%20Mysteries%20Of%20Quantum%20Leap%20With%20Donald%20P.%20Bellisario&cTy=%2F3379%2Fconde.ars%2Fplayer%2Fsecurity%2Farticle&mDu=854&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pID=e15ded94-427e-408f-9626-8e232f61f119&pWw=584&pWh=328.5&sID=80447642-8672-4ac6-bf2d-51db90babe97&uId=9987f057-656e-4537-867f-3b49d2e5f732&xid=c4a2eec5-5efa-4c38-9ead-992e087dd9aa&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22gitBranch%22%3A%22main%22%2C%22gitSha%22%3A%22af9c35e%22%2C%22guid%22%3A%22f5c082cd-3916-b447-80e4-f863c5657c10%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Afalse%2C%22initialPlayerStartType%22%3A%22manual%22%2C%22playerDepth%22%3A4990.5625%2C%22playerType%22%3A%22video-continuous%22%2C%22playsOnPage%22%3A0%2C%22prerollPlayed%22%3Afalse%2C%22recAlgorithm%22%3Anull%2C%22recStrategy%22%3Anull%2C%22sticky%22%3Afalse%2C%22stickyPosition%22%3A%22%22%2C%22disableVastPrefetch%22%3Afalse%2C%22disableVideoPrebid%22%3Afalse%2C%22isRightRail%22%3Afalse%2C%22tabStatus%22%3A%22active%22%2C%22muted%22%3Afalse%2C%22videoEmbedPosition%22%3A%22%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3A%22OUT_OF_VIEWPORT%22%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%2C%22podIndex%22%3A%22%22%7D&videoViews=1&adId=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
pixel.gif
px.moatads.com/ 		43 B
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CONDEVIDEOCONTENT1&hp=1&wf=1&ra=2&pxm=3&vz=-&zp=0&sgs=2&vb=7&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=8&f=0&j=&t=1697719334671&de=202089000812&m=0&ar=0c7a73c5c3d-clean&iw=292fb89&q=9&cb=0&ym=0&cu=1697719334671&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=Unsolved%20Mysteries%20Of%20Quantum%20Leap%20With%20Donald%20P.%20Bellisario%3A%2F3379%2Fconde.ars%2Fplayer%2Fsecurity%2Farticle%3Aundefined%3Aundefined&zMoatVideoId=60abade4dc31e5375248cba6&zMoatAP=-&zGSRC=1&gu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&id=1&ii=4&zMoatOrigSlicer1=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&zMoatOrigSlicer2=N%2FA&zMoatDomain=arstechnica.com&zMoatSubdomain=arstechnica.com&gw=condenastjsvideocontent160527792519&fd=1&it=500&ti=0&ih=2&pe=1%3A351%3A351%3A0%3A514&fs=205668&na=485613548&cs=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:15 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
x-akamai-ew-subworker
8096267
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 19 Oct 2023 12:42:15 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame E3E2 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?sz=640x480%7C480x70&iu=%2F3379%2Fconde.ars%2Fplayer%2Fsecurity%2Farticle&ciu_szs=1x1&gdfp_req=1&env=vp&output=xml_vmap1&unviewed_position_start=1&cust_params=permutive%3D9710%252C78900%252C82865%252C82866%252Crts%26prmtvvid%3D90d1defc-7ad3-430d-822c-01dafd1bd9af%26prmtvwid%3D1dfc40bb-d155-4f15-970e-99450dbfa0e2%26env_device_type%3Ddesktop%26ctx_template%3Darticle%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26env_server%3Dproduction%26ctx_cns_version%3D6.72.17%26ctx_page_slug%3Dgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%26cnt_tags%3Dgoogle-2%252Cmalvertising%252Cmalware%252Cpunycode%26cnt_copilotid%3D%26pageview_id%3D4070980938%26usr_bkt_eva%3D100%26usr_bkt_ses%3D57%26usr_bkt_pv%3D52%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dnone%26usr_auth%3Dfalse%26vnd_prx_segments%3D112200%252C112222%252C117700%252C117736%252C120000%252C121100%252C131100%252C131127%252C230004%252C230014%252C603525%252C230000%252C300003%252C210002%252C240002%252C240003%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240017%252C240015%252C240016%252C240018%252C240019%252C9lt9vf%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3D%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26puid%3D0d0f53e2-8056-4315-afc6-5d135b997184%26ptime%3D1697719324012%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_3006647_PG%252CIAS_11733_KW%252CIAS_1506339_PG%252CIAS_1507080_PG%252CIAS_14113_KW%252CIAS_9283_KW%252CIAS_2644_KW%252CIAS_1507654_PG%26prmtvsdk%3Dweb%26prmtvsid%3Deb6dc643-5d9a-453e-ad5a-5c6f742d88ea%26ctx_line_items%3D6194187599%26height%3D328%26muted%3D0%26right_rail%3D0%26sensitive%3D0%26series%3D5c82bcebbcdfff6f132fc5e6%26width%3D584%26player_type%3Dembedded-player%26feature_flags%3Dclick-to-play%252Chorizontal-format%252Csound-on&correlator=1648096346750438&description_url=https%3A%2F%2Fwww.arstechnica.com%2Fvideo%2Fwatch%2Funsolved-mysteries-unsolved-mysteries-of-quantum-leap-with-donald-p-bellisario&vid=60abade4dc31e5375248cba6&cmsid=1495&ppid=c4a2eec55efa4c389ead992e087dd9aa&sdkv=h.3.595.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&us_privacy=1---&gdpr_consent=tcunavailable&sdki=445&ptt=20&adk=946122767&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.595.0&sid=619CDBF1-53A0-44B3-B787-A4591B64B85C&nel=0&eid=44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44797965%2C44801604%2C44802173&ref=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dlt=1697719327071&idt=7434&dt=1697719334713&cookie=ID%3Db66362e837050d1e%3AT%3D1697719324%3ART%3D1697719324%3AS%3DALNI_MaP5WsfuLYyja1oqA6ZFeFCkz0eVw&gpic=UID%3D00000d9aee521ea6%3AT%3D1697719324%3ART%3D1697719324%3AS%3DALNI_MY7th0c5NioG9AS5H6cVddSOQQnKQ&scor=1055876503603680&ged=ve4_td8_tt1_pd8_la8000_er5319.310.5472.610_vi0.0.1200.1600_vp0_eb16619
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.595.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
18f942b383873cd348f2005a8a56d9a2b07ad1d9f0bd8d186fdf05cfcf9c63e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1947
x-xss-protection
0
google-lineitem-id
0
pragma
no-cache
server
cafe
google-creative-id
0
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 7218 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

Referer
https://arstechnica.com/
Origin
https://arstechnica.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:19:38 GMT
x-content-type-options
nosniff
Via
1.1 05f27386f4cfcb918eb11b3fea4d975e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166958
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
51500
Last-Modified
Tue, 25 May 2021 15:04:45 GMT
Server
cloudflare
ETag
"1631177d1131925333a3b2b652f3d8b2"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
81700cb59d522d20-IAD
timing-allow-origin
*
X-Amz-Cf-Id
3RGxIg5270nwH2QCG24RijLmVLejwPozdANAP8QqGtObFq99g1EkjQ==
arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 7218 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.162.93.184 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-93-184.iad61.r.cloudfront.net
Software
cloudflare /
Resource Hash
4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Date
Tue, 17 Oct 2023 14:19:38 GMT
x-content-type-options
nosniff
Via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD61-P1
Age
166956
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
51500
Last-Modified
Tue, 25 May 2021 15:04:45 GMT
Server
cloudflare
ETag
"1631177d1131925333a3b2b652f3d8b2"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control
public, no-transform, immutable, max-age=2592000
Accept-Ranges
bytes
CF-Ray
81700cb59d522d20-IAD
timing-allow-origin
*
X-Amz-Cf-Id
nuLECkC9zadA-KtFiM42iH2itvwwjqJHNFsDbI6H8W3zwbJthpU0yg==
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 3117 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f132.1e100.net
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
315019
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 15 Oct 2023 21:11:56 GMT
expires
Mon, 14 Oct 2024 21:11:56 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 82E3 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f132.1e100.net
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://arstechnica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
315019
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 15 Oct 2023 21:11:56 GMT
expires
Mon, 14 Oct 2024 21:11:56 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
e-zfyE2pbDTyYQrCQWWBVQC0FJ7OV3Fqk4CSA41GVMg.js
pagead2.googlesyndication.com/bg/ Frame 3117 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/e-zfyE2pbDTyYQrCQWWBVQC0FJ7OV3Fqk4CSA41GVMg.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
sffe /
Resource Hash
7becdfc84da96c34f2610ac24165815500b4149ece57716a938092038d4654c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 18:21:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
66036
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14689
x-xss-protection
0
last-modified
Tue, 10 Oct 2023 07:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Oct 2024 18:21:39 GMT
e-zfyE2pbDTyYQrCQWWBVQC0FJ7OV3Fqk4CSA41GVMg.js
pagead2.googlesyndication.com/bg/ Frame 82E3 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/e-zfyE2pbDTyYQrCQWWBVQC0FJ7OV3Fqk4CSA41GVMg.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
sffe /
Resource Hash
7becdfc84da96c34f2610ac24165815500b4149ece57716a938092038d4654c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 18:21:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
66036
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14689
x-xss-protection
0
last-modified
Tue, 10 Oct 2023 07:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Oct 2024 18:21:39 GMT
1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768.m3u8
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7218 		11 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768.m3u8
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.85.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-85-70.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4fb846048afd0ee79141b669572402fc0a024d937c00977e124405d11cd319fe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 08:37:53 GMT
Content-Encoding
gzip
Via
1.1 55545918b0c914bb8f5282930649df4c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD12-P2
Age
14663
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Mon, 24 May 2021 13:54:58 GMT
Server
AmazonS3
ETag
W/"cc4f278863bddb064b3e70268d5f02f8"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Vary
Accept-Encoding,Origin
X-Amz-Cf-Id
qqqAbQrk8bd6cZToIff3mWP2ztTG9HVr-m37_gQRHfCIHtWxr8r9uQ==
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
449 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
99
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
4CfupqnTVllFyPfXbSszpX8rU6fzPSHBze_yJDTbwvQpMA0skTyhgQ==
i.png
trx-hub.com/i/m/ 		128 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trx-hub.com/i/m/i.png?q=N4IghgLhBOD6BmB7aB3M0AmBLAdgcxAC5gBfAGhAFsBTCMDSMI0AY0Rwmo4EkARIkAEYAnAHZRggCyCQFNogDWWagGEAcgJaSwAJmrUWAVgC0h6vDDHJLAMwAOY8Or1HwvQAY7ojBmFgmFHhgsCwANsocsFgYAgDiAIKCAHQ6SVLCdgBsmTaGGWmZYhLCNjqSsiAAzgAO6NCIKLAArpXUcNECwhmi8O6GosaZhpnUVoY2A1k9xjYARpLCGHqG8KKlFTV1DbCtlZVY7FExhCB27pKSopmSOsZTt9osmcaz8DoYpoIYs8Lus2CzahiCq4eC4LAQACeR002j0BhMZgsVlsDicLi6Hi8Pj8THIIAgWEouAIxHxTWgoUqzBA0HMbTp0AEIMqsBgAA9YHT4Ay2kQLFTqPjIDBYGBqtUuMdSBRanhqGzoGAWNQiABtUCVRAUlUCAAWUGqlUIAHoTehKpwWHqcFgWGAkmxKCbWiwKRDISadO4dDYTYJ3Ca8IhEHhQqM9YhLdQPpQwKEAG5tQn7fDGcP0SrGCCIYwWBSjAvUWp7Yz7TjZvWQdMhhRZ+U4Jq4agmirc3lMk4VEVwJCodDYfDMEgkAC6chaOcosBodGHsvqkugUJhJwACgAlADya4AohuACoATVgfAqbstiBo7WOIDYOAwXDAltg1CaACsMJQWKJxmLoNG1q2va57RNUMgnPej44M+ECvh+X4-uMoEYNUOgCBaVo2naARVNq0C6icBoQEaprmgBWHAQ6TougY7pQl6Pp+gGQYhmGEZRpwsbxkmy5YKmeDps4GBZjmeZgAWxhFiWWblqMEBVhANaKPWXBNjgLYVNQSaRFCkoCES1R0nsBw4G29LQIyzJyOwnA8PwJwiOIUgyDZijKOosK6PoRimOYljWPYjjCa4WLeL4-gVEEIThFwcEdCcCTJKk6RZDkeR2AURQiKU5QUJslnbC0bSriAXReL0-SDMMoySOMkyZNMcwLEs1ArGs6H5bUhWNLs+yHAlpznJc1y3PcVjKs8rzvJ83y-P8gLAhQoLgiug1aN5CJ+cigVoiFmLUJ44W4uesW6USqonN6vrGAGt3CAegg6IQNyEIIhhJOMkgAFoVHKCqEhA4ZxGx4bGJG0YYAABHGibJvxJJQxmIlQzmUP5tQUMANL6DJUNyajilI7WlRQw26mYwAPlD8QAVDB4GNhIHLYNWDRIIhTOSUuRfWzWAgCQQA
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-44.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a4d450d9f67e06c84c82a9a8c58cfc96fd91795b935201dace82e858732ddea6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 05:31:10 GMT
via
1.1 0dc81f450c72d91e34b5a0b41d441f28.cloudfront.net (CloudFront)
last-modified
Mon, 24 Aug 2020 04:40:25 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P2
age
25866
etag
"90eb1bf3b49429bde87a3b5f0b53e6a5"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
128
x-amz-cf-id
LXK0tC9j5LTVmvb6NIbFsK38Osf4HkT4xEzjFY3iCJjdN-GStsZ6aA==
i.png
trx-hub.com/i/x/ 		128 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trx-hub.com/i/x/i.png?q=N4IgDglgJiBcIGMD2A7KBTFBDAzgFwH10BXAKygFsEB2AVgGYCsAnfdBACxQgSxABoQEaHCHQAjADYAnNWrjp9erQYAWYRAEgAHtBxxQAM2ZTZ8xcobiEAc03wOePGBywA9G4Du3gHQUsADaeLOgARgCeeOg4PsgUbqEBSDZueBzM6Fh4ALQQKFEBARA2mAjobgBMAAwV9G7iVW4IAegAbujM2f4B7cx4EDh5NtlZeFgIANbZxDjR2WDEKOHIGNl4SNlJSFNFE+ib6Hb9-lHZnmGDUSAAvtdAA
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-44.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a4d450d9f67e06c84c82a9a8c58cfc96fd91795b935201dace82e858732ddea6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 08:48:33 GMT
via
1.1 0dc81f450c72d91e34b5a0b41d441f28.cloudfront.net (CloudFront)
last-modified
Mon, 24 Aug 2020 04:40:42 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P2
age
14023
etag
"90eb1bf3b49429bde87a3b5f0b53e6a5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
128
x-amz-cf-id
ESvTJyp9EIUdT4ag7PzJvvHateMBDDOe5ehPCHDQr5cGYrjdYilCbg==
1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768-00001.ts
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7218 		821 KB
805 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768-00001.ts
Requested by
Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-7f40040d423dc64a5a13.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.85.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-85-70.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e944e6d1b0904bc0c1298fe828ec727bc6a9b46f0b4799e197a1a2acc46fb685

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Wed, 18 Oct 2023 17:02:01 GMT
Content-Encoding
gzip
Via
1.1 b4f7307b0bd82e33fcc14ab1b84bcd7c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD12-P2
Age
70815
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Mon, 24 May 2021 13:54:44 GMT
Server
AmazonS3
ETag
W/"9c6e79c618e52ccae61fce8e62e8cd50"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Vary
Accept-Encoding,Origin
X-Amz-Cf-Id
bIoyphW7tu3RYtRx_4m2yStVE9MeNknfelVG_9HI6HA4gD1y4W_IKQ==
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3117 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMwzTHyQxZZyAM4yYogbqj4rgBwAAAAA4AeAEAg&bg=!vb6lvvHNAAZy-tsgUvo7ADQBe5WfOE3jSUk4iriUL6HBnmLgTTg3l0gjirZLL1F5K9H9G4wdHD56DTkrzPKClgVrLX8zAgAAAH1SAAAABmgBB5kDGlPyabxf4MXDDVvqHwBP6LZtDauQFzNsVMawXvlpsR0xdz1JGOH2buXtLnkZJztnsGDUM99U1Ep0XOZFYM3ZHXvqku0WBFrf9nc9s8B1meGmEsXxQsHdHr52CJgdumj2Mj6Xy6jlIJLEJpr22FzZz7wTrzEruWEOW6bYWxYM38v2SDQJIQEXdvfk-5VKDXqGUAQrqCVvjwnMj3vIv06GD5QPbnyg0SQZG7zx11WZ-awoja5dUMj73G-O16yHIcASDp1W2jlhJULxJi7LP-jhhtoNW8-Tqm3Evp4lTCd5LxVPHbWtXeU4PIOpNIcFjBQ55AHaSmp8vGWzYRsnMFOWts9gHlGcs9-CKGRxdPy3zS3xTM79g5WX3pQi2b0Jl4zjypX9rIPWpf64ervscTxUBTfMwTbjHj0Rxt_SWDXbKK-fcE0Bc8FxLwYpquEQ55r7wiMJXZxVFk2zVwkC_OOReztYHozeAAjqSVxg5QVAreDJUiBEyMEGhY_AN9M9z-VbXzUnYeqeiuYBLTSSNPr0uLXPGNMX6TkWoQus_rA73eebTIHZfJBxn6qn65VV4HDUntL7ffbXsJomSextitcOpAnwvBsdlIjR_Pjy313HfqJqVnM7el1jj9JGXFS88Z3-nGu69NWoBHgLmUi8fit6dsV209KBYLFBMqGSVRI_-lntKroAl51HUcTTJVJbZqL5J83Sgm8jIV2I0j_SjT0TQPk74UY_QENzlaDCL5tdCsScU7AuZk9QcTLeig7iE5dqdma3AV6mYyQbFTmcLDs0ukOyEZgmU9_t8mW0Z2BTW12hXO8P_5idBbaHX0usZEXyjENx5-v8mexp_y3OuNYZdFmb_fnu1_O6lJ9_qr1uccQS5X0dwMv1kKjY4yVgTHlJkX0Fflso2hzo_02i_nmvS0Gowxvgdrotmi9M8pteunygBQUo8MPjUhvWdBTagd_ybANQZqSf_WdCdbqCozjhdjvWjvm-m4Tpc7t0Bn-bMQRRgdLsZQk28YlUEyQ3GENnDPSyLhj7jLqjZeO9aF9Jd5CD5dLMlGaTbgYI
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 82E3 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7vMyICQxZaPrA9f8owbU-7mgBAAAAAA4AeAEAg&bg=!SEulSwTNAAZy-tsgUvo7ADQBe5WfOC5d3o7jvFmppCLvE3gQU8uTdcb2dsF58oqjuglDaJ29e-gvXlSCRtewZbl4pBgXAgAAAIlSAAAABWgBB5kC_Kq9W6K_y_Juglwoj8JNEMjoqIhqiHSz8kNJB0uThVKDVVvUDy-BPqtb1k52oI0yTMOzKIiKHK9VWZLLcVFq3VBauXUcQ7cuSm1CAm1Rc5gK8v9vZwc6y-NmTWzVc142ZwkxWSqSunYEv66g58hGAyb9_w8rtPJA854KSQLEfNWXbteNzcW9Krbrg3-wj8Pw5HCFq8ovIi01775yIJbuRennfSkIKoRwPcZAIiz4WAHZZzUO978pkWz2QEaAYxD_bmoIcMcWRjZGJ3WzvOd7CE4f2ydx9ortv-YZAdkj5q9Ex_YYMmYFWdC3DAzqHd2bGF3RMA-OrdBohOdR7pR1Fvmi8IsCJt1JmgXC6BGRsAmnPUH-myokD1PWvSM7rf9-ccBv4-uAz7sxRpvS4iUImrgrO25ikEaABJM2RAN61lbjpBFT2slqmVlo8_mWjGLEUHqorTMugewv6xozdMuiWEviLCkOn0sV2eAOjl0STiVabdCflUYqnkDgw2IjL9GCIghYqNHEIXX352MHaeu5NymDV7f-vKs_T3Hd_Fpa2dO4gPYOGqqmjNy_P4BI4BhiH7bKqcZLMCyaNtSCfxnhm1oQkxiTcnRHvEI773cE4tsJ5ZHTI2_UFq1hqVhdIY-FCeQ97vGQGwJMVMR7n9T_oL53uAZ6_xhWdxrRiAE4IXjW_elo0rFIdqMssXd3FfsIsX1rjzH22d0-xV0X6s_X3ub4h8ZYjyek0RIFI1oU-4K2sElFezOyX7TT4dZxXVdToL_jIrYSr1fM6cWpikqAhLGvHJDtHhsn3idsHFCwSBFfmfcKGAGR51UuO5Yp751Ra3804v7gXFnXw5ikj78oCYxGw-Qi9VTShtQQBiRDHgoPWQY5P0yvl8bDagEPpwMiwruBHUMRUoCPfHRznMyBqjuAf0GyKO57_lbkfRiM65jq595iOxbLAfKOpp6K9guT-uMjqjRGH6mxoJRP29ZYbkvF3ABgOXfsbAD-dOvK0MWGS5U1Ax2g0i7k7My4
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7218 		79 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.85.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-85-70.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://arstechnica.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Range
bytes=65536-

Response headers

Date
Thu, 19 Oct 2023 07:33:37 GMT
Via
1.1 87bf84f333bc8ae1d8c723bf1e035c1e.cloudfront.net (CloudFront)
Last-Modified
Mon, 24 May 2021 13:51:20 GMT
Server
AmazonS3
X-Amz-Cf-Pop
IAD12-P2
Age
19159
ETag
"580642a938142bddde48207109f78d2b"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
video/mp4
Content-Range
bytes 65536-2480938/2480939
Connection
keep-alive
Accept-Ranges
bytes
X-Amz-Cf-Id
AVc3jhDEZc9Msz9uoz7ve63CBDYNRMmvIlF5XXe2k_nmWWybFgddrA==
Content-Length
2415403
async_usersync
ib.adnxs.com/ Frame 674C 		0
595 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.166 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:16 GMT
an-x-request-uuid
9f5b8e1e-cda3-4153-a717-afa9498bc913
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
446 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
99
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
FDPe-zhmngg5PYa7Jy-sKuCKzyOitugcng_dxuP_R015LOR5s9zTog==
async_usersync
ib.adnxs.com/ Frame 674C 		0
595 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.166 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:17 GMT
an-x-request-uuid
0c26efc5-307d-4737-964d-fd5d622317c6
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2023-10-19T12%3A42%3A19.293Z&_t=timespent&cBr=Ars%20Technica&cKe=google%7Cmalvertising%7Cmalware%7Cpunycode&cCh=security&cTi=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&org_id=4gKgcFGUFUvCGFzHakTPfYp85Yi8&cCl=725&cId=1977141&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&pRt=referral&pHp=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pRr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6500&pSw=1600&pSh=1200&uID=9987f057-656e-4537-867f-3b49d2e5f732&sID=80447642-8672-4ac6-bf2d-51db90babe97&pID=e15ded94-427e-408f-9626-8e232f61f119&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=general&xID=c4a2eec5-5efa-4c38-9ead-992e087dd9aa&_v=5000&environment=prod&origin=ars-technica
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:19 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
ibs:dpid=21&dpuuid=213690604674005760427
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=34431699753981877840035079370966194637
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=213690604674005760427
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=21&dpuuid=213690604674005760427
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-0f9299396.edge-va6.demdex.com 4 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
AAm/BIapQq8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:19 GMT
via
1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
server
AAWebServer
x-amz-cf-pop
IAD89-C1
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://dpm.demdex.net/ibs:dpid=21&dpuuid=213690604674005760427
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-cache
Miss from cloudfront
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
x-amz-cf-id
IcmB-PAdnzynetIGnEqYH3rKqWondVx5_72_7wHV77k7Q_4H_ygysw==
expires
0
ibs:dpid=269&dpuuid=77376531-242c-4b00-a1e6-022bbb3c0cb5&ddsuuid=34431699753981877840035079370966194637
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=34431699753981877840035079370966194637&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d34431699753981...
  • https://dpm.demdex.net/ibs:dpid=269&dpuuid=77376531-242c-4b00-a1e6-022bbb3c0cb5&ddsuuid=34431699753981877840035079370966194637
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=269&dpuuid=77376531-242c-4b00-a1e6-022bbb3c0cb5&ddsuuid=34431699753981877840035079370966194637
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0e3924c67.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
4f7KdytmTD8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date
Thu, 19 Oct 2023 12:42:20 GMT
Server
MT3 1075 283b7e3 master ord ord-pixel-x15 config_version:"1969"
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://dpm.demdex.net/ibs:dpid=269&dpuuid=77376531-242c-4b00-a1e6-022bbb3c0cb5&ddsuuid=34431699753981877840035079370966194637
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 19 Oct 2023 12:42:19 GMT
collect
analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-P1P55J3LNW&gtm=45je3ai0&_p=1279237386&cid=1498663598.1697719324&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&dl=%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&dr=%2F&sid=1697719334&sct=1&seg=0&dt=Google-hosted%20malvertising%20leads%20to%20fake%20Keepass%20site%20that%20looks%20genuine%20%7C%20Ars%20Technica
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-P1P55J3LNW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://arstechnica.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
load77.exelator.com/ Frame BE70
Redirect Chain
  • https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=34431699753981877840035079370966194637
  • https://load77.exelator.com/pixel.gif
43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://load77.exelator.com/pixel.gif
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
156.146.36.23 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
137173278.nyc.cdn77.com
Software
CDN77-Turbo /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-77-pop
newyorkUSNY
date
Thu, 19 Oct 2023 12:42:19 GMT
x-cache
HIT
x-77-cache
HIT
x-age
797435
x-accel-date
1696921904
content-length
43
x-77-nzt
AZySJBY3Nzf/+yoMAA
x-accel-expires
@1697958704
x-77-age
797435
last-modified
Wed, 25 Oct 2017 17:03:56 GMT
server
CDN77-Turbo
etag
"59f0c3fc-2b"
x-77-nzt-ray
1e192d085632297c2b24316512d08227
content-type
image/gif
access-control-allow-origin
*
accept-ranges
bytes

Redirect headers

date
Thu, 19 Oct 2023 12:42:19 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://load77.exelator.com/pixel.gif
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
content-length
0
ibs:dpid=420&dpuuid=6531242cedd3fd31
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://su.addthis.com/red/usync?pid=16&puid=34431699753981877840035079370966194637&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D420%26dpuuid%3D%7B%7Buid%7D%7D
  • https://dpm.demdex.net/ibs:dpid=420&dpuuid=6531242cedd3fd31
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=420&dpuuid=6531242cedd3fd31
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-01436f9b7.edge-va6.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
olazu366RvQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=420&dpuuid=6531242cedd3fd31
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:20 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
ibs:dpid=477&dpuuid=214fc648dea0fd0c46e99dcc6e1c813b00a895d9fd349d473fdc4b464149103db0da87c991749652
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=34431699753981877840035079370966194637
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=214fc648dea0fd0c46e99dcc6e1c813b00a895d9fd349d473fdc4b464149103db0da87c991749652
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=214fc648dea0fd0c46e99dcc6e1c813b00a895d9fd349d473fdc4b464149103db0da87c991749652
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0bcd670fd.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
e0XU2AVGS1U=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Thu, 19 Oct 2023 12:42:19 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=214fc648dea0fd0c46e99dcc6e1c813b00a895d9fd349d473fdc4b464149103db0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ibs:dpid=358&dpuuid=2587657505101497831
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=2587657505101497831
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2587657505101497831
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-0a8d0b09b.edge-va6.demdex.com 1 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
2HBn4QpbRxw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:19 GMT
an-x-request-uuid
826a42b8-8793-4773-abee-3cc8dd6331a8
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2587657505101497831
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
365868.gif
idsync.rlcdn.com/ Frame BE70 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/365868.gif?partner_uid=34431699753981877840035079370966194637
Requested by
Host: condenast.demdex.net
URL: https://condenast.demdex.net/dest5.html?d_nsid=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:20 GMT
via
1.1 google
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
ibs:dpid=481&dpuuid=LNX694ZK-1C-FIOA
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://token.rubiconproject.com/token?pid=6404&puid=34431699753981877840035079370966194637&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/ibs:dpid=481&dpuuid=LNX694ZK-1C-FIOA?gdpr=0
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=481&dpuuid=LNX694ZK-1C-FIOA?gdpr=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-0ce12e872.edge-va6.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
qzQeRtwUT6w=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=481&dpuuid=LNX694ZK-1C-FIOA?gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
83041abbe8494cb29eff3083edd6dff6
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ibs:dpid=134096&dpuuid=2023101912422000016192731653
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=34431699753981877840035079370966194637&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2023101912422000016192731653
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2023101912422000016192731653
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-02830d980.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
F5EH3mqWTBU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2023101912422000016192731653
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:20 GMT
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=2628000
content-length
0
expires
Thu, 19 Oct 2023 12:42:20 GMT
ibs:dpid=540&dpuuid=799ee752-e8b5-42ef-94ee-452166b4bfab
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=34431699753981877840035079370...
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=799ee752-e8b5-42ef-94ee-452166b4bfab
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=540&dpuuid=799ee752-e8b5-42ef-94ee-452166b4bfab
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-05658b52b.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
1PLW7INUS5g=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Thu, 19 Oct 2023 12:42:20 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://dpm.demdex.net/ibs:dpid=540&dpuuid=799ee752-e8b5-42ef-94ee-452166b4bfab
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ibs:dpid=601&dpuuid=212313511602561&random=1697719340
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://dp2.33across.com/ps/?pid=897&random=1552049203
  • https://dpm.demdex.net/ibs:dpid=601&dpuuid=212313511602561&random=1697719340
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=601&dpuuid=212313511602561&random=1697719340
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0c7a47ee4.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
kdOIIvj8Saw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:20 GMT
referrer-policy
unsafe-url
server
33XP015
x-33x-status
200004000C
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://dpm.demdex.net/ibs:dpid=601&dpuuid=212313511602561&random=1697719340
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
102
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
3jBYKki_BZgLldlg_-IZcj2WDQH04UyYnK1mc4bOFfYtore3RU_qwQ==
ibs:dpid=771&dpuuid=CAESEKGnO7X79LFZFRe57890P48&google_cver=1
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MzQ0MzE2OTk3NTM5ODE4Nzc4NDAwMzUwNzkzNzA5NjYxOTQ2Mzc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKGnO7X79LFZFRe57890P48&google_cver=1?gdpr=0&gdpr_consent=
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKGnO7X79LFZFRe57890P48&google_cver=1?gdpr=0&gdpr_consent=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-048b3aac2.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
K66dfLgnQno=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:20 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKGnO7X79LFZFRe57890P48&google_cver=1?gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=992&dpuuid=18gopqxptl8xa
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=34431699753981877840035079370966194637
  • https://dpm.demdex.net/ibs:dpid=992&dpuuid=18gopqxptl8xa
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=992&dpuuid=18gopqxptl8xa
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-0a0a7819b.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
tuBDaoXAR6w=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:21 GMT
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://dpm.demdex.net/ibs:dpid=992&dpuuid=18gopqxptl8xa
cache-control
no-cache
cf-ray
818919bddbc036d1-YYZ
content-length
0
adsct
analytics.twitter.com/i/ Frame BE70 		43 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?p_user_id=34431699753981877840035079370966194637&p_id=38594
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-response-time
5
date
Thu, 19 Oct 2023 12:42:20 GMT
strict-transport-security
max-age=631138519
server
tsa_b
content-type
image/gif;charset=utf-8
x-transaction-id
702930754b99a136
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
661bd4265889a3b7b2d8d54c93ed6a0c3f1ccacead58b4b20aeacd95c5b1d803
content-length
43
ibs:dpid=903&dpuuid=f9a8042c-c9a0-4948-ac45-f91d636ac944
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=arstechnica.com&ttd_tpi=1
  • https://dpm.demdex.net/ibs:dpid=903&dpuuid=f9a8042c-c9a0-4948-ac45-f91d636ac944
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=903&dpuuid=f9a8042c-c9a0-4948-ac45-f91d636ac944
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-0c95d5a5b.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
4YRB00fxQdE=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=903&dpuuid=f9a8042c-c9a0-4948-ac45-f91d636ac944
date
Thu, 19 Oct 2023 12:42:20 GMT
server
Kestrel
content-length
189
ibs:dpid=1175&gdpr=0&dpuuid=eoxrGX6NaU1hjjlJeo11HH-BaR1h2D0ZeY-rGOMK
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=eoxrGX6NaU1hjjlJeo11HH-BaR1h2D0ZeY-rGOMK
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=eoxrGX6NaU1hjjlJeo11HH-BaR1h2D0ZeY-rGOMK
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-0ea5ab515.edge-va6.demdex.com 1 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
5VGn5FY1TS8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:20 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=eoxrGX6NaU1hjjlJeo11HH-BaR1h2D0ZeY-rGOMK
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
px
p.adsymptotic.com/d/ Frame BE70 		0
0
ibs:dpid=22069&dpuuid=2030681741874
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://tag.yieldoptimizer.com/ps/ps?t=i&p=2233
  • https://tag.yieldoptimizer.com/ps/ps?tc=371328481&t=i&p=2233
  • https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2030681741874
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2030681741874
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0399ae0bf.edge-va6.demdex.com 4 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
PMWaOdiUScU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:21 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
location
https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2030681741874
cache-control
no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
ibs:dpid=575&dpuuid=3318734539864493205
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=34431699753981877840035079370966194637
  • https://dpm.demdex.net/ibs:dpid=575&dpuuid=3318734539864493205
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=575&dpuuid=3318734539864493205
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0c7a47ee4.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
gB3xG/PBQQs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 google
server
Apache-Coyote/1.1
anserver
gapp11.c.datonics-gcp-01.internal
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin
*
location
https://dpm.demdex.net/ibs:dpid=575&dpuuid=3318734539864493205
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
expires
Mon, 1 Jan 1990 0:0:0 GMT
ibs:dpid=53196&dpuuid=Q7510057411042118612
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7510057411042118612&uid=Q7510057411042118612&ref=%2Feucm%2Fp%2Fadpq
  • https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7510057411042118612
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7510057411042118612
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0e3924c67.edge-va6.demdex.com 5 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
egd6RMcMS84=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date
Thu, 19 Oct 2023 12:42:22 GMT
Server
Apache/2.4.6 (CentOS)
X-Powered-By
PHP/7.3.33
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7510057411042118612
Content-Type
text/html
Cache-Control
max-age=23963
Connection
keep-alive
Content-Length
154
ibs:dpid=73426&dpuuid=34431699753981877840035079370966194637
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=34431699753981877840035079370966194637&rn=1697719323823&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D344316997539818...
  • https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=34431699753981877840035079370966194637&rn=1697719323823&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D34431699753981...
  • https://dpm.demdex.net/ibs:dpid=73426&dpuuid=34431699753981877840035079370966194637
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=34431699753981877840035079370966194637
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-03b4eaea2.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Ckd1PlCcQWs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Thu, 19 Oct 2023 12:42:25 GMT
via
1.1 4eed67f4be7da2537d3407735b8962a8.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
IAD55-P4
x-cache
Miss from cloudfront
location
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=34431699753981877840035079370966194637
content-length
0
x-amz-cf-id
wBKABo1_BekOQ2G_gN7QmmtS16KT3cISlZDWTagM7gZrbk8XO4Jc3g==
sn.ashx
dpm.demdex.net/ibs:dpid=75557&dpuuid=R35CAB_10ACBAF21_2585BDCB&redir=https://abp.mxptint.net/ Frame BE70
Redirect Chain
  • https://abp.mxptint.net/sn.ashx
  • https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R35CAB_10ACBAF21_2585BDCB&redir=https://abp.mxptint.net/sn.ashx?ak=1
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R35CAB_10ACBAF21_2585BDCB&redir=https://abp.mxptint.net/sn.ashx?ak=1
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-06f4cd915.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
hTh56G7cRHg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R35CAB_10ACBAF21_2585BDCB&redir=https://abp.mxptint.net/sn.ashx?ak=1
Date
Thu, 19 Oct 2023 12:42:21 GMT
Cache-Control
private
Strict-Transport-Security
max-age=-380724141; includeSubDomains
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
238
Content-Type
text/html; charset=utf-8
ibs:dpid=79908&dpuuid=c:84888ba07ff8c65fce2ee74b5335ee14
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=124&cm=34431699753981877840035079370966194637&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D79908%26dpuuid%3D%7Bvisitor_id%7D
  • https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:84888ba07ff8c65fce2ee74b5335ee14
42 B
954 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:84888ba07ff8c65fce2ee74b5335ee14
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-01bb96a7f.edge-va6.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Xx5K5YFkQ0E=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error
300
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Thu, 19 Oct 2023 12:42:22 GMT
server
Aorta/20231013.3e27223b3
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
location
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:84888ba07ff8c65fce2ee74b5335ee14
access-control-allow-origin
*
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
cb6fb0cdacc2
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
0
ibs:dpid=66757
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=adobe&id=34431699753981877840035079370966194637
  • https://dpm.demdex.net/ibs:dpid=66757?id=34431699753981877840035079370966194637&dpuuid=P3ULRs0Y
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=66757?id=34431699753981877840035079370966194637&dpuuid=P3ULRs0Y
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v051-001ad7028.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
eSmdJ2z6TC8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
//dpm.demdex.net/ibs:dpid=66757?id=34431699753981877840035079370966194637&dpuuid=P3ULRs0Y
date
Thu, 19 Oct 2023 12:42:22 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a021-ash-prod.krxd.net
ibs:dpid=121998&dpuuid=e4fdfa95c53e1e783d66048731a1745b
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=34431699753981877840035079370966194637?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=34431699753981877840035079370966194637?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=e4fdfa95c53e1e783d66048731a1745b
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=e4fdfa95c53e1e783d66048731a1745b
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0ff2ee0c6.edge-va6.demdex.com 1 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
QtU6Em9RQik=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:26 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=e4fdfa95c53e1e783d66048731a1745b
cache-control
no-cache
x-server
10.40.1.120
content-length
0
expires
0
u
dmp.v.fwmrm.net/ad/ Frame BE70 		0
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid%3D%23%7Buser.id%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.144.50.154 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-144-50-154.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Oct 2023 12:42:22 GMT
X-Fw-Request-Id
umo137b_1697719342415439525
Content-Type
text/html
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Keep-Alive
timeout=300
Content-Length
0
Expires
0
pixel
cm.g.doubleclick.net/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WlRFa0hRQUFBTFpFNXdOXw==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WlRFa0hRQUFBTFpFNXdOXw==
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
142.251.163.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f154.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719342.057732,VS0,VE0
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WlRFa0hRQUFBTFpFNXdOXw==
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tap.php
pixel.rubiconproject.com/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZTEkHQAAALZE5wN_&expires=90
42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZTEkHQAAALZE5wN_&expires=90
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
c1df09169f58a071f2a391dff1b3307b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719342.158054,VS0,VE0
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZTEkHQAAALZE5wN_&expires=90
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
rum
dsum-sec.casalemedia.com/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZTEkHQAAALZE5wN_
43 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZTEkHQAAALZE5wN_
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2FPQK4tImkYfxmoLnW7ulwPfiJELTAj63HbLswaGKKaYlW88khSFWSd8lGSqcoX%2FZem9UKTLtCqKunk9SudpiQxl2oXQNKC8jATFxzmXhc%2Fi%2BLmuO9C3opYCpCIBgYbShvywTAhL9gCsyg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
818919c14a360f77-EWR
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719342.259679,VS0,VE0
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZTEkHQAAALZE5wN_
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
setuid
ib.adnxs.com/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
  • https://ib.adnxs.com/setuid?entity=158&code=ZTEkHQAAALZE5wN_
43 B
882 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=158&code=ZTEkHQAAALZE5wN_
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
68.67.179.166 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
an-x-request-uuid
a7951be1-1439-40c0-abf4-02632de5c997
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
37.19.212.193; 37.19.212.193; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719342.360208,VS0,VE0
x-cache
HIT
location
https://ib.adnxs.com/setuid?entity=158&code=ZTEkHQAAALZE5wN_
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
sd
us-u.openx.net/w/1.0/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719342.460991,VS0,VE0
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZTEkHQAAALZE5wN_
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
Pug
image2.pubmatic.com/AdServer/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZTEkHQAAALZE5wN_
1 B
321 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZTEkHQAAALZE5wN_
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Thu, 19 Oct 2023 12:42:22 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719343.561513,VS0,VE0
x-cache
HIT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZTEkHQAAALZE5wN_
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
partner
sync.search.spotxchange.com/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZTEkHQAAALZE5wN_&img=1
0
0
b.php
www.facebook.com/fr/ Frame BE70
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZTEkHQAAALZE5wN_&t=2592000&o=0
43 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZTEkHQAAALZE5wN_&t=2592000&o=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H3
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 05:42:22 PDT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
pragma
public
x-fb-debug
0i20R5i/ngl6sYYoc8qQBDK1IFG/7F/TpRxVKmnH7F241qtmM8mod/6EFc1qS9hN1+39urhDVYUsK18syVlmWw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type
image/gif
origin-agent-cluster
?0
cache-control
public, max-age=0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority
u=3,i
expires
Thu, 19 Oct 2023 05:42:22 PDT

Redirect headers

x-served-by
cache-yyz4557-YYZ
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1697719343.763348,VS0,VE0
x-cache
HIT
location
https://www.facebook.com/fr/b.php?p=1531105787105294&e=ZTEkHQAAALZE5wN_&t=2592000&o=0
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
ibs:dpid=161033&dpuuid=
dpm.demdex.net/ Frame BE70
Redirect Chain
  • https://pixel.onaudience.com/?partner=130&mapped=34431699753981877840035079370966194637&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D161033%26dpuuid%3D%25m
  • https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
42 B
958 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Server
52.45.99.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-99-63.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v051-0e3924c67.edge-va6.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
TswWBVdpQKw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error
300,104
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
content-length
0
image.sbix
global.ib-ibi.com/ Frame BE70 		0
72 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://global.ib-ibi.com/image.sbix?go=244346&pid=268&xid=34431699753981877840035079370966194637
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.0
Security
TLS 1.2, RSA, AES_256_CBC
Server
69.169.85.6 , United States, ASN29838 (AMC, US),
Reverse DNS
Software
BigIP /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Connection
close
Content-Length
0
Server
BigIP
pixel.gif
px.moatads.com/ 		43 B
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=25&q=2&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=7&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=1&ak=https%3A%2F%2Fs0.2mdn.net%2Fsimgad%2F10013916123554137403&i=CONDECW3&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2Ba%24%3D!!t%2BxBk_lLgxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7B%2CNr1U*%26ujMUU9%3C%24kBjqI&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-S4SpS2PucglBbk5475S6XrSoK4rogWbxm7rLGdl3vY3c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-iHtHGE5B1zA1OQ%3D%3D&sc=1&os=1-sg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=420&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=5&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&id=1&ii=4&cm=0&f=0&j=&t=1697719328180&de=540901736558&cu=1697719328180&m=15029&ar=0c7a73c5c3d-clean&iw=ceeff3c&cb=0&ym=0&ll=2&lm=0&ln=1&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6527&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=90&vx=90%3A90%3A-&pe=1%3A351%3A351%3A0%3A514&as=1&ag=15023&an=10198&gf=0&gg=0&ix=0&ic=0&ez=1&ck=1010&kw=811&aj=1&pg=90&pf=90&ib=1&cc=1&bw=15023&bx=10198&ci=1010&jz=811&dj=1&aa=1&ad=14924&cn=10099&gk=0&gl=0&ik=0&co=1113&cp=1011&cq=1&im=0&in=0&pd=0&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=14824&cd=9998&ah=14824&am=9998&xd=00&rf=0&re=1&ft=5052&fv=3743&fw=3743&wb=1&cl=0&at=0&d=4478484671%3A3258585100%3A6395452770%3A138450351042&zMoatPlacID=21698288293&bo=21698048816&bp=21698288293&bd=Undefined&zMoatPT=article&zMoatST=siderail&zMoatLL=Lazy%20Load%20Not%20Defined&zMoatRFSH=Refresh%20Not%20Defined&zMoatNoRFSH=true&dfp=0%2C1&la=21698288293&zMoatAltSL=bo%3AzMoatAdUnit2%3AzMoatAdUnit3&gw=condenastdfp9588492144&zMoatOrigSlicer1=21698048816&zMoatOrigSlicer2=21698288293&zMoatPS=siderail_0&zMoatCNS=6.72.17&zMoatSZ=300x600&zMoatKWPos=Undefined&zMoatPlat=wordpress&zMoatMMV_MAX=na&dfpSlotId=siderail_0&zMoatCURL=arstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=2&jm=-1&tz=siderail_0&iq=na&tt=na&tc=0&fs=205668&na=2081364204&cs=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:23 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
x-akamai-ew-subworker
8096267
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 19 Oct 2023 12:42:23 GMT
pixel.gif
px.moatads.com/ 		43 B
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=25&q=2&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=7&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=1&ak=https%3A%2F%2Fs0.2mdn.net%2Fsimgad%2F11384173780447929955&i=CONDECW3&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2Ba%24%3D!!t%2BxBk_lLgxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7B%2CNr1U*%26ujMUU9%3C%24kBjqI&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-S4SpS2PucglBbk5475S6XrSoK4rogWbxm7rLGdl3vY3c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-iHtHGE5B1zA1OQ%3D%3D&sc=1&os=1-sg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=420&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=6&h=250&w=970&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&id=1&ii=4&cm=0&f=0&j=&t=1697719328041&de=802611178714&cu=1697719328041&m=15184&ar=0c7a73c5c3d-clean&iw=ceeff3c&cb=0&ym=0&ll=2&lm=0&ln=1&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6527&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A351%3A351%3A0%3A514&as=1&ag=15172&an=10142&gi=1&gf=15172&gg=10142&ix=15172&ic=15172&ez=1&ck=1198&kw=1000&aj=1&pg=100&pf=100&ib=0&cc=1&bw=15172&bx=10142&ci=1198&jz=1000&dj=1&aa=1&ad=15074&cn=10044&gn=1&gk=15074&gl=10044&ik=15074&co=1100&cp=1000&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=14974&cd=9945&ah=14974&am=9945&xd=00&rf=0&re=1&ft=10111&fv=8601&fw=1100&wb=2&cl=0&at=0&d=4478484671%3A3258585100%3A6395454414%3A138450351855&zMoatPlacID=21698049734&bo=21698048816&bp=21698049734&bd=Undefined&zMoatPT=article&zMoatST=post_nav&zMoatLL=Lazy%20Load%20Not%20Defined&zMoatRFSH=Refresh%20Not%20Defined&zMoatNoRFSH=true&dfp=0%2C1&la=21698049734&zMoatAltSL=bo%3AzMoatAdUnit2%3AzMoatAdUnit3&gw=condenastdfp9588492144&zMoatOrigSlicer1=21698048816&zMoatOrigSlicer2=21698049734&zMoatPS=post_nav_0&zMoatCNS=6.72.17&zMoatSZ=970x250&zMoatKWPos=Undefined&zMoatPlat=wordpress&zMoatMMV_MAX=na&dfpSlotId=post_nav_0&zMoatCURL=arstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine&zMoatDev=Desktop&hv=DCM%20ins&ab=3&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jm=-1&tz=post_nav_0&iq=na&tt=na&tc=0&fs=205668&na=226231572&cs=0
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.65.174 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-65-174.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Oct 2023 12:42:23 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
x-akamai-ew-subworker
8096267
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 19 Oct 2023 12:42:23 GMT
perf
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 		0
520 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/perf?tvi48=11657&tvi50=10882&route=US%3ACH%3AV&lti=block-clicks-recurring-click-200_ctrl
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.124.48 Chicago, United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://arstechnica.com
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:23 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
448 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
105
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
YAO5qlbYXihEP73iFY5bHElxDV1lHIHq8WcJRx4SWYYOid0ckUFJPg==
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
108
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
fvZycbpX-g3dSLFf_m6wtxaKLAWCmE8b20qoiFBJUpWlzoHoqMkNfQ==
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
111
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
PENTF0u1a-TfBwTp4FaKvpDzTE16tvLEMNzP7mtPILGfXHacW341TA==
action_links.json
fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ 		4 B
448 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_arstechnica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.112.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-112-47.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 12:42:17 GMT
via
1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
last-modified
Sun, 19 Dec 2021 11:43:11 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P2
age
114
etag
"5ad5cc4d26869082efd29c436b57384a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-cache
Error from cloudfront
accept-ranges
bytes
content-length
4
x-amz-cf-id
hTkq_kZ72zCJEmsLjYwkIRxDFehkRmKTEbH29-9IAcFEj3TMrJrChA==
perf
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 		0
520 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/perf?tvi48=11657&tvi50=10882&route=US%3ACH%3AV&lti=block-clicks-recurring-click-200_ctrl
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231008-7-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.124.48 Chicago, United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://arstechnica.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://arstechnica.com
pragma
no-cache
date
Thu, 19 Oct 2023 12:42:33 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&app=playerservice&cCh=videos%2Fshow&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pID=&sID=&uId=&xid=&_ts=2023-10-19T12%3A42%3A33.570Z&_c=error&_t=WaitForPageCreateError&dim1=%7B%7D&dim3=Waited%20longer%20than%2030%20seconds%20for%20pageCreated.
Requested by
Host: arstechnica.com
URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.152.126.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-126-180.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://arstechnica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 19 Oct 2023 12:42:33 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.ads-twitter.com
URL
https://static.ads-twitter.com/uwt.js
Domain
pippio.com
URL
https://pippio.com/api/sync?pid=5324&it=1&iv=f05e7c1e284e94d742f973e0684d9be6051c26a07c9c33816e2de758d0f46eda791426b5417dce21&_=2
Domain
www.datadoghq-browser-agent.com
URL
https://www.datadoghq-browser-agent.com/datadog-logs-v4.js
Domain
tag.bounceexchange.com
URL
https://tag.bounceexchange.com/2806/i.js
Domain
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co
URL
https://bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/v2.0/pxid?k=3c5b06e3-9636-482d-9481-33025da5def5
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/getuidj
Domain
sstats.arstechnica.com
URL
https://sstats.arstechnica.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=F7093025512D2B690A490D44%40AdobeOrg&mid=34241446491896258090013855168068359444&ts=1697719323936
Domain
aax.amazon-adsystem.com
URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&pid=dUy69cdzQr8U7&cb=0&ws=1600x1200&v=23.1010.1530&t=1000&slots=%5B%7B%22sd%22%3A%22post_nav_0%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22hero%2Fdesktop%22%7D%2C%7B%22sd%22%3A%22siderail_0%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22rail%2Fdesktop%22%7D%5D&pj=%7B%22si_section%22%3A%22security%22%2C%22us_privacy%22%3A%221---%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Domain
tlx.3lift.com
URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.12.0&referrer=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&tmax=1000&us_privacy=1---
Domain
prebid.media.net
URL
https://prebid.media.net/rtb/prebid?cid=8CU65UN7R
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/ut/v3/prebid
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&site_id=307072&zone_id=1552962&size_id=2&alt_size_ids=57&us_privacy=1---&rf=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&tg_i.domain=arstechnica.com&tg_i.page=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&tg_i.cnt_tags=google-2%2Cmalvertising%2Cmalware%2Cpunycode&tg_i.pbadslot=3379%2Fconde.ars%2Fhero%2Fsecurity%2Farticle%2F1&tk_flint=pbjs_lite_v8.12.0&l_pb_bid_id=10e895a0b9b0472&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&p_gpid=3379%2Fconde.ars%2Fhero%2Fsecurity%2Farticle%2F1&slots=1&rand=0.4420977760818574
Domain
htlb.casalemedia.com
URL
https://htlb.casalemedia.com/openrtb/pbjs?s=375848
Domain
rtb.openx.net
URL
https://rtb.openx.net/openrtbb/prebidjs
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&site_id=307072&zone_id=1552988&size_id=15&alt_size_ids=10&us_privacy=1---&rf=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&tg_i.domain=arstechnica.com&tg_i.page=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&tg_i.cnt_tags=google-2%2Cmalvertising%2Cmalware%2Cpunycode&tg_i.pbadslot=3379%2Fconde.ars%2Frail%2Fsecurity%2Farticle%2F1&tk_flint=pbjs_lite_v8.12.0&l_pb_bid_id=18eda3d71b5c919&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&p_gpid=3379%2Fconde.ars%2Frail%2Fsecurity%2Farticle%2F1&slots=1&rand=0.4640244786429597
Domain
rtb.openx.net
URL
https://rtb.openx.net/openrtbb/prebidjs
Domain
htlb.casalemedia.com
URL
https://htlb.casalemedia.com/openrtb/pbjs?s=375865
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/ut/v3/prebid
Domain
prebid.media.net
URL
https://prebid.media.net/rtb/prebid?cid=8CU65UN7R
Domain
p.adsymptotic.com
URL
https://p.adsymptotic.com/d/px?_pid=11693&_psign=bf265992ae7fbdc1ab4b39651c157974&_puuid=34431699753981877840035079370966194637&_rand=867256498&_pp=adobeXtest&_redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=1524%26dpuuid=${UUID}
Domain
sync.search.spotxchange.com
URL
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZTEkHQAAALZE5wN_&img=1

Verdicts & Comments Add Verdict or Comment

244 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| ars object| OneTrustStub function| OptanonWrapper function| __uspapi object| usPrivacyCookie object| gamoo object| otCcpaOptOut function| dnsfeed object| dataLayer object| googletag object| cns object| sparrowQueue function| arsAdHeightManager function| adsStaticHeight function| admiral object| _taboola object| Twig object| Arrive function| FPCountdown function| $ function| jQuery function| moment function| UAParser function| purl function| twig function| EvEmitter function| imagesLoaded function| easydropdown function| m function| transitionEnd function| arsVideoModulePlayerReady27548757 object| __memo_config object| TRC function| _typeof object| _tblConsole undefined| msg object| __otccpaooLocation function| get_real_link object| __SKIM_JS_GLOBAL__ object| skimlinksAPI string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData function| iFrameResize function| 4dm1r11545242527 object| google_tag_manager object| google_tag_data object| performanceConsent object| functionalConsent object| targetingConsent string| b object| h string| hash object| ggeac object| google_js_reporting_queue object| cnBus object| _perfRefForUserTimingPolyfill object| fastdom object| snowplowQueue object| __iasPET function| moatYieldReady object| permutive object| BOOMR_mq object| apstag object| pbjs function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcWarnUsingBeacon function| __trcDOMWalker function| __trcJSONify function| __trcUnJSONify function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| PageManager function| addHashParam number| trc_debug_level string| trc_article_id object| TRCImpl number| taboola_view_id object| PolarConde object| NATIVEADS object| NATIVEADS_QUEUE object| MEMO object| core object| _cne object| diagPixSentCodes object| __iasAdRefreshConfig object| pbjsChunk object| _pbjsGlobals object| mnet function| isAnExcludedLink object| Optanon object| OneTrust function| e object| visitor object| adobe function| Visitor object| s_c_il number| s_c_in function| DIL object| dilInstance object| _qevents function| twq function| getVisitNumCustom number| d string| _linkedin_partner_id object| _linkedin_data_partner_ids function| fbq function| _fbq function| hj object| _hjSettings string| TiktokAnalyticsObject object| ttq object| scrEm function| obApi undefined| google_measure_js_timing object| DD_LOGS object| _aps boolean| apstagLOADED object| apscustom string| referrer object| urlParams string| queryString string| fullUrl object| myParam object| publishDate object| now string| GoogleAnalyticsObject function| ga object| _aam_dataLayer undefined| userId boolean| _aam_spa object| NATIVEADS_STORE undefined| ct undefined| et undefined| hourElapsed undefined| pixelDomain undefined| isDomless undefined| documentReferrer undefined| isBeta undefined| viewHash undefined| tagType undefined| pxSrc undefined| moat_px object| Moat#G26 object| MoatSuperV26 object| MoatNadoAllJsonpRequest_14059005 object| Moat#PML#26#1.2 boolean| Moat#EVA object| moatPrebidApi string| nam object| placementData function| quantserve function| __qc object| ezt object| _qoptions number| google_unique_id object| gaGlobal object| Sailthru object| auvars object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| Criteo object| regeneratorRuntime object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| PARSELY object| SparrowConfigV2 function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| apiObj object| teadsscript object| teads function| docReady object| au object| autag object| hadron boolean| __halo_loaded__ object| process function| lintrk boolean| _already_called_lintrk object| googDdmPs object| gaplugins object| SparrowCache function| Sparrow boolean| sparrowInitialize object| _4d object| sparrow object| trx function| md5 object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_prebid_139 object| Criteo_prebid_139 number| measureInterval object| gaData object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator object| google object| closure_lm_442703 object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$companion_ad_selection_settings object| closure_lm_768136 function| arrive function| unbindArrive function| leave function| unbindLeave

165 Cookies

Domain/Path Name / Value
.taboola.com/condenast-arstechnica/ Name: taboola_session_id
Value: v2_17e087eccfea6bdb1dcdd4a19d30ea9d_6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b_1697719323_1697719323_CNawjgYQ1O1cGOKW1L-0MSABKAEwJjiJ6AdAsvEHSOzZ2ANQ____________AVgAYABo6M-UzoD43eJUcAE
.3lift.com/sync Name: sync
Value: CgoIoQEQ_9vUv7QxCgoI4gEQ_9vUv7QxCgoItAIQ_9vUv7QxCgoI5gEQ_9vUv7QxCgoIhwIQ_9vUv7QxCgoItwIQ_9vUv7QxCgkIOhD_29S_tDEKCgiMAhD_29S_tDEKCQhfEP_b1L-0MQoJCB8Q_9vUv7Qx
cdn.taboola.com/ Name: abLdr
Value: 5
arstechnica.com/ Name: usprivacy
Value: 1---
arstechnica.com/ Name: __srret
Value: 1
.arstechnica.com/ Name: _gcl_au
Value: 1.1.683015772.1697719324
arstechnica.com/ Name: CN_visits_m
Value: 1698822000704%26vn%3D1
arstechnica.com/ Name: CN_in_visit_m
Value: true
.demdex.net/ Name: demdex
Value: 34431699753981877840035079370966194637
.arstechnica.com/ Name: permutive-id
Value: 0d0f53e2-8056-4315-afc6-5d135b997184
.arstechnica.com/ Name: AMCVS_F7093025512D2B690A490D44%40AdobeOrg
Value: 1
.taboola.com/ Name: t_gid
Value: 6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
.taboola.com/ Name: t_pt_gid
Value: 6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
.arstechnica.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Oct+19+2023+05%3A42%3A04+GMT-0700+(Pacific+Daylight+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=cd8277e9-3a2c-42e3-ab2e-2dd9c95f3cee&interactionCount=0&landingPath=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F10%2Fgoogle-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine%2F&groups=C0001%3A1%2CC0003%3A1%2CC0004%3A1%2CC0002%3A1
arstechnica.com/ Name: trc_cookie_storage
Value: taboola%2520global%253Auser-id%3D6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b
.arstechnica.com/ Name: _awl
Value: 2.1697719324.5-b330e7c11d124ee374bf6261dc4a5e47-6763652d75732d63656e7472616c31-0
.arstechnica.com/ Name: __gads
Value: ID=b66362e837050d1e:T=1697719324:RT=1697719324:S=ALNI_MaP5WsfuLYyja1oqA6ZFeFCkz0eVw
.arstechnica.com/ Name: __gpi
Value: UID=00000d9aee521ea6:T=1697719324:RT=1697719324:S=ALNI_MY7th0c5NioG9AS5H6cVddSOQQnKQ
.doubleclick.net/ Name: IDE
Value: AHWqTUm55uzeTT4HCGbXxFkXvW4B7mzrn4I6dxb4zt65koWTUzKSVsBp0xW9JS1gEjQ
arstechnica.com/ Name: __srui
Value: e84ef72a-6e7c-11ee-9bf7-368d26a5ea46
arstechnica.com/ Name: sailthru_pageviews
Value: 1
.arstechnica.com/ Name: _au_1d
Value: AU1D-0100-001697719325-1FM99NM9-7HUZ
.arstechnica.com/ Name: _au_last_seen_pixels
Value: eyJhcG4iOjE2OTc3MTkzMjUsInR0ZCI6MTY5NzcxOTMyNSwicHViIjoxNjk3NzE5MzI1LCJydWIiOjE2OTc3MTkzMjUsInRhcGFkIjoxNjk3NzE5MzI1LCJhZHgiOjE2OTc3MTkzMjUsImdvbyI6MTY5NzcxOTMyNSwidGFib29sYSI6MTY5NzcxOTMyNSwicHBudCI6MTY5NzcxOTMyNSwiaW1wciI6MTY5NzcxOTMyNX0%3D
arstechnica.com/ Name: sailthru_content
Value: 5b806a317ac47366617d83d129d67373
arstechnica.com/ Name: sailthru_visitor
Value: 3c4e6039-651a-41a4-be50-c71fc9b7caa4
.tiktok.com/ Name: _ttp
Value: 2Wyyt4FMmTsy5lQJhuGbqbks53Z
.arstechnica.com/ Name: _fbp
Value: fb.1.1697719325304.1494258696
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZTEkHQAAALZE5wN_
.arstechnica.com/ Name: _tt_enable_cookie
Value: 1
.arstechnica.com/ Name: _ttp
Value: 213VZNSxwOU1xly3pmwcv9-Z4aO
.dpm.demdex.net/ Name: dpm
Value: 34431699753981877840035079370966194637
.arstechnica.com/ Name: AMCV_F7093025512D2B690A490D44%40AdobeOrg
Value: -408604571%7CMCIDTS%7C19650%7CMCMID%7C34241446491896258090013855168068359444%7CMCAAMLH-1698324123%7C7%7CMCAAMB-1698324123%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1697726523s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19657%7CvVersion%7C4.6.0
.arstechnica.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/%22%2C%22sref%22:%22%22%2C%22sts%22:1697719325995%2C%22slts%22:0}
.arstechnica.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=3001b76d-6da9-412f-b8fd-22131c411f5a%22%2C%22session_count%22:1%2C%22last_session_ts%22:1697719325995}
.pinterest.com/ Name: ar_debug
Value: 1
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSZ5dDJjSmFtN1NHcEZ2V2lvYUs4NVJQdWtaeGc2SDVCalR4VDZvTUw2cVF3QVhvSEMyaEd3U1MrVW9odWVkTTJidlVWZHpYSHBjYWpYRTM0NHBJamNmQXEwL1pyQ0tJUTlDSG1ZZy9hWDhDdz0mYWlmSFRqN1ltNWxRYWg4WVlRL2R5OTFmNGtrPQ=="
.quantserve.com/ Name: mc
Value: 6531241e-7aa64-43815-ae156
.teads.tv/ Name: tt_viewer
Value: aae6a94e-ee9d-4049-a226-8e5417788e5a
.adnxs.com/ Name: uuid2
Value: 2587657505101497831
.pubmatic.com/ Name: KTPCACOOKIE
Value: true
.pubmatic.com/ Name: KADUSERCOOKIE
Value: C18A64E5-70A4-44C7-A2DF-1C891A6DCB07
.rubiconproject.com/ Name: khaos
Value: LNX694ZK-1C-FIOA
.tapad.com/ Name: TapAd_TS
Value: 1697719327679
.tapad.com/ Name: TapAd_DID
Value: 799ee752-e8b5-42ef-94ee-452166b4bfab
.doubleclick.net/ Name: APC
Value: AfxxVi7st0iZSP0TGH0pAizQSWa2aJ76UFhVWl3ejU2V5viMYsP7nA
.adsrvr.org/ Name: TDID
Value: f9a8042c-c9a0-4948-ac45-f91d636ac944
.contextweb.com/ Name: V
Value: lnMVtV6triGM
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: c1cfee6808524d60
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!7020
.teads.tv/ Name: tt_exelate
Value:
.teads.tv/ Name: tt_bluekai
Value:
.teads.tv/ Name: tt_liveramp
Value:
.teads.tv/ Name: tt_neustar
Value:
.teads.tv/ Name: tt_salesforce
Value:
.yahoo.com/ Name: A3
Value: d=AQABBCAkMWUCEMaRzmwsZQrAnQTQTEbsKgoFEgEBAQF1MmU7ZQAAAAAA_eMAAA&S=AQAAAvzZUdcpXKTuMFJns_1FHsE
.arstechnica.com/ Name: _hjFirstSeen
Value: 1
.arstechnica.com/ Name: _hjIncludedInSessionSample_1632543
Value: 1
.arstechnica.com/ Name: _hjSession_1632543
Value: eyJpZCI6IjNjNzJjNmIxLTg5OTktNGRiYy05NjE0LWZmNDFiZTllY2IxZCIsImNyZWF0ZWQiOjE2OTc3MTkzMjg1ODEsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjpmYWxzZX0=
.arstechnica.com/ Name: _hjSessionUser_1632543
Value: eyJpZCI6IjdhN2VlYzZkLWY0OGUtNWVmMy1hNDFmLWZjYzY1NjJkZDlkNCIsImNyZWF0ZWQiOjE2OTc3MTkzMjg1NzksImV4aXN0aW5nIjp0cnVlfQ==
.arstechnica.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.arstechnica.com/ Name: _parsely_tpa_blocked
Value: {%22tpab%22:false}
.adscale.de/ Name: uu
Value: c17a9a0da91544cc85c52a70b450fe9f
.krxd.net/ Name: _kuid_
Value: P3ULRs0Y
.exelator.com/ Name: EE
Value: "6cde680a48e630198aefc26901543bc8"
.agkn.com/ Name: ab
Value: 0001%3Algm6GLqsC9eFHDE8aw90aBEqGvb7sXm6
.adscale.de/ Name: cct
Value: 1697719329114
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcEsOSXVzMIg0cQi1czYwNDSIjE1LdnIzNLA0NTEOCnZYnFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQYkl%252BUWb6ImfHxUUpaQyLSopPBR9d%252FBsAl3kqzA%253D%253D"
.openx.net/ Name: i
Value: b62a22a6-5fe4-0266-3907-91ab7c579117|1697719329
.openx.net/ Name: pd
Value: v2|1697719329|vMgavPkWgyiK
.casalemedia.com/ Name: CMID
Value: ZTEkIZQ-ZbquyGLs87LjvAAA
.casalemedia.com/ Name: CMPS
Value: 470
.casalemedia.com/ Name: CMPRO
Value: 470
.openx.net/ Name: univ_id
Value: 537072971|f9a8042c-c9a0-4948-ac45-f91d636ac944|1697719329706500
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A8gMuqQqCUvxl8u3kRbFI5A
.adentifi.com/ Name: adtheorent[cuid]
Value: cuid_eb7ea650-6e7c-11ee-9876-12a7adfcdbeb
.socdm.com/ Name: SOC
Value: ZTEkIcCo8XYAALgU9wkAAAAA
.ipredictive.com/ Name: cu
Value: 4d8d0e3a-1f42-4d05-a0c1-36418d686e12|1697719331091
.adnxs.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJydWJpY29uIjp7InVpZCI6IkxOWDY5NFpLLTFDLUZJT0EiLCJleHBpcmVzIjoiMjAyNC0wMS0xN1QxMjo0MjoxMVoifX0sImJpcnRoZGF5IjoiMjAyMy0xMC0xOVQxMjo0MjoxMVoifQ==
.prebid.a-mo.net/ Name: _sv3_7
Value: 1
.a-mo.net/ Name: amuid2
Value: d92f07cc-2c62-4c39-826f-ecb9e1582726
.prebid.a-mo.net/ Name: sd_amuid2
Value: d92f07cc-2c62-4c39-826f-ecb9e1582726
.mediago.io/ Name: __mguid_
Value: afe098ab3733be052dzc2g00lnx6981z
.criteo.com/ Name: uid
Value: bec94b2c-93a2-45bc-8e1c-cece4fcb6c34
.smartadserver.com/ Name: pid
Value: 5275759517055638065
.bidr.io/ Name: bitoIsSecure
Value: ok
.bidr.io/ Name: bito
Value: AAEyrU7KYkgAABxDkiALIQ
.linkedin.com/ Name: bcookie
Value: "v=2&cf07311a-e932-4dc0-8f46-31c98946cc46"
.linkedin.com/ Name: lidc
Value: "b=VGST00:s=V:r=V:a=V:p=V:g=3113:u=1:x=1:i=1697719331:t=1697805731:v=2:sig=AQGv2UFkNJX8M-v6a90srpW9JXjrGXag"
.sharethrough.com/ Name: stx_user_id
Value: 655fb73c-d723-4976-a49c-2e72e2217c39
.3lift.com/ Name: tluid
Value: 324393057178352750562
.analytics.yahoo.com/ Name: IDSYNC
Value: "18vk~2ekc:19e0~2ekc"
.arstechnica.com/ Name: sID
Value: 80447642-8672-4ac6-bf2d-51db90babe97
arstechnica.com/ Name: pID
Value: e15ded94-427e-408f-9626-8e232f61f119
arstechnica.com/ Name: CN_sp
Value: 9987f057-656e-4537-867f-3b49d2e5f732
arstechnica.com/ Name: CN_su
Value: 4f91ade7-474d-4576-b6ea-8a816d12c0ec
.linkedin.com/ Name: li_sugr
Value: 6fba8ea6-c2d1-4b73-9bc5-96b16faac8a7
.arstechnica.com/ Name: __qca
Value: P0-1784730416-1697719324094
.hb.yahoo.net/ Name: visitor-id
Value: 3407209325664122000V10
.hb.yahoo.net/ Name: data-mag
Value: LNX694ZK-1C-FIOA~~63
arstechnica.com/ Name: dicbo_fetch
Value: true
.bidswitch.net/ Name: tuuid
Value: b34e2818-48d7-42a0-96b6-6b342bc67604
.bidswitch.net/ Name: c
Value: 1697719332
.bidswitch.net/ Name: tuuid_lu
Value: 1697719333
.mfadsrvr.com/ Name: tuuid
Value: c7f82738-1dfe-4ea0-944e-e955d69c3dd0
.mfadsrvr.com/ Name: c
Value: 1697719333
.mfadsrvr.com/ Name: tuuid_lu
Value: 1697719333
.mfadsrvr.com/ Name: ssh
Value: !taboola,1697719333
.admixer.net/ Name: am-uid
Value: 044da294b98c4c0d82076bebc05574cb
.bing.com/ Name: MUID
Value: 3CBCFC464447697732DDEFE945ED68F5
.c.bing.com/ Name: MR
Value: 0
.arstechnica.com/ Name: AMP_TOKEN
Value: %24NOT_FOUND
.arstechnica.com/ Name: _gid
Value: GA1.2.23912761.1697719334
.arstechnica.com/ Name: _dc_gtm_UA-31997-1
Value: 1
.id5-sync.com/ Name: id5
Value: 8f0b3899-9028-71c7-8a68-47bdac0509ce#1697719333401#2
infinityid.condenastdigital.com/ Name: CN_xid
Value: c4a2eec5-5efa-4c38-9ead-992e087dd9aa
infinityid.condenastdigital.com/ Name: CN_xid_refresh
Value: c4a2eec5-5efa-4c38-9ead-992e087dd9aa
arstechnica.com/ Name: CN_xid
Value: c4a2eec5-5efa-4c38-9ead-992e087dd9aa
permutive.arstechnica.com/ Name: permutive-id-HttpOnly
Value: 0d0f53e2-8056-4315-afc6-5d135b997184
.linkedin.com/ Name: UserMatchHistory
Value: AQIrDsvvH3qQdAAAAYtH9TSiYji1xS8x9Pv4t370T02xlFSIkPgL5nxisHU-TAyjjg1H4wY9p7Qe5g
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJUAOUKGFxahAAAAYtH9TSixxmIH3P4X0PneT694INC4jY33KsS0LPnqnYrKyF0o7y6DduFqR9E4Y7Ps__qfQ
.www.linkedin.com/ Name: bscookie
Value: "v=1&202310191242145c1befff-a7ef-4cbf-8d8b-401d1655bab6AQEbA-KrsAB7IRskkIfr3N8wykYIbGzH"
.semasio.net/ Name: SEUNCY
Value: 9AC7735EB9337274
.arstechnica.com/ Name: _ga
Value: GA1.2.1498663598.1697719324
.arstechnica.com/ Name: _ga_P1P55J3LNW
Value: GS1.1.1697719334.1.0.1697719334.60.0.0
.bluekai.com/ Name: bku
Value: m3X99YzA1VVcqEXo
.bluekai.com/ Name: bkpa
Value: KJy9z9Ywd02pSUHknpx6meDTwtkAwVaCjEjCmEHknVPkmVx+Be96muNC1M/tnECkBExhBpzTmsDNRP2NzN2MRujLSVNo5e6hJZ5AzcJ4Rt2rztPr5e6Z5UB4zcJo5ZaMKE6hnu6+Jk26wEWtmEzl1EAp1Mz8mE1e9cV8/zR=
.360yield.com/ Name: tuuid
Value: a9498315-4021-4aa6-aaef-69b30ce42fe2
.360yield.com/ Name: tuuid_lu
Value: 1697719335
.go.sonobi.com/ Name: __uis
Value: fdcf140f-0fe6-4858-9f2d-2fa16adfb8b8
.go.sonobi.com/ Name: HAPLB8G
Value: s86223|ZTEkK
.gumgum.com/ Name: vst
Value: u_db69b023-30aa-48e0-a1d9-2aa2ba1d5ded
.id5-sync.com/ Name: 3pi
Value: 464#1697719333521#1049421004#6645f463-2bf0-40af-9fcb-72b305bb0ab1-tuctc2aa99b|112#1697719334573#688087639#9AC7735EB9337274|434#1697719336571#-555626632|2#1697719337985#1535963730#2587657505101497831|264#1697719338547#1144939460#f9a8042c-c9a0-4948-ac45-f91d636ac944|441#1697719337802#-719383513#u_db69b023-30aa-48e0-a1d9-2aa2ba1d5ded|108#1697719338387#-496497678|429#1697719338212#-660108431#C18A64E5-70A4-44C7-A2DF-1C891A6DCB07
.rlcdn.com/ Name: pxrc
Value: CKDIxKkGEgUI6AcQABIFCOhHEAASBgjx6wEQCw==
.rlcdn.com/ Name: rlas3
Value: 5Nw6i0BPKtZXEO9spSGyX8ADXDjbpTxcft+59bC0pHY=
.mathtag.com/ Name: uuid
Value: 77376531-242c-4b00-a1e6-022bbb3c0cb5
.addthis.com/ Name: ouid
Value: 6531242c0001908a251a1f56c842bbd9cfa26f679b66fe6c6d60
.addthis.com/ Name: um
Value: g.'34431699753981877840035079370966194637'
.addthis.com/ Name: uid
Value: 6531242cedd3fd31
.33across.com/ Name: 33x_ps
Value: u%3D212313511602561%3As1%3D1697719340497%3Ats%3D1697719340497
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGY2FzYWxlEgsItqXf_NqqqDwQBRIWCgdydWJpY29uEgsIpPWjhtuqqDwQBRIWCgdzdng5dDUwEgsIgM_blduqqDwQBRISCgNhYW0SCwiSnanm26qoPBAFGAEgASgCMgsI6JOsk_KqqDwQBTgBWgNhYW1gAg..
.twitter.com/ Name: personalization_id
Value: "v1_gsfC8K6nXXDUAm7q+yk+QQ=="
.quantserve.com/ Name: d
Value: ENwBDAGcKrmvYA
.owneriq.net/ Name: si
Value: Q7510057411042118612
.owneriq.net/ Name: p2
Value: adpq
.mxptint.net/ Name: mxpim
Value: R35CAB_10ACBAF21_2585BDCB.1.000000000000000000000000000000000000000000000000000000006531242D
.media6degrees.com/ Name: clid
Value: 2s2s0ml011718gopqxptl8xa0000000184011601a01
.media6degrees.com/ Name: acs
Value: 012020k1s2s0mlxzt10
.fwmrm.net/ Name: _uid
Value: umo137b_7293346771018772565
.rubiconproject.com/ Name: audit
Value: 1|faQ0CCcPzL6lSIAD12fn112VZiM7HzZF5mlO7iIIVLQCaXVZfvB2KScix8Sqr636TUW/j+m0zafyUhTWCqUS/Pv31DA4fHDqMp0HTDw5gZ7V/IjBlWfcnTFGcERCpw9reoe4Ba9NoeTKs72BBfULwHol/WVlWdq9YPDxny9O7hNPVHjylZIeXA8g3IVFsQqk
.yieldoptimizer.com/ Name: fbh0
Value: %7B%7D
.yieldoptimizer.com/ Name: gcma
Value: %7B%22t%22%3A0%2C%22o%22%3Afalse%7D
.yieldoptimizer.com/ Name: rmxc
Value: %7B%22t%22%3A0%2C%22e%22%3A%22%22%2C%22i%22%3Afalse%7D
.yieldoptimizer.com/ Name: cktst
Value: 371328481
.yieldoptimizer.com/ Name: ckid
Value: 2030681741874
.yieldoptimizer.com/ Name: dph
Value: %7B%22t%22%3A%5B129708%5D%2C%22dp%22%3A%5B2233%5D%7D
.yieldoptimizer.com/ Name: ph
Value: %7B%22p%22%3A%5B1025%5D%2C%22t%22%3A%5B129708%5D%7D
.adnxs.com/ Name: anj
Value: dTM7k!M4.gErk#WF']wIg2E>=9Odt%!A#FF.TOK_Dm7hk)YQ)fPmoJmXZN=[>V'staV6#gajDW:_>UdU3PVXCfe79j!W0zC:D:8L:!a+>6u]E(vI$%<P<_S9nfXMPv7GF?ET>O>17Mco/y@Yw#tt:B.)EVH
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-ZTEkHQAAALZE5wN_&KRTB&22978-ZTEkHQAAALZE5wN_&KRTB&23194-ZTEkHQAAALZE5wN_&KRTB&23209-ZTEkHQAAALZE5wN_
.pubmatic.com/ Name: PugT
Value: 1697719342
.demdex.net/ Name: dextp
Value: 21-1-1697719339406|269-1-1697719339507|3-1-1697719339608|420-1-1697719339709|60-1-1697719339810|358-1-1697719339911|477-1-1697719340016|481-1-1697719340117|843-1-1697719340217|540-1-1697719340318|601-1-1697719340419|771-1-1697719340526|992-1-1697719340627|1123-1-1697719340727|903-1-1697719340828|1175-1-1697719340929|1524-1-1697719341030|22069-1-1697719341131|575-1-1697719341238|53196-1-1697719341339|73426-1-1697719341440|75557-1-1697719341541|79908-1-1697719341642|66757-1-1697719341743|121998-1-1697719341848|796-1-1697719341949|144230-1-1697719342050|144231-1-1697719342151|144232-1-1697719342252|144233-1-1697719342353|144234-1-1697719342453|144235-1-1697719342554|144236-1-1697719342655|144237-1-1697719342756|161033-1-1697719342856|285689-1-1697719342957
.onaudience.com/ Name: cookie
Value: ad5404469b66d51c
.scorecardresearch.com/ Name: UID
Value: 19E26b7fe9372ce9b16b2d41697719345
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: e4fdfa95c53e1e783d66048731a1745b

9 Console Messages

Source Level URL
Text
javascript error URL: https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
Message:
Access to XMLHttpRequest at 'https://sstats.arstechnica.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=F7093025512D2B690A490D44%40AdobeOrg&mid=34241446491896258090013855168068359444&ts=1697719323936' from origin 'https://arstechnica.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://sstats.arstechnica.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=F7093025512D2B690A490D44%40AdobeOrg&mid=34241446491896258090013855168068359444&ts=1697719323936
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.
other warning URL: https://www.googletagservices.com/dcm/impl_v97.js(Line 91)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.googletagservices.com/dcm/impl_v97.js(Line 91)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://idsync.rlcdn.com/474599.gif?partner_uid=aae6a94e-ee9d-4049-a226-8e5417788e5a_ca&cv=&us_privacy=1---&_t=1697719327993
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://arstechnica.com/infinityid
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://p.adsymptotic.com/d/px?_pid=11693&_psign=bf265992ae7fbdc1ab4b39651c157974&_puuid=34431699753981877840035079370966194637&_rand=867256498&_pp=adobeXtest&_redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=1524%26dpuuid=${UUID}
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=ZTEkHQAAALZE5wN_&img=1
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4d.condenastdigital.com
a.ad.gt
a.teads.tv
aa.agkn.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
abp.mxptint.net
acdn.adnxs.com
ad.360yield.com
ad.doubleclick.net
ads-static.conde.digital
ads.scorecardresearch.com
ak.sail-horizon.com
ampcid.google.ca
ampcid.google.com
amplify.outbrain.com
analytics.google.com
analytics.tiktok.com
analytics.twitter.com
aorta.clickagy.com
api.cnevids.com
api.condenast.io
api.sail-personalize.com
arstechnica.com
assoc-na.associates-amazon.com
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co
beacon.krxd.net
bh.contextweb.com
bidder.criteo.com
c.amazon-adsystem.com
c.bing.com
capture.condenastdigital.com
cdn-magiclinks.trackonomics.net
cdn.arstechnica.net
cdn.cookielaw.org
cdn.hadronid.net
cdn.indexww.com
cdn.mediavoice.com
cdn.memo.co
cdn.permutive.app
cdn.permutive.com
cdn.taboola.com
cds.taboola.com
ch-trc-events.taboola.com
cm.everesttech.net
cm.g.doubleclick.net
cms.quantserve.com
condenast.demdex.net
config.aps.amazon-adsystem.com
connect.facebook.net
ct.pinterest.com
d.adroll.com
dis.criteo.com
dmp.v.fwmrm.net
dp2.33across.com
dp8hsntg6do36.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
dwgyu36up6iuz.cloudfront.net
eb2.3lift.com
elsa.memoinsights.com
eus.rubiconproject.com
f075c52b1481331172a9e2e8178d915b.safeframe.googlesyndication.com
fastlane.rubiconproject.com
fei.pro-market.net
fpa-cdn.arstechnica.com
fpa-events.arstechnica.com
fr-actions.trackonomics.net
geolocation.onetrust.com
global.ib-ibi.com
googleads4.g.doubleclick.net
googlesync.permutive.com
gum.criteo.com
hb.yahoo.net
htlb.casalemedia.com
ib.adnxs.com
id.hadron.ad.gt
id5-sync.com
idpix.media6degrees.com
ids.ad.gt
idsync.rlcdn.com
ih.adscale.de
image2.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
infinityid.condenastdigital.com
inv-nets.admixer.net
js-sec.indexww.com
live.primis.tech
load77.exelator.com
loadm.exelator.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
mb.moatads.com
p.ad.gt
p.adsymptotic.com
p.skimresources.com
p1.parsely.com
pagead2.googlesyndication.com
pb-logs.media.net
permutive.arstechnica.com
pippio.com
pips.taboola.com
pixel.adsafeprotected.com
pixel.condenastdigital.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.ad.gt
planebasin.com
player-frontend.cnevids.com
player.cnevids.com
plugin.mediavoice.com
polarcdn-terrax.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
pubads.g.doubleclick.net
px.ads.linkedin.com
px.moatads.com
px.owneriq.net
qsearch-a.akamaihd.net
r.skimresources.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s.skimresources.com
s0.2mdn.net
script.hotjar.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
segment-data.zqtk.net
shiverscissors.com
simage2.pubmatic.com
snap.licdn.com
ssbsync.smartadserver.com
sstats.arstechnica.com
ssum-sec.casalemedia.com
static.ads-twitter.com
static.adsafeprotected.com
static.criteo.net
static.hotjar.com
stats.g.doubleclick.net
su.addthis.com
sync-t1.taboola.com
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.search.spotxchange.com
sync.springserve.com
sync.taboola.com
sync.teads.tv
t.skimresources.com
t.teads.tv
tag.bounceexchange.com
tag.yieldoptimizer.com
tags.bluekai.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.outbrain.com
trace.mediago.io
trc.taboola.com
trx-hub.com
u.openx.net
uipglob.semasio.net
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
wave.outbrain.com
www.datadoghq-browser-agent.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
x.bidswitch.net
x.dlx.addthis.com
z-na.associates-amazon.com
z.moatads.com
aax.amazon-adsystem.com
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co
fastlane.rubiconproject.com
htlb.casalemedia.com
ib.adnxs.com
p.adsymptotic.com
pippio.com
prebid.media.net
rtb.openx.net
sstats.arstechnica.com
static.ads-twitter.com
sync.search.spotxchange.com
tag.bounceexchange.com
tlx.3lift.com
www.datadoghq-browser-agent.com
100.24.248.59
100.26.15.60
104.16.112.202
104.17.118.17
104.18.130.236
104.18.25.18
104.18.26.193
104.18.32.137
104.19.144.23
104.22.4.69
104.22.5.69
104.22.52.173
104.244.42.195
104.66.251.81
107.178.240.89
107.20.22.234
107.22.122.125
108.138.85.70
124.146.153.162
13.107.42.14
13.249.39.110
13.32.208.51
141.226.124.48
141.226.224.32
141.226.224.48
141.94.171.216
142.250.31.155
142.250.31.94
142.251.16.102
142.251.16.132
142.251.16.148
142.251.16.95
142.251.163.154
142.251.163.155
147.28.146.89
150.230.189.108
151.101.0.239
151.101.1.108
151.101.128.84
151.101.129.44
151.101.193.44
151.101.2.49
151.101.64.239
151.139.128.10
156.146.36.23
162.19.138.83
172.253.115.100
172.253.115.105
172.253.115.132
172.253.122.149
172.253.62.157
172.253.63.155
172.253.63.97
172.64.146.86
172.64.151.238
172.67.23.234
18.160.41.112
18.160.41.58
18.160.53.102
18.165.98.107
18.165.98.9
18.206.105.7
18.67.65.123
18.67.65.39
18.67.74.42
18.67.76.44
192.184.68.254
198.148.27.131
204.79.197.200
205.234.175.175
216.200.232.253
216.239.34.181
23.105.12.170
23.196.180.24
23.205.106.147
23.216.85.43
23.218.218.181
23.222.5.142
23.23.9.104
23.47.65.174
23.47.65.93
23.48.224.108
23.50.125.215
23.55.200.222
23.55.205.47
23.62.165.62
23.78.2.150
3.121.117.202
3.144.50.154
3.162.103.98
3.162.112.47
3.162.112.96
3.162.125.108
3.162.125.75
3.162.93.184
3.17.33.209
3.212.217.1
3.217.0.89
31.13.66.19
31.13.66.35
34.107.161.9
34.107.254.252
34.111.113.62
34.111.134.78
34.120.63.153
34.149.178.20
34.194.161.83
34.200.139.68
34.200.65.202
34.227.12.45
34.98.64.218
35.171.81.138
35.174.197.87
35.190.52.204
35.190.59.101
35.190.60.146
35.190.91.160
35.201.67.47
35.207.24.140
35.208.249.213
35.211.178.172
35.71.131.137
38.68.201.140
44.207.229.222
44.215.141.48
50.16.197.56
50.57.31.206
52.1.225.194
52.206.133.69
52.223.22.214
52.4.40.141
52.45.99.63
52.46.155.104
52.5.107.207
52.85.151.129
52.85.151.15
52.85.151.82
52.86.191.86
52.87.111.42
52.95.115.255
54.152.126.180
54.156.7.21
67.202.105.22
68.67.179.166
69.10.32.226
69.166.1.67
69.169.85.6
69.173.151.100
70.42.32.255
72.44.58.73
74.119.119.129
74.119.119.131
74.119.119.139
74.119.119.150
8.28.7.81
8.28.7.83
99.83.154.140
99.84.191.57
99.84.191.77
005f315d6f7cf50f04161a51e17287b5040b513267560b083a3cf39d0b892ba8
0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c
02e66a8a67f939e4af978d1f04ab655758b78d78a0a0dbe401fb8ac95bcf05dc
030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06
0396be2ab58ec30babd0838d7e37d6407475d4361be85ee7451dbac9186add57
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
06b33c040105224101afcdaacd82b6dfb3ea1bf9ef3d7478cf5fa163a0ad65e0
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b5c6a8d4a856db56da956eced8af9a5eb6e0a89dc67de5ffc4c83513472a3cc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c8c07e82ad5ddc89d7daf1fc82afa3352be27b7a9c479f50e8c42511774a7ad
100e1bd433b0fbe35e8d609395d4f9a1cbafbeddb64a30b6ac6fcc7888f9310a
1097abb6f0992cccc79428374463e7f23b99dae5eb85d7317b20bd57c96031bb
1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83
121ad1b28c5ff4bf20a9ec3fa70e8330ea4b034c5b589aa1fec3aaee552539bf
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4
16708dda2536b4b3782313db4a6ec8456cd84da7ae0f56d7d2455e68fc9bc4f0
16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8
17882276150f09461415088bd161e0242ce0327673dc9233e11bf1f7cbe28762
1810f8a252d6e1a2607005d866ce5dd13a67e1b9a5953c0beeb928ba76a015de
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
18aab0ec80f12072bb21f507aed8ea6563f6492264cf11d58dd7afc27026ee83
18f942b383873cd348f2005a8a56d9a2b07ad1d9f0bd8d186fdf05cfcf9c63e8
1a32e5b7cc51739680000938ea2933fde4f5d9635cd0c7c80bf9a10d6bee01da
1bf55bc00dbf13180884211c3d301729e67b81f3456225c1fbf97d271d636509
1c7dcc8216c6f82da2998ceeac2523632c7f9bffe510824b6d082621201f2012
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1defb6bc54a7ee9c066136908360e8455c23ee9ad0dec9924e7255d7948cd4be
1f466b08649eef5ad16c20f6d7207bf8818cb107b6241950dbc568cdffc03d63
1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378
20660a9ef7ec454c15b2dc62b3db084e0cc9f74c5bb6de71a96fb1a54aef00f8
209807b4a945eb3978b50de85596e82a78af6ec6cf2d8757abadf90ef182a687
22fe1d515cd92ae8673719af71e87eaa407e6e97d088625af40931cae10dca25
246deaa46e55f47aa7a2be298a475478fcdacb65c6f49264f977b4981f7580aa
25724ef372fb2df581dd3797a58b961c46f99eb779991c44807bc2443ae7979c
26722786cc2b7257efb9ed4b77e7c4f0cae058303ac58a67e74f191db592eda7
26ade026aef73d3267f1b1dc06ff74adb6818239ea4512919a791ce1d9c7a4d1
27348ba4b98bd80f1038496ec5dea6ad865680540058fb085b8ca199b8aaf4c5
27fdfad068938b3dd701fc8afa78aeffcea73386ee7c2424382349783ac6c033
283bdcc958d36a7b9cb03a02286e5371f54c33ddb64b391237b0fe65e5cc846b
29637e0647104ccc5d5583e652db29ce99e947c858c3d9502960e7ea7f1aea19
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
307b102b0e420298c10d1e6cc35ad87f15260238ccb8cfb4782002a7b0307b29
307b2b47714e18c4f04b11cae4463037ced7ade93f4dfaf7691da578e481b1a5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
334716b81549047b3b1b3de61ed8a2c8b96e1fc766526c269196b8c0115404ea
33df84feb984549e7bd1a9bbc0acc1a6dc524aefcd9cc856501a60ae85879cab
3596731c0a7ee21324124d3eb1c79d89048ec89cf0fdbcaefd95a654d68f49f1
36a84ce09efc04ed17bf367a237c1d45dc1373b267aad9ae3951e105b8c224e9
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37c5cc6fa83a5392f51d53cba3892630c02c0e02219d88a043db6d530aa64664
392c32f20b9f867852a946a6ed1c5e21476df9619083548b6585d80a3b5f9bd4
3a3f0908e778b7103ee9988a911a64da973c8aaee07be2745b8dbbe497bee422
3b0209841325362235c221628e471145726897e4e1c9b210b6e6b2217fdf2ee8
3b1291df05d696a256c988c8050782f5684264e3fd8351b3d810b6acd1700cba
3be1c5accaf59e8f4ba7cbbdb13f620eea31260f857451281d80691de0a2dcc3
3be54a481bb2b757b47e150fc79a02a059aaa6e36cba8760393eb880f6e90a3a
3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c
3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f2cf5f857c617761a251ceef8f6ed452a7690e21f16eff0a70dddf9beea8633
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3ffb2898bfdc64f6aa63183418b7c42a529f37505c70f68270abf62d90d6babe
4046579e6e4eb157620e7ed218f64cca8b290ba6269d762df786c3c5e069cc5e
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46a9ddb1f206a46900872e0a832750ae06925528f81883a3d3517fdb42aefb6d
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48a9dfbe1026b2e8b6209e8c2aaec51010ec16548fa59c4e577aae042d3b598c
4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd
49b93c833617a437b5b14a4e3ac687b49b6920d126dfd7be76bacf546fe63d78
4a0ee2dfcccb0fd1b13bc8abda03a49eeaf8c11596d58ddfefe02cd907401bc4
4a2434f90e1f040193f30c11120ba7fdf87412f51be40ecda209e67692e4bbed
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bc7f443f57d55c7eba98816a3d1054bdcee0cc74f4c1302f82056d118f141bb
4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105
4d7b91ed4a7804e22b94e4873af273def73469e80b740bd9787e287003058868
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8
4f309c20d413215d935e3c93bec13d1bbb13c8149a2e8410be85944d55e7a7d7
4fb846048afd0ee79141b669572402fc0a024d937c00977e124405d11cd319fe
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5099ad43044c8f6eed96f559c3938dc929223323f5fb35f6836814d556a33719
5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5586480e5225277b5f2e77380b3053e91caa8df369856d1251e32e9d92a07534
560bf130580f795cffabe8de5f2c69ec3f92921e1841ae6e55d516a046805cc7
564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67
56f8838a24cb0cc47dc34a19d6b84d6ce8bf8086b1682bbb990abc13b1e2da65
57114b6dc4d12b7998f731e339eaeb0021e537e5600abeb0d6e7d1ef2275d6dc
571479d52cd675db5573fe46973c62cba6d8224a76136fcefeb90f7dc42a6391
574e672fde70ecc8ae2056445db161deeff93a0a8da82fdf4f8874faeedfe17b
59201950b83489808587827b4050ffe0597992825daa88c227476cdbbf8ca282
594fc5814367bca74a6cfa0fcd89df251a05e7e39eb324ce959b5b692354f468
5a0a42cc00aba71ce04f0c7f8dee65574ff78b9ae7947d2f496f65143b0791f1
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
5be5b0170ad4bbd2be91182d137933e7de9c7e86b09ec855a4bac015ebfd746f
5e5f2844e7d1b5f3338f63bd71a5cea4ac63c9df5beb6cb76a8e0b79958f556e
5ecbfb541946a9a9437190a21d98e1c7ab7d863837d7d038a9a1e053c649c8ba
5f677ea65dbfaac4bdbb14f565649e0ffc6b657f4f9a92a5ee10e4e60a3ca9b2
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
617e0f9fee7ef0ca891735246b4b5a61caa3622db4a4256685b061c9f43bd053
61fa63adf47d4b3d236cdff13deaa504de0546485106eaa1f0e98b1786815670
62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
662c50a307f00e6285b0921fc4d9cd47b3a4818134bd948a1fbd68898e2fb113
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ae09cd20041ec0f2769082d1a2b11c972b3ba6ab05d21b19a1419b3010b504d
6b23a2a55e15ddffdc187b1107030f6ed53d4abe5d4c0900022451d20c3dfb54
6ee69abe38a87fd8aa0867401e1e14d2831eab6dfb1bb2d97abf65ac57cb5705
6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a
71cc4ff8851d65820ed52b4e9f526a84316368443b8f63f0cb12d57fbc183bb1
7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3
73e720621380a4e2d1d1f2264e86866385107549c4d96fdcbe55cd2f6a348c0c
73fe14fa5a76b1f55d999d6173147ae0b1c71162cc04bc81646f1bed835b2774
7475f5c70d3b6020b6f4621b2e69fba3360bea00a913e60b085af165b93842ec
7695901c26dfebbe9889ed6a8362cd275b8077bda6e6ecd44e0eb88aa838d8c2
76a942b00d27a492f8c322bd161121bf2c010d6453ded0cc0788477bc1c7f61d
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
78c559ad7a52609d80c8b954c5168a3dbca3a5574f3fa217c71d91e0b1e5d0e4
78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207
791dc6e19ceb7fe5c40631c3b679f4d5668d5223783e5b0bc46ce108c1f62f33
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7abbd200510b514fce325237f0a9149fde8bc489e85934801aea98cf24c3d50c
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7becdfc84da96c34f2610ac24165815500b4149ece57716a938092038d4654c8
7d2c610ca91fc942a8a090e7742f10155c4d0b674f45bb5b81b383fd15b1de6f
7d91c04c657709af03f6dad61d375c3208d18ab5ff7851c2472007dc05201342
7fa4a530da785217eeac7d69df2b2eac2ff8f1a7a05d622d8026bd80bbfcafe8
7fc88c65d46e83b3f3e9f098f05fd639480332fc3718cd714725e2e4633af4e8
807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752
82c48e4f43352a8f0c34f9ad13be89d22a8439ba8e322e2300499871d242aa0c
82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
833a86642252016b29f08dd45ffd27f9e00ca237f28d8c5f0147a6e15d009377
83a366075eb2387c6d9f848f42b08df0546027333eccf5813edf95ba45709be2
85b57770f58886194d71fe89d23f4bc06c892ade1a8ecfdf86a82fd965930b6d
85c33811c2b04e4e02babe2fd6bd7ac0035f93e95827116429bbda2cf9c6c95d
85db95dbe15c810a710ca6d9094a2a29f2eeea05791cc7aaab7af8939684b978
86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
86b1750ac3fa82df8295e51912887cc0f10833802b17dc1f76a31293f7ecf049
896de1d40b86a58595ff634e3d933307262227498dbc42a0ce02210834d2a6cf
89a04f1809b96eca28e1646ccc40bfa7b714142a610b41e40082bbebca8ea6c6
8b72952d3fd656ee6594f0d9735d928113ad1d590705b14f77abf75f1d4d5d69
8cbb913d075f48fea47711f393c162c69066118acb543879dc77cf69d6345682
8cbe47dffdb2913380b553bde4184a77fbce2a415e8e8405d348fa3bc7bfd6fa
8dc40a5096530714279199bd98ffbe44f3108bf9dd183ec74d85f69705d86e25
8dc41e2e71233a6f39bf3f08ad148b1fc936c0eb7b0576eff4fa123b9b5dcc7e
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8ebc7fde61bf90144929cb82c7d3d5ebd34ca9100eb93815221bd03f1e82c185
8ed1c626af66981552aac1e9cd693fb3bbf73411f1af5ad340723545258fab7e
92e48936531fc7dd51fa4799d53b25be293b2a198bee7b434d269bb2518d709f
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93bea8408610109650029c023b88d039114aa9be5663eeaa1b3fbbc7244ad50d
94160b07500c6fdca2c5cd3f81ed8772cd9f0d2c12ac5b9d3cd401edccd1510b
9431bc6d1a6d036a70c92dfc9000d7965f939671a59705bdd01c3e652048ed9a
948c1b95f1dbdcb68ad1c83e789f24968a3e487563b42fd5451f4430791b7e30
955050ac0db3090907de08d3a6d6959c5570481927c17395ced046318297dbfd
96bb200e5c55d4270594127059818cd6af60cc4b4e7a981b2168bbd7d5bf4d45
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a465e259a2d8a030ece60ec2600d12db8676811265001ded2b393b6b9409593
9a93d36fa85734b97c66d98085ee02db6ee0bf6be4e1d4b73c869ad669121142
9b2b8bc1e7b5aab489d0d1b7cbb57ff43e390e42b098d83620f0e7a60db19c43
9c6b1d9dd1e37c142aa874e30e4ebb7cdc3a4c8c971715e45b2a6546296b4ff4
9d16ed137499a170edc86815e2d3785b862c9cffde320f3ae65a920a0684fa62
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e
a29534efb33ef6d5114d37c47cdf1a2e164dc7b8903a5dfed315f87f2d974d87
a2bd43c80adc73ae26472a90ec3bd9df44a5b7d2dafb133b8660efd800c719b1
a4d450d9f67e06c84c82a9a8c58cfc96fd91795b935201dace82e858732ddea6
a609604e115bdb416bb719acef9d33a6aae34f2b84773ea21b77b77bc412e17e
a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01
a8dceccdd8cc3b673e20758d8deb0c3b51c715c1bb7007f5afc1aab322830b54
aa3b9513abbbf65a2c8483122648fce1b39b1afa2a69bdf863242f1411baba58
ab89541cfb97766e460a78f75f45354100a1fadf714326459ed5f41f7d82527e
ac0abcbdc0804fe709df0d8827593dc35781e6a08b04f90a6137c3200dc18e96
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acf64de073bf7f798638c676b1d17eface8798072d62c3791f5f0b553cfa8de6
ae8264ec552f76003b5335b0839b6fe29284e27617923b0b2c50357ade389091
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b333a33f794194adaf94287fb06c6529010aade13c0574140ea03f4bd9f433bf
b4a73e79ac953f25e7800b5ca583552229ce52f3a8c9dad31ee9da427ffa614e
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b5ebbea6db47650b8f0cba98ba940d18e3001c2e71098eabec63045126f12a78
b6219572ff2614c0f7b38815e5f2d8bac96c758d0e455152d2afd7f417395dc4
b923c564473d30245b19bc93eaa384225d8ca55118931f89df58e4de539ecb77
ba34abe5f7db9bccc4e96465f09ab91bf5393f22dd0acfc2c0e304dd3d94e66a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd5a7a8b46be3969e295bac6fafe3fbceb6a3c8d29abb73ff8443dc0d511753c
becaecc6663d091f14a00c80317ebc9fa3beeab411becf786f6df9f266192a6a
c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34
c1dd93cc3f1638f369af566115ae74546e64bdafc4319d9853b5c15a3d3f4970
c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c390e14d82304a2d9f01faedb819791a5553764c90bd4830c3a27b6108006644
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220
c46974d8f6030e4888708b18a5d9a32b25eb765a5708896e1899df449d87aab7
c548a30c41171b00c7d332fc539aa7fa0dceb71fc7d91d4bc7b65ed3bfed8382
c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a
cb52c9b5c6b4f30eb9580d4414ecd97d408ffb0579fc9792f379da7e9e43221c
ce4727f8e12a770b82552111a6cede9c48e7ef09f24a119d5cbbc0f50fb3f0f3
cf201a21937429984b484b9f2d537ba25e2980d8a729e1f0dc67253ef31c66d8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff3ff7513a42187f914df965c0006c8756f549dc13ffb64540767042902a748
cff4ad771c9bfb45d280e8df735aff7c07deb54774ec16f188a6621b149f81b3
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3
d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d7cf19e3d2c9c192e149badd2271c1037d448c18d0e6aeeaba08ae0f95e7efca
d8d9e669ba66861451060f87f8b59bdd5faecf841f98aaa2b0da95d8c0d07d82
dc4506fa2f39c30ca17faf927bb8f26e6fc78344c6867e69637afd5c17afa75c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de00a389e81b8bb68d531bb4d41469d0f0723442f1c62234808f53b638d00ee0
de24551bd4396fc8579b2d87ce01944553dd48fb52775d14373725a50efa0c37
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de5e37739b5797e8ba9dba4a2dcb65f37c36a65fe839cb306162e21c74ba166e
de81cab457662de3735b2a0bb228c7cd0719439f5804c40ee6da4d4c89054c9e
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e213cf8f887633ac8924c0390bb121f259a895ab8432013f5b6e1c37727802aa
e31d2b7f489d004beace4a24bbfe757cdeaee26e95b6ba73a700a45d43a6097f
e336ff50623cff960c2396944be4392139f63dcc032e5f3428d81489fdfe697a
e3886b2769494260bb98efc1eea9c946aeccf0b621f2f0f76344570966326b81
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c2d3a0af818330c7894d4b6aca390ae9ffdc82dfdc0aed04ba497724ef4dfb
e74b9cb9d8871d300d2a1d36ce2cd00dfbfe0c5d8066d1d415c4ce620a919d47
e8830a414dfeb4c0e0f519d3419f69849df9226f329357c938333dbf2c956f63
e944e6d1b0904bc0c1298fe828ec727bc6a9b46f0b4799e197a1a2acc46fb685
e9de6cf1275e2335cae4231d25e6119cd5bb53cfadd831de5cdfc411de862c6b
eda0d05923798454f45a2efdb6849e3d4190ac26061b12b9c157620a40cea0fe
eda376c50be465fcdba41f675393693c3625289c74b025f625722d400ecaafc8
eea4a5de2351219ceacf15d816ef70c890585b2e25729ba7911f150c2fb88a51
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f643b3d50f4f99b00fb602af9831e3f02768cf3f8a2fbee3d183c7373dd20cee
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f75c76aa4b70766651aec7f46e9161fe774810bffac96034dc63e5a9eed10918
f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d
f9d9e96c4439beeca49a1a10f9dffe6f5cd0b604d13aa13af170d0bc62d8ca1b
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
fcc123da3f9e6bae17bdf90095e0195a633a56fb312a49eaad731594b6f073dc
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fde25ad09c5d4bf924bb2bf5b118b68a94ed2124dc5c6fa2182f8415ed935f4a
fff8e490154cb7c1489bcd167245fdeffc9042fb1755dc1c3e824d255ef835cd