urlscan.io logo urlscan.io
SecurityTrails logo

www.infosecurity-magazine.com Open in urlscan Pro
13.32.99.67  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Submission: On November 03 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 4 countries across 21 domains to perform 107 HTTP transactions. The main IP is 13.32.99.67, located in United States and belongs to AMAZON-02, US. The main domain is www.infosecurity-magazine.com. The Cisco Umbrella rank of the primary domain is 491722.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on August 21st 2023. Valid for: a year.
This is the only time www.infosecurity-magazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 13.32.99.67 16509 (AMAZON-02)
12 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a02:26f0:480... 20940 (AKAMAI-ASN1)
9 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 18.244.140.22 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 146.75.116.157 54113 (FASTLY)
2 34.117.77.79 396982 (GOOGLE-CL...)
11 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 52.22.214.177 14618 (AMAZON-AES)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.195 13414 (TWITTER)
1 2a03:2880:f17... 32934 (FACEBOOK)
2 142.250.185.70 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
15 2a00:1450:400... 15169 (GOOGLE)
4 142.250.74.194 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.194.137 54113 (FASTLY)
1 185.221.87.23 54113 (FASTLY)
107 32
8    13.32.99.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-67.fra60.r.cloudfront.net
www.infosecurity-magazine.com
12    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
2    2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
4    2a02:26f0:480:3::210:ee8e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
9    2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
3    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    18.244.140.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-140-22.lhr50.r.cloudfront.net
assets.infosecurity-magazine.com
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
3    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com
ml314.com
11    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
9    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    52.22.214.177 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-214-177.compute-1.amazonaws.com
in.ml314.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net
ad.doubleclick.net
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
15    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
4    142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net
googleads4.g.doubleclick.net
2    2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    185.221.87.23 (Ireland)

ASN54113 (FASTLY, US)
bam.eu01.nr-data.net
Apex Domain
Subdomains		 Transfer
29 googlesyndication.com
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
230 KB
20 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
ad.doubleclick.net — Cisco Umbrella Rank: 154
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439
271 KB
10 infosecurity-magazine.com
www.infosecurity-magazine.com — Cisco Umbrella Rank: 491722
assets.infosecurity-magazine.com — Cisco Umbrella Rank: 892775
192 KB
9 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 212
360 KB
9 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 342
199 KB
5 typekit.net
use.typekit.net — Cisco Umbrella Rank: 506
p.typekit.net — Cisco Umbrella Rank: 621
93 KB
3 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3040
www.google.com — Cisco Umbrella Rank: 2
2 KB
3 ml314.com
ml314.com — Cisco Umbrella Rank: 1908
in.ml314.com — Cisco Umbrella Rank: 9913
11 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
237 KB
2 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
9 MB
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
562 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
91 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
40 KB
1 nr-data.net
bam.eu01.nr-data.net — Cisco Umbrella Rank: 9766
552 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 562
19 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 110
185 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 747
395 B
1 t.co
t.co — Cisco Umbrella Rank: 607
377 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 713
15 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 590
319 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
107 21
Domain Requested by
15 pagead2.googlesyndication.com ad.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
www.infosecurity-magazine.com
12 securepubads.g.doubleclick.net www.infosecurity-magazine.com
www.googletagservices.com
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
11 tpc.googlesyndication.com securepubads.g.doubleclick.net
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
ad.doubleclick.net
tpc.googlesyndication.com
www.infosecurity-magazine.com
9 www.googletagservices.com securepubads.g.doubleclick.net
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
www.googletagservices.com
9 cdn.cookielaw.org www.infosecurity-magazine.com
8 www.infosecurity-magazine.com www.infosecurity-magazine.com
4 googleads4.g.doubleclick.net ad.doubleclick.net
4 use.typekit.net www.infosecurity-magazine.com
use.typekit.net
3 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com www.infosecurity-magazine.com
3 www.googletagmanager.com www.infosecurity-magazine.com
2 s0.2mdn.net 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
ad.doubleclick.net
2 www.google.com www.infosecurity-magazine.com
2 ad.doubleclick.net www.googletagservices.com
2 www.google.de www.infosecurity-magazine.com
2 ml314.com www.infosecurity-magazine.com
2 connect.facebook.net www.infosecurity-magazine.com
2 assets.infosecurity-magazine.com www.infosecurity-magazine.com
2 cdn.jsdelivr.net www.infosecurity-magazine.com
1 bam.eu01.nr-data.net www.infosecurity-magazine.com
1 js-agent.newrelic.com www.infosecurity-magazine.com
1 googleads.g.doubleclick.net www.infosecurity-magazine.com
1 www.facebook.com www.infosecurity-magazine.com
1 analytics.twitter.com www.infosecurity-magazine.com
1 t.co www.infosecurity-magazine.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 in.ml314.com www.infosecurity-magazine.com
1 static.ads-twitter.com www.infosecurity-magazine.com
1 geolocation.onetrust.com www.infosecurity-magazine.com
1 www.google-analytics.com www.infosecurity-magazine.com
1 p.typekit.net use.typekit.net
107 31
Subject Issuer Validity Valid
*.infosecurity-magazine.com
GlobalSign RSA OV SSL CA 2018		 2023-08-21 -
2024-09-21		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-21 -
2024-10-21		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-12-13 -
2023-12-13		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-08-12 -
2023-11-10		 3 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
event-horizon.gcp.bomm.in
GTS CA 1D4		 2023-09-06 -
2023-12-05		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.ml314.com
Amazon RSA 2048 M02		 2023-10-16 -
2024-11-12		 a year crt.sh
www.google.de
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-04-13 -
2024-05-14		 a year crt.sh
*.eu01.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-18 -
2023-12-19		 a year crt.sh

This page contains 9 frames:

Primary Page: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Frame ID: CA199E4BD687FBF2C7E9F6013644B938
Requests: 57 HTTP requests in this frame

Frame: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E1B1E4A7A6C149F05FC1A052B8B444C1
Requests: 1 HTTP requests in this frame

Frame: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 43BCBD581161633B26CD23BF05A70574
Requests: 17 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuII_JMhllDTX_CawvtKJ5Wd4fSNGUWjn7-ickXh8IXCL0g3Q8F758E0c4B6h0gmy_xgKinkCNgdf5oIWyCrmYJm5qsHznutTS2QqRhUGx2lfpv1utJ4p2D1UgI_etZgZZsI_MXHud4_TJCmTAom25UJLPUFf2LrQiOJQb3wipOftkGeVocEuVBxObbaNnq7YoR77a9hdoLk0C2tkp3wJCh1yRBI787MSBjYHhgEzN7pwmLQCh4K8oO6hWQxZ7pkIrr6uiAuSwVrJrTgA9JtrVui-xx-vQqbYTycS1HUkjk92TEhi46U8MxyJ45ewlJIqi2foHiKcNjnu5KWF99MUUeiNMsMUOo20vjbC9B6lk8yrEU1y_aP1p5zynxK0T71FB9dyELopcGZq0&sai=AMfl-YQn-Kugbr4mAzZcI3aoIkkJKO8W5N5eysBJ7Z5uYOntRa2Pzv6coWIYsl3yvpoLC-Cqxdh4VH6O0E0k96TLEwe5AKNmdZDoWzAv-cfZ9ksm1nI4GTOKJgwJ6vkyhZZwizdq1eN8s1SXr4lrNhQ&sig=Cg0ArKJSzND8gYwHkBzXEAE&uach_m=[UACH]&adurl=
Frame ID: 845F74B844ACA4364DEC8DE1DBF47ACD
Requests: 7 HTTP requests in this frame

Frame: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1AB7CA784C1334B9AC5284FEE8F026D0
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F749089F3039C1312BCCC1669C3CBBD1
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E4B0103BAA129D9B122DDB8E16D4A316
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 170F06438EC6F42D1D41A1FBCB4CB434
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 17658FBF49CCCAA276069594D237C5F2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Spy Module Discovered in WhatsApp Mods - Infosecurity Magazine Back ButtonSearch IconFilter Icon

Detected technologies

Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • underscore.*\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

107
Requests

100 %
HTTPS

65 %
IPv6

21
Domains

31
Subdomains

32
IPs

4
Countries

11386 kB
Transfer

14344 kB
Size

14
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/ 		97 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
2a6230d0e7b43394bb523410283ce6346a8ca1770ce1000ebc47c46f2ebcc55e
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
*
cache-control
public, proxy-revalidate, max-age=300
content-encoding
br
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
content-type
text/html; charset=utf-8
date
Fri, 03 Nov 2023 14:55:50 GMT
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
last-modified
Thu, 02 Nov 2023 16:54:31 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
referrer-policy
same-origin
server
RX
vary
Accept-Encoding
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-id
6Rn2WYqnbJfYp3TSlwdjxRkGIBLghqjt4NoyS20o2RHNZU_IKj5slg==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ua-compatible
IE=Edge
x-xss-protection
1; mode=block
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		97 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f7a4701a775b68e58a0a259fc334f059fcc5fa00d5157c306bc008f4b1c6f2af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30673
x-xss-protection
0
server
cafe
etag
848 / 19664 / m202310300101 / config-hash: 8628985261000830790
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 03 Nov 2023 14:55:51 GMT
jquery.min.js
cdn.jsdelivr.net/npm/jquery@3.7.0/dist/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery@3.7.0/dist/jquery.min.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
6401226
x-jsd-version
3.7.0
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230028-FRA, cache-jnb7021-JNB
x-jsd-version-type
version
server
cloudflare
etag
W/"155a6-Wp7qw02G6S5WYOD0+HIE8e0Mj/Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g6k4rCFtdn%2Brj1Loqj45chFtRNESnXc0kkCyeT%2FqJkjsdis5BqGX0f6yLWeRXfXcZIxwtkNNZlo7MBVy%2BI%2FcXsT%2FY8UUUC3Ap3TZbXtGHU9mP4ZnufQaaI7G8Ley7koKpCabJgoC2rBfzznrBe0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
820575e8ca7737f6-FRA
underscore-min.min.js
cdn.jsdelivr.net/npm/underscore@1.13.6/ 		19 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/underscore@1.13.6/underscore-min.min.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb20d24b99fd1eae4fd77c1e833ce0a4536189961ceb1114fd272ca31e8ebd82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
19705304
x-jsd-version
1.13.6
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230089-FRA, cache-jnb7027-JNB
x-jsd-version-type
version
server
cloudflare
etag
W/"4d5b-1Barardb3Bq5uc0bP3wXZk8NDAQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QF02VSzF4pQug4pVfO4gsd3cfVFTbWKPm9S3FlFnlcLfbvPLdhdyocjyU4wa%2FGMIKwYjvcORQjr5XRD28KpRDcnDs%2B94svLezunMG%2FNfwgxHdyXQ9K4dOgiG%2FShH3eUIEE9%2FtfDNhd0raxlzuTo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
820575e8ca7437f6-FRA
phq8nwg.css
use.typekit.net/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/phq8nwg.css
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:3::210:ee8e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f7fbb92e03e044b3065bcf2c8e6ee284b8b8c0625c7ce7f33785bdda23a46606
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Fri, 03 Nov 2023 14:55:51 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1296
base.min.css
www.infosecurity-magazine.com/_common/css/23080201/ 		66 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/_common/css/23080201/base.min.css?v=23080201
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
c08e633b39381743b6e6bca9c5922e9aa9ba5f3044c29031b0076a47b4af1927
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 18:47:22 GMT
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options
nosniff
content-encoding
br
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
72509
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
referrer-policy
same-origin
last-modified
Tue, 01 Aug 2023 11:34:54 GMT
server
RX
etag
W/"1fa172316cc4d91:0"
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
text/css
vary
Accept-Encoding
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers
Content-Type
x-amz-cf-id
fRzW5onhjiPwuIQfpEasXACBlLad2E2k-eIsEZaTDkkuewZzhOEK6Q==
article.min.css
www.infosecurity-magazine.com/_common/css/23080201/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/_common/css/23080201/article.min.css?v=23080201
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
778f93243401b2fd6663834b51f4d3f32012d6ee11f40f6169af721331bd1682
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 15:25:52 GMT
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options
nosniff
content-encoding
br
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
84599
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
referrer-policy
same-origin
last-modified
Tue, 01 Aug 2023 11:34:55 GMT
server
RX
etag
W/"9590ba316cc4d91:0"
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
text/css
vary
Accept-Encoding
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers
Content-Type
x-amz-cf-id
6FAAtGnHblRRqsjitbC58VBGuFwT4FREgPowzoDbXEmbBIjCAGeUEg==
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
R1P6TtSHAQZyvOSI/KawHw==
age
61138
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6821
x-ms-lease-status
unlocked
last-modified
Tue, 31 Oct 2023 06:38:09 GMT
server
cloudflare
etag
0x8DBD9DBF28FEFC5
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cb39ca16-001e-0062-7367-0cfba4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575e8ca43914a-FRA
ism.js
www.infosecurity-magazine.com/_common/js/23080201/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/_common/js/23080201/ism.js?v=23080201
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
fded88b84aecf0d550b1d26a85a971351a138a573dbd6bd88cb646de1e7ab42a
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 15:24:08 GMT
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options
nosniff
content-encoding
br
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
84703
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
referrer-policy
same-origin
last-modified
Tue, 01 Aug 2023 11:38:31 GMT
server
RX
etag
W/"53c59bb26cc4d91:0"
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
application/javascript
vary
Accept-Encoding
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers
Content-Type
x-amz-cf-id
0ZxoVJsd2WSWuZtlze8fTNcMJThgc4Bbj22on4aFqTCORol0B4dF6g==
ism.ads.es5.min.js
www.infosecurity-magazine.com/_common/js/23080201/ism/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/_common/js/23080201/ism/ism.ads.es5.min.js?v=23080201
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
cbe5296bf61f4ee88ecab204fe1ec3a144660caa32b71d9744f01102286df62a
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 12:38:53 GMT
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options
nosniff
content-encoding
br
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
8218
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
referrer-policy
same-origin
last-modified
Wed, 02 Aug 2023 09:03:55 GMT
server
RX
etag
W/"a920204420c5d91:0"
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
application/javascript
vary
Accept-Encoding
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers
Content-Type
x-amz-cf-id
GBZhfFhjl590iAmktpk5PGjnrjBLwPm-OTrChX-hvRg499r5npRHoA==
ism.whatshot.es5.min.js
www.infosecurity-magazine.com/_common/js/23080201/ism/ 		851 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/_common/js/23080201/ism/ism.whatshot.es5.min.js?v=23080201
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
ecde3c0d9f4721fd5bc3989d1e6103966b836786849f65ead031a1c758687ef0
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
date
Fri, 03 Nov 2023 00:35:55 GMT
x-content-type-options
nosniff
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
51596
x-cache
Hit from cloudfront
content-length
851
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
referrer-policy
same-origin
last-modified
Tue, 01 Aug 2023 11:35:05 GMT
server
RX
etag
"bb28fd376cc4d91:0"
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
application/javascript
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-headers
Content-Type
x-amz-cf-id
StFtGSF-hFsWb5AfcNYILtTmjtJhks2cpe0ykEbTrfVkaiUOUh4tCA==
p.css
p.typekit.net/ 		5 B
172 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=phq8nwg&ht=tk&f=15982.15984.37450.16353.37464.37466.37515.37516.37517.37518.37519.37520.51838.51839.51840.51841&a=6157095&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
last-modified
Fri, 23 Jun 2023 17:09:47 GMT
server
nginx
etag
"6495d1db-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
6b575081-117f-49ba-bff7-347875107505.json
cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/6b575081-117f-49ba-bff7-347875107505.json
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09ddaf1d1202b5fc93ba151c407e0048b2dd605d8843679a5ec8e070e79a254b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
20607
content-md5
xfOtWclhejhsj9QJZumB3w==
content-length
1487
x-ms-lease-status
unlocked
last-modified
Fri, 08 Sep 2023 08:00:06 GMT
server
cloudflare
etag
0x8DBB0419D43B882
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
9a15a513-a01e-009f-302a-e27581000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575eb29f937f0-FRA
expires
Sat, 04 Nov 2023 14:55:51 GMT
gtm.js
www.googletagmanager.com/ 		216 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MJ69SWF
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e661489507deca5599fe6e3b9543bb8d78ef9c95ace09f742114c87166867ce9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75897
x-xss-protection
0
last-modified
Fri, 03 Nov 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 03 Nov 2023 14:55:51 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 03 Nov 2023 13:51:32 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
3859
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 03 Nov 2023 15:51:32 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310300101/ 		424 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310300101/pubads_impl.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a6082257fe9e807fd65d06b71d533e90481bce2e163e0f25b36ab36a552bc6fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 12:36:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
8362
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
136180
x-xss-protection
0
server
cafe
etag
6663949485869648659
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sat, 02 Nov 2024 12:36:29 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		74 B
72 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.infosecurity-magazine.com
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3b6c6519233b8ca2f850182f5d2fa21526c493eeb593525ec08a4f4198b249db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48
x-xss-protection
0
expires
Fri, 03 Nov 2023 14:55:51 GMT
9b391c39-8756-4a11-81cc-3247cd07d16c.png
assets.infosecurity-magazine.com/webpage/feat/ 		139 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.infosecurity-magazine.com/webpage/feat/9b391c39-8756-4a11-81cc-3247cd07d16c.png
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.140.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-140-22.lhr50.r.cloudfront.net
Software
RX /
Resource Hash
65aa564dc18b0cfb594653e68cdbb82b20fbff59ce4894f0de483cc2387470a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.infosecurity-magazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
1.1 e9b7f6a49ef1905c7ce18301f0e01a9c.cloudfront.net (CloudFront)
server
RX
x-amz-cf-pop
LHR50-P7
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/png
cache-control
private, max-age=2764800
x-amz-cf-id
rHZw73B5Lo0x4TmgGj6aqpOcpiKVEVg4qnm5F3jWUO63Ir94pU3EFA==
content-length
142696
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
l
use.typekit.net/af/73dbad/00000000000000007735a197/30/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/73dbad/00000000000000007735a197/30/l?subset_id=2&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:3::210:ee8e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
4ca1e0e518aaf5d78abd4fc78268ac642cb679dbb56a905d2c57a296566a0bba

Request headers

Referer
https://use.typekit.net/phq8nwg.css
Origin
https://www.infosecurity-magazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
server
nginx
etag
"550ca47a88a465c010c13a8c017f04a91a75a9a4"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
24168
l
use.typekit.net/af/2180b4/00000000000000007735a193/30/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/2180b4/00000000000000007735a193/30/l?subset_id=2&fvd=n6&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:3::210:ee8e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a45a4393f8b7ac978e32ac46f58dad43eb83811a4b3d9f7b79cac1f864edd662

Request headers

Referer
https://use.typekit.net/phq8nwg.css
Origin
https://www.infosecurity-magazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
server
nginx
etag
"d42a9fe146eae2c4c65475dbd44806c5aed58d8b"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
23312
l
use.typekit.net/af/32b0e4/00000000000000007735a185/30/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/32b0e4/00000000000000007735a185/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:3::210:ee8e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
4f8059cfd6739160b9073e937833a58c728a9791b380f27fcf2d047d76951155

Request headers

Referer
https://use.typekit.net/phq8nwg.css
Origin
https://www.infosecurity-magazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
server
nginx
etag
"dead750a1d4bc579636464295fb9e45aa84c4884"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
45468
605bfdcb-abca-4e31-9902-3a3d746228ce.png
assets.infosecurity-magazine.com/s3/infosec-media/images/profile/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.infosecurity-magazine.com/s3/infosec-media/images/profile/605bfdcb-abca-4e31-9902-3a3d746228ce.png?width=64&height=64&mode=crop&scale=both&format=webp
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.140.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-140-22.lhr50.r.cloudfront.net
Software
RX /
Resource Hash
07ac84596d158248a60c2f747f609a508e6e2f1980a23f0608caee79a30291b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 22:17:45 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
1.1 e9b7f6a49ef1905c7ce18301f0e01a9c.cloudfront.net (CloudFront)
x-aspnet-version
4.0.30319
x-amz-cf-pop
LHR50-P7
age
59886
x-cache
Hit from cloudfront
content-length
1686
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
server
RX
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public
x-amz-cf-id
mjdjG6cdXX8Fv2Pfg-cJuCGgHHYG1VohvaB4RGqFvd57-qmjOqvs5A==
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		72 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
820575ecde7f9170-FRA
access-control-allow-headers
Content-Type
/
www.infosecurity-magazine.com/account-buttons/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/account-buttons/?time=1699023351705
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
4e916eb59cd64cce6fc41e3355180f0284ae0edc2602686431e90f2e7f082652
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-NewRelic-ID
Vg8GV1ZVCxACUFBSAgMEV1c=
tracestate
2916063@nr=0-1-2916063-322535572-4d2c5ee1540ed26d----1699023351710
traceparent
00-9ac18a63d321df737ce4bcae27a32f14-4d2c5ee1540ed26d-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MTYwNjMiLCJhcCI6IjMyMjUzNTU3MiIsImlkIjoiNGQyYzVlZTE1NDBlZDI2ZCIsInRyIjoiOWFjMThhNjNkMzIxZGY3MzdjZTRiY2FlMjdhMzJmMTQiLCJ0aSI6MTY5OTAyMzM1MTcxMH19
Accept
*/*
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
X-Requested-With
XMLHttpRequest

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options
nosniff
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
content-length
240
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
pragma
no-cache
referrer-policy
same-origin
server
RX
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers
Content-Type
x-amz-cf-id
f3fi5Ml97xEgwI1IBT0l69__2RqkW4ZL7QUcvAyNM5-GI-OgObISSw==
expires
-1
/
www.infosecurity-magazine.com/nav/mobile/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.infosecurity-magazine.com/nav/mobile/
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-67.fra60.r.cloudfront.net
Software
RX /
Resource Hash
53fc4495c7705b2373e2b73ec881c82dffb40cfbd744d8e5bd8ba7f5a018575b
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-NewRelic-ID
Vg8GV1ZVCxACUFBSAgMEV1c=
tracestate
2916063@nr=0-1-2916063-322535572-184b738a1fcf4a96----1699023351714
traceparent
00-febc45030efbc02a26ecb08b127f6f52-184b738a1fcf4a96-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MTYwNjMiLCJhcCI6IjMyMjUzNTU3MiIsImlkIjoiMTg0YjczOGExZmNmNGE5NiIsInRyIjoiZmViYzQ1MDMwZWZiYzAyYTI2ZWNiMDhiMTI3ZjZmNTIiLCJ0aSI6MTY5OTAyMzM1MTcxNH19
Accept
*/*
Referer
https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
X-Requested-With
XMLHttpRequest

Response headers

date
Fri, 03 Nov 2023 14:55:51 GMT
content-security-policy
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options
nosniff
content-encoding
br
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
referrer-policy
same-origin
server
RX
x-frame-options
SAMEORIGIN
access-control-allow-methods
*
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cache-control
private
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers
Content-Type
x-amz-cf-id
-kcTHMsh0iEsBzW_xF0y5bfWfTLH1krK8OE9466l2RUHu3UHw_t_PA==
ads
securepubads.g.doubleclick.net/gampad/ 		30 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=659215907427172&correlator=3343294948407219&output=ldjh&gdfp_req=1&vrg=202310300101&ptt=17&impl=fifs&iu_parts=1165%2Crx_infosecurity_magazine%2Cnews%2Cspy-module-whatsapp-mods&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1699023351962&lmt=1698944071&adxs=436&adys=8&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&vis=1&psz=1600x50&msz=728x50&fws=0&ohw=0&ga_vid=18218879.1699023352&ga_sid=1699023352&ga_hid=1165725466&ga_fc=true&dlt=1699023351044&idt=791&cust_params=topics%3DApplication%2520Security%252CCybercrime%252CInternet%2520Security%252CMalware%252CMobile%2520Security%252CMobile%2520Application%2520Security%252CSecure%2520Coding%252CPhishing%252CThreat%2520Intelligence%252CIM%2520Security%252CThreats%252C%2520Exploits%2520and%2520Vulnerabilities&adks=2718483810&frm=20
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4bc59d938c370352d3f6dba13a1894214ae7799cee0429916da77adebfcf73f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13086
x-xss-protection
0
google-lineitem-id
6387201834
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138448121375
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.infosecurity-magazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		46 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=659215907427172&correlator=3880745644289079&output=ldjh&gdfp_req=1&vrg=202310300101&ptt=17&impl=fifs&iu_parts=1165%2Crx_infosecurity_magazine%2Cnews%2Cspy-module-whatsapp-mods&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1699023351976&lmt=1698944071&adxs=1046&adys=770&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&vis=1&psz=364x331&msz=300x250&fws=0&ohw=0&ga_vid=18218879.1699023352&ga_sid=1699023352&ga_hid=1165725466&ga_fc=true&dlt=1699023351044&idt=791&cust_params=topics%3DApplication%2520Security%252CCybercrime%252CInternet%2520Security%252CMalware%252CMobile%2520Security%252CMobile%2520Application%2520Security%252CSecure%2520Coding%252CPhishing%252CThreat%2520Intelligence%252CIM%2520Security%252CThreats%252C%2520Exploits%2520and%2520Vulnerabilities&adks=46218247&frm=20
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7d472051cb5527ba5bee326e734963109bc52e0edc329a28b1479890708f5d7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17538
x-xss-protection
0
google-lineitem-id
6383828049
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138447248124
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.infosecurity-magazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		30 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=659215907427172&correlator=711943062904953&output=ldjh&gdfp_req=1&vrg=202310300101&ptt=17&impl=fifs&iu_parts=1165%2Crx_infosecurity_magazine%2Cnews%2Cspy-module-whatsapp-mods&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1699023351983&lmt=1698944071&adxs=436&adys=1142&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&vis=1&psz=1600x50&msz=728x50&fws=512&ohw=0&ga_vid=18218879.1699023352&ga_sid=1699023352&ga_hid=1165725466&ga_fc=true&dlt=1699023351044&idt=791&cust_params=topics%3DApplication%2520Security%252CCybercrime%252CInternet%2520Security%252CMalware%252CMobile%2520Security%252CMobile%2520Application%2520Security%252CSecure%2520Coding%252CPhishing%252CThreat%2520Intelligence%252CIM%2520Security%252CThreats%252C%2520Exploits%2520and%2520Vulnerabilities&adks=1680517896&frm=20
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18d884e8a77b6671e05339f54d08deae7deea696359ee60bf818ce1ce5acc896
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12971
x-xss-protection
0
google-lineitem-id
6387201834
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138448121375
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.infosecurity-magazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E1B1 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 14:55:52 GMT
expires
Sat, 02 Nov 2024 14:55:52 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		262 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0d907025f613848f5cc4734460fcfa67973b07ee888afb04cbea7be802ea7586
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
90186
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 03 Nov 2023 14:55:52 GMT
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 03 Nov 2023 14:55:52 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
tG6DWcPP1KaO5AuQUkWhTkO1vxvR9kWfUmBksruG/kQlOf0pUMsa62R1yb5o4vfe+MlWivU89ZJBdsmLNwngIw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
oct.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100093-IAD, cache-fra-eddf8230103-FRA
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202308.2.0/ 		421 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
B7RJGeSCnZZuAb1NQkB81w==
age
16785
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
103637
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:26:02 GMT
server
cloudflare
etag
0x8DBB9A2763B37CA
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
21d158e6-101e-007e-2a3b-eca9c4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575ee8fe4914a-FRA
tag.aspx
ml314.com/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?3102023
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
556b62129d954b0d5b92c4f286ec0234774ac6d41353a3c84f8349fa94d88cf1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:36:53 GMT
via
1.1 google
content-encoding
br
age
1139
x-guploader-uploadid
ABPtcPq_JuJbTtpkS5wBU3YvWxSvFbaJEcI7j9ZIPb_zPN_2SV4Oqz061xS7sqhTRAF6GcQQHPhQbEfXg9oaEKrwXsve4xSaFZZS
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10209
last-modified
Fri, 12 May 2023 18:40:12 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1683916812364920
x-goog-hash
crc32c=mZ+Z9w==, md5=kd+C792N6TsjSfrrJlopCg==
content-type
application/javascript
cache-id
FRA-1209ea83
cache-control
public,max-age=3600
x-cache-hit
hit
x-goog-stored-content-length
32213
accept-ranges
bytes
container.html
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 43BC 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 14:55:52 GMT
expires
Sat, 02 Nov 2024 14:55:52 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 845F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuII_JMhllDTX_CawvtKJ5Wd4fSNGUWjn7-ickXh8IXCL0g3Q8F758E0c4B6h0gmy_xgKinkCNgdf5oIWyCrmYJm5qsHznutTS2QqRhUGx2lfpv1utJ4p2D1UgI_etZgZZsI_MXHud4_TJCmTAom25UJLPUFf2LrQiOJQb3wipOftkGeVocEuVBxObbaNnq7YoR77a9hdoLk0C2tkp3wJCh1yRBI787MSBjYHhgEzN7pwmLQCh4K8oO6hWQxZ7pkIrr6uiAuSwVrJrTgA9JtrVui-xx-vQqbYTycS1HUkjk92TEhi46U8MxyJ45ewlJIqi2foHiKcNjnu5KWF99MUUeiNMsMUOo20vjbC9B6lk8yrEU1y_aP1p5zynxK0T71FB9dyELopcGZq0&sai=AMfl-YQn-Kugbr4mAzZcI3aoIkkJKO8W5N5eysBJ7Z5uYOntRa2Pzv6coWIYsl3yvpoLC-Cqxdh4VH6O0E0k96TLEwe5AKNmdZDoWzAv-cfZ9ksm1nI4GTOKJgwJ6vkyhZZwizdq1eN8s1SXr4lrNhQ&sig=Cg0ArKJSzND8gYwHkBzXEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 03 Nov 2023 14:55:52 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 845F 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 11:05:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
13842
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 17 Nov 2023 11:05:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 845F 		189 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60699
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1698838693892887"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Nov 2023 14:55:52 GMT
524716509266295617
tpc.googlesyndication.com/simgad/ Frame 845F 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/524716509266295617
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6249c20fc61d558d4f76e5cc313a522398b2159b07e4e738f39523c8c042aabe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 31 Oct 2023 17:27:24 GMT
x-content-type-options
nosniff
age
250108
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
78647
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 17:20:12 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 30 Oct 2024 17:27:24 GMT
container.html
20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1AB7 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 14:55:52 GMT
expires
Sat, 02 Nov 2024 14:55:52 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 845F 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a338833f3bcad6e979f8800a8e728a77bf5cd9ffd28c5f98d371310e0da2848

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/png
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 43BC 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 11:32:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
184990
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 31 Oct 2024 11:32:42 GMT
dcmads.js
www.googletagservices.com/dcm/ Frame 43BC 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:23:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1939
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7823
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 23:04:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Fri, 03 Nov 2023 15:23:33 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 43BC 		189 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60699
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1698838693892887"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Nov 2023 14:55:52 GMT
en.json
cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/2ca9783c-e3b0-47d5-889b-bd0759260e50/ 		51 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/2ca9783c-e3b0-47d5-889b-bd0759260e50/en.json
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3e5ede41b753a0a4790584be6a9f296f37243b9cb3129a6cb8ccbce2a1a8257
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
20608
content-md5
RjwReuRxecEXv85qdtvB+A==
content-length
13474
x-ms-lease-status
unlocked
last-modified
Fri, 08 Sep 2023 08:00:07 GMT
server
cloudflare
etag
0x8DBB0419E1A236F
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6a21d968-a01e-006b-2c2a-e2be77000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575f05fb737f0-FRA
expires
Sat, 04 Nov 2023 14:55:52 GMT
utsync.ashx
ml314.com/ 		62 B
254 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=81370&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&pv=1699023352362_pjxbiwsq0&bl=en-us&cb=4838637&return=&ht=&d=&dc=&si=1699023352362_pjxbiwsq0&cid=&s=1600x1200&rp=&v=2.5.3.51
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
via
1.1 google, 1.1 google
server
Google Frontend
content-type
application/javascript
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
ud.ashx
in.ml314.com/ 		20 B
482 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in.ml314.com/ud.ashx?topiclimit=&cb=3102023&v=2.5.3.51
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.214.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-214-177.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Fri, 03 Nov 2023 14:55:52 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public
Connection
keep-alive
Content-Length
138
Expires
Sat, 04 Nov 2023 14:55:52 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1AB7 		24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 11:32:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
184990
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 31 Oct 2024 11:32:42 GMT
dcmads.js
www.googletagservices.com/dcm/ Frame 1AB7 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:23:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1939
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7823
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 23:04:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Fri, 03 Nov 2023 15:23:33 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1AB7 		189 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60699
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1698838693892887"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Nov 2023 14:55:52 GMT
580638648955413
connect.facebook.net/signals/config/ 		140 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/580638648955413?v=2.9.138&r=stable&domain=www.infosecurity-magazine.com
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
294a8c22bf22c1757b6bc7e7fcce4a5e714ed5ff54de47d9ef99f4234f045c65
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 03 Nov 2023 14:55:52 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
L3dV4ZIHFFrl8JXU455IOwWhSI71RROif9kbmxRpQEbF2UbG22fvtxNde6L90Sf/iX+bJvFB0z2XgY1Fz3RWvw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
264 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-8VSXE5KKGM&gtm=45je3b11v898772242z878347448&_p=1699023351482&_gaz=1&gcd=11l1l1l1l1&cid=18218879.1699023352&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699023352&sct=1&seg=0&dl=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&dt=Spy%20Module%20Discovered%20in%20WhatsApp%20Mods%20-%20Infosecurity%20Magazine&en=page_view&_fv=1&_ss=1&tfd=1646
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.infosecurity-magazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
264 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8VSXE5KKGM&cid=18218879.1699023352&gtm=45je3b11v898772242z878347448&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.infosecurity-magazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8VSXE5KKGM&cid=18218879.1699023352&gtm=45je3b11v898772242z878347448&aip=1&z=36245666
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=1&eci=1&event_id=78d590ef-2c21-4a46-b0f0-b38acfc8bb56&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e0839743-6da7-4ab3-8af7-9de9536d1a39&tw_document_href=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o7tzd&type=javascript&version=2.3.29
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-response-time
109
date
Fri, 03 Nov 2023 14:55:52 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
5605bb92274d4dc0
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
b1c40949a14b0552f8fb58d6d02877c7047d41fa62707b7ff7c1b54e61ee4ebb
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=1&eci=1&event_id=78d590ef-2c21-4a46-b0f0-b38acfc8bb56&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e0839743-6da7-4ab3-8af7-9de9536d1a39&tw_document_href=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o7tzd&type=javascript&version=2.3.29
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-response-time
104
date
Fri, 03 Nov 2023 14:55:51 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
87f871fd41afd23e
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
88f0dfeb495a7ff7093a6e0237dd2253cc1f09cc5a57b14d80c3ab0d003eb7a2
content-length
43
view
securepubads.g.doubleclick.net/pcs/ Frame 845F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssrhXMp1Sx2nbeslByJVVqxW9cz73v8rHKyozRxPc-nSzMr5IJGu625qPnxcncw5z_wzFrqH43Ouc3F49_2_ycGQY2xiHsXSBdqIrFCSZuAvMen6rF3rbigzZPgcXagdIBBCbyoi25jM80GeLaLLmsIFPjEhGefOvexBq-za3KF3HQqhk2zbelxQ0uPsf2xZkiAwuST8NrE_Cdhjatg-Oh9NWNfBX5A1iIvmf-ozQUaZMxjPbU05wUhJ8VhnutRRWVN6E_oBw9exc9RfP3dU41zvpdr2qW5Hf3olzPVMvK9CZYrMSA6LfyLQ9lj4y2aFVUm5qHwP8CA2JuENbPLcRVQatxNu52NMcmaA8JYJ4W00n1NOUh8J7coDYHKHTcdrpfBagQu9QnY0_99AQ&sai=AMfl-YTQfiAm6t3exzlceQwX6ImB9dVaJ4fjc-BxebUWQXlAwnwLUUtttqdghLXr9Ayxc_EHAMsO_ZsotDoU8a2ypaU4kpoYLXNnJ5ThKq3MynGnRhVy3lUNKKaXCdEPl4XT4W-ERUuzxyZKP2XlIQ8&sig=Cg0ArKJSzC2bRuFLnUvfEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 03 Nov 2023 14:55:52 GMT
js
www.googletagmanager.com/gtag/ 		207 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-875375440
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
530fbc39f85c0529d63fb512cf493ee06618a93ffe82195ae4471872bb099db8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76169
x-xss-protection
0
last-modified
Fri, 03 Nov 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 03 Nov 2023 14:55:52 GMT
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCenterRounded.json
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
lVxK9llV8eU2kvSDRI+c8w==
age
20607
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2626
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:25:55 GMT
server
cloudflare
etag
0x8DBB9A272739A66
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0364bcdf-f01e-0066-1a9c-eb76a3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575f1f9b337f0-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 		62 KB
15 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otPcCenter.json
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b78d22857981449097f8c6afcc0159c0c67d071d3ba92ded2386d0e09aac17f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
WCXObRDj43OZp6c5Nb0COw==
age
76485
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
15020
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:25:55 GMT
server
cloudflare
etag
0x8DBB9A2725CBA66
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
c35418d1-401e-0097-7e49-ec6f8e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575f1f9b837f0-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCommonStyles.css
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
18066
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:26:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
36cd186e-701e-000a-1749-ec9d34000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
820575f1f9bc37f0-FRA
view
securepubads.g.doubleclick.net/pcs/ Frame 43BC 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuVned4lfRhOeHaKDwJQMqpaTuNOfXzRhwl6FSwScK_Sfi5W-cI8WM71BWsu1PurPSP0YXwAEoM6aOAm5MR0xGOBhF2OIoQAeaqYFWvKwr3d69DHACHS_HK19ZGweNJKY9D_exhB-shdrXiT7Fv9HFc-S-ZSfBkPNYntMuayhzZ9jl80dweVWRV-sima_Jjkm5tO3ylIMF-Cu0ZthtERqRAsc942pP9659_8Zj4xMuCo11v63JBx7txKFDdcNH3K02qd8zz8GlhwpBl3aBtoGlWbe-3JqhuQXpQW-8dwsvFFlCPeIbpZkxVUtN7wqGm4ffdys-5YaM-Cr3Qskl2tKNwwJ4FNnXyzRqEO8FjAoM13SPVBdlL0kzyKTSZqOfXqPx4owmjzRyVPGRWb_gjeKWXN3L8vMdRWQ&sai=AMfl-YRbaeiQMLWCgN0o2UiJnKH_3f_90SDBFKYO0Eg7joM6dYSFvkiHRMi11_hhnKG6DnO1IwgAHkFOkwx5c7UJ4qfNvUDf58Pty-N7XpvZs4XW0t61J1bJk-1iSIEAxxw8pkuh4StgzWnZ0iEg9hIZ&sig=Cg0ArKJSzMZYtomQ9uroEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 1AB7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstf9xrr9hfdwAJfgpEQXsusy1Z7jIR7MT7W2CuPAQdI4LDT-g_1IFNYWLQgLLuUK_QzIXuRd74Ms6MUnISFzhh6ElE2GzFpzBK2rQOEYQjqdwDrbYgP9A_wCThs1XZbWdNv7ZncG6m7vjVERrrT03dsksYaMHy8jblXBvtArSlpvTSe2s_P3o2Z8uPRqr3dQ1zUoQPjVFFoaOZlSnJjkg6_rTub_SlGiR17jbZbtBPNlpbnayojrvtJwVQzja8147omze6m5p1h4JqcxArvBt67gYRw0bxqH5Go05oyvBn36NcxZc6qm62Y1zRbH1K7zEyp1QRvq2rs247pPvm8_AH7t3i7nLfIVoXXpk4BOBgkZW6kjuTQDaAkSOySjBkvQJOA_LKtrb_1vyJzMDo5WabLZnBCIjH1nQ&sai=AMfl-YQw5JEiQbgl7e5iaRmRY1TJSlJmDLHr-9hfrIL6uyf-tFEFcM3W0et7zoizNVlRsaED87r-2K8eoKjql7bQ4tNUqqX7pVoMDXk8K0PxSuD3mv6JgD6tM1AlO6xgD3IiruLe9S5kYb8bPejfMfs&sig=Cg0ArKJSzOl2CrYNW8biEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
impl_v99.js
www.googletagservices.com/dcm/ Frame 43BC 		59 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v99.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 14:24:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
88274
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23872
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 14:22:33 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 01 Nov 2024 14:24:38 GMT
impl_v99.js
www.googletagservices.com/dcm/ Frame 1AB7 		59 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v99.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 14:24:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
88274
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23872
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 14:22:33 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 01 Nov 2024 14:24:38 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=580638648955413&ev=PageView&dl=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&rl=&if=false&ts=1699023352711&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1699023352707.1417469539&cs_est=true&ler=empty&it=1699023352387&coo=false&rqm=GET
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 03 Nov 2023 14:55:52 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH...
ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/ Frame 43BC 		68 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH8e9sBMN0PEYCGIAUlAY12N6BHpQoHpLHbxdmbIFLi6qN8VSqB8WgpHZP9QnmPkVs54fqtaCChpbIOOilv_8Fx76E0H2pwD_cJk-MCmh9VOa-5DUErjWTpBKc55CPgEfi_1wwLgKwh1vLvZ-ifzSQL8y_QSwA7gEbirvbvIXFXyHQ3FelZulqfynVfhu-BwiiSz59BN7YWUDUege_B0dzv3_YT4rpkWAEtqK0kuWEpBj0NcR1EVZlHIk-WYu7j8flYK66h2UYQMNiRnikKvjQ57lN24KP0uChLeF-XT9y0FswdnPu6fUWptteCyNrIMkpEQIOg5yq-V0dy1YK3Us2sIoQVvTOkysLHdTsC-ONTnrOBU%26sai%3DAMfl-YQtrHCfnLVQ3tomfnDHsGVKUt7DbnonfGbapcavLf60ShfRxqYsL_5o2sD9_LwhZHwezy13BI8GnVMW-8TBkHcdsAOcMjsdLsegd359Nhgfl8pTPB8eEdPTwm4AgFF87O1seVEWoSpoL9saIcNT%26sig%3DCg0ArKJSzFlGRHNGs8JiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=93;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v99.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f6.1e100.net
Software
cafe /
Resource Hash
6bb2290fbbc2bcde7794fb024d865c32224c674c8692d39a309db83114768059
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31376
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
B29595140.362265631;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=153375247;ord=gt2v1m;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsscFljlxJntKL8HGLtHPSyonMMbR3N_4r-TFmiEMy4Eoq...
ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/ Frame 1AB7 		68 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=153375247;ord=gt2v1m;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsscFljlxJntKL8HGLtHPSyonMMbR3N_4r-TFmiEMy4EoqJrky5o9NzyOpB_I3CCxkf5z1VTTFVGnYwzlQinK7SL5_rb3FOfH1yyVeah3n0zgNQIVbBtvaG6i5KwWh68enRhXMNpQro_SbibDoM3K-0fOmpO1EYrSZFc8f8KlG81BbY8DpweG51_62dTvCg6TvJJKQmRw5Rvh2Q-OgeblqeMzNQpJN882WLmRaNoknamJmK4BgAUxsL7Wf1aaawFY9oHxIDdm-xHi3NZ7jV5T7p9I7srQi58rDUbWff9SGaGUORHfqoVkZjGS8cQ2Cbnijrf9lUwk79pjyuDXeJYXM5Sk2iJuHIzLhwcwTe9PVqZGosMcW6xxKndtSQxRLZ2bDbAeueRiCI%26sai%3DAMfl-YQGdsIilQVDvhlCgtrSmNoQA4_E2XHfSrGx0bYPbVGu9xNuicOLhGAaPrV_CS_UuEsvvzyWhZgJvOW1k4AJYLppKLyNcL9Rb-CVXvjGUxjPrItaHT7p1XFSqmtui8MWvXT4doY5HUGCzHVmbhs%26sig%3DCg0ArKJSzDROfnYbKxgqEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=64;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v99.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f6.1e100.net
Software
cafe /
Resource Hash
a8c12e465e0bcb94473e9b976211c4d42a49a024922896e5fa0953b8f9f6a88f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31642
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/875375440/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/875375440/?random=1699023352751&cv=11&fst=1699023352751&bg=ffffff&guid=ON&async=1&gtm=45be3b11v892578457&gcd=11l1l1l1l1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&hn=www.googleadservices.com&frm=0&tiba=Spy%20Module%20Discovered%20in%20WhatsApp%20Mods%20-%20Infosecurity%20Magazine&auid=971822002.1699023353&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ccce220d05bbf8dbcb8a8a323a3bf2964cde2ddc1c27b6fc1f18e8f41df30661
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1323
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/875375440/ 		42 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/875375440/?random=1699023352751&cv=11&fst=1699020000000&bg=ffffff&guid=ON&async=1&gtm=45be3b11v892578457&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&frm=0&tiba=Spy%20Module%20Discovered%20in%20WhatsApp%20Mods%20-%20Infosecurity%20Magazine&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQDICaaNLFXo1nkLrl1uLbw7FIvEqAnk51fTfNOatbZKqheX-ZdMJhx5&random=3594647919&rmt_tld=0&ipr=y
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/875375440/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/875375440/?random=1699023352751&cv=11&fst=1699020000000&bg=ffffff&guid=ON&async=1&gtm=45be3b11v892578457&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&frm=0&tiba=Spy%20Module%20Discovered%20in%20WhatsApp%20Mods%20-%20Infosecurity%20Magazine&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQDICaaNLFXo1nkLrl1uLbw7FIvEqAnk51fTfNOatbZKqheX-ZdMJhx5&random=3594647919&rmt_tld=1&ipr=y
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:52 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 1AB7 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=153375247;ord=gt2v1m;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsscFljlxJntKL8HGLtHPSyonMMbR3N_4r-TFmiEMy4EoqJrky5o9NzyOpB_I3CCxkf5z1VTTFVGnYwzlQinK7SL5_rb3FOfH1yyVeah3n0zgNQIVbBtvaG6i5KwWh68enRhXMNpQro_SbibDoM3K-0fOmpO1EYrSZFc8f8KlG81BbY8DpweG51_62dTvCg6TvJJKQmRw5Rvh2Q-OgeblqeMzNQpJN882WLmRaNoknamJmK4BgAUxsL7Wf1aaawFY9oHxIDdm-xHi3NZ7jV5T7p9I7srQi58rDUbWff9SGaGUORHfqoVkZjGS8cQ2Cbnijrf9lUwk79pjyuDXeJYXM5Sk2iJuHIzLhwcwTe9PVqZGosMcW6xxKndtSQxRLZ2bDbAeueRiCI%26sai%3DAMfl-YQGdsIilQVDvhlCgtrSmNoQA4_E2XHfSrGx0bYPbVGu9xNuicOLhGAaPrV_CS_UuEsvvzyWhZgJvOW1k4AJYLppKLyNcL9Rb-CVXvjGUxjPrItaHT7p1XFSqmtui8MWvXT4doY5HUGCzHVmbhs%26sig%3DCg0ArKJSzDROfnYbKxgqEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=64;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 19:21:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
70439
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 19:21:54 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 1AB7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuj96f_kNy-AL7AZEOqW2D3gwBdFDKcm9SGRB-9qmX3B6vCfvZGBM_2UM5V2mWsZD-S8ptl8URFrU8wJHZdhNPQ6sKNU9jcOAJsuLWX023D3wodUfKruDQG0QR81-AiAgaNjFJyfSoZCCD__ZIV0Cb01ZOG5UjsIiPyZJ3u6-Y3Qgc0d_9PAFDcWncJDuM&sai=AMfl-YSbsqvV7EkyMwAljXIlx3yF9lMSTqOjNY4QhziQVo8HF-T3UezBCbTXs4ENReaYLbt1-JO_lkq3V8qweTiJp0qGe8nkr0xgm9-kpw&sig=Cg0ArKJSzOTLiWabqZznEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231101.48768&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=153375247;ord=gt2v1m;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsscFljlxJntKL8HGLtHPSyonMMbR3N_4r-TFmiEMy4EoqJrky5o9NzyOpB_I3CCxkf5z1VTTFVGnYwzlQinK7SL5_rb3FOfH1yyVeah3n0zgNQIVbBtvaG6i5KwWh68enRhXMNpQro_SbibDoM3K-0fOmpO1EYrSZFc8f8KlG81BbY8DpweG51_62dTvCg6TvJJKQmRw5Rvh2Q-OgeblqeMzNQpJN882WLmRaNoknamJmK4BgAUxsL7Wf1aaawFY9oHxIDdm-xHi3NZ7jV5T7p9I7srQi58rDUbWff9SGaGUORHfqoVkZjGS8cQ2Cbnijrf9lUwk79pjyuDXeJYXM5Sk2iJuHIzLhwcwTe9PVqZGosMcW6xxKndtSQxRLZ2bDbAeueRiCI%26sai%3DAMfl-YQGdsIilQVDvhlCgtrSmNoQA4_E2XHfSrGx0bYPbVGu9xNuicOLhGAaPrV_CS_UuEsvvzyWhZgJvOW1k4AJYLppKLyNcL9Rb-CVXvjGUxjPrItaHT7p1XFSqmtui8MWvXT4doY5HUGCzHVmbhs%26sig%3DCg0ArKJSzDROfnYbKxgqEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=64;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 1AB7 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=153375247;ord=gt2v1m;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsscFljlxJntKL8HGLtHPSyonMMbR3N_4r-TFmiEMy4EoqJrky5o9NzyOpB_I3CCxkf5z1VTTFVGnYwzlQinK7SL5_rb3FOfH1yyVeah3n0zgNQIVbBtvaG6i5KwWh68enRhXMNpQro_SbibDoM3K-0fOmpO1EYrSZFc8f8KlG81BbY8DpweG51_62dTvCg6TvJJKQmRw5Rvh2Q-OgeblqeMzNQpJN882WLmRaNoknamJmK4BgAUxsL7Wf1aaawFY9oHxIDdm-xHi3NZ7jV5T7p9I7srQi58rDUbWff9SGaGUORHfqoVkZjGS8cQ2Cbnijrf9lUwk79pjyuDXeJYXM5Sk2iJuHIzLhwcwTe9PVqZGosMcW6xxKndtSQxRLZ2bDbAeueRiCI%26sai%3DAMfl-YQGdsIilQVDvhlCgtrSmNoQA4_E2XHfSrGx0bYPbVGu9xNuicOLhGAaPrV_CS_UuEsvvzyWhZgJvOW1k4AJYLppKLyNcL9Rb-CVXvjGUxjPrItaHT7p1XFSqmtui8MWvXT4doY5HUGCzHVmbhs%26sig%3DCg0ArKJSzDROfnYbKxgqEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=64;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:17:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
2273
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 14:17:59 GMT
13854587416233782547
s0.2mdn.net/simgad/ Frame 1AB7 		5 MB
5 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/13854587416233782547
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 12:27:51 GMT
x-content-type-options
nosniff
age
8882
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4914069
x-xss-protection
0
last-modified
Wed, 15 Mar 2023 20:01:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 02 Nov 2024 12:27:51 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1AB7 		189 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60699
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1698838693892887"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Nov 2023 14:55:53 GMT
13854587416233782547
s0.2mdn.net/simgad/ Frame 43BC 		5 MB
5 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/13854587416233782547
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH8e9sBMN0PEYCGIAUlAY12N6BHpQoHpLHbxdmbIFLi6qN8VSqB8WgpHZP9QnmPkVs54fqtaCChpbIOOilv_8Fx76E0H2pwD_cJk-MCmh9VOa-5DUErjWTpBKc55CPgEfi_1wwLgKwh1vLvZ-ifzSQL8y_QSwA7gEbirvbvIXFXyHQ3FelZulqfynVfhu-BwiiSz59BN7YWUDUege_B0dzv3_YT4rpkWAEtqK0kuWEpBj0NcR1EVZlHIk-WYu7j8flYK66h2UYQMNiRnikKvjQ57lN24KP0uChLeF-XT9y0FswdnPu6fUWptteCyNrIMkpEQIOg5yq-V0dy1YK3Us2sIoQVvTOkysLHdTsC-ONTnrOBU%26sai%3DAMfl-YQtrHCfnLVQ3tomfnDHsGVKUt7DbnonfGbapcavLf60ShfRxqYsL_5o2sD9_LwhZHwezy13BI8GnVMW-8TBkHcdsAOcMjsdLsegd359Nhgfl8pTPB8eEdPTwm4AgFF87O1seVEWoSpoL9saIcNT%26sig%3DCg0ArKJSzFlGRHNGs8JiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=93;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 12:27:51 GMT
x-content-type-options
nosniff
age
8882
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4914069
x-xss-protection
0
last-modified
Wed, 15 Mar 2023 20:01:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 02 Nov 2024 12:27:51 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 43BC 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH8e9sBMN0PEYCGIAUlAY12N6BHpQoHpLHbxdmbIFLi6qN8VSqB8WgpHZP9QnmPkVs54fqtaCChpbIOOilv_8Fx76E0H2pwD_cJk-MCmh9VOa-5DUErjWTpBKc55CPgEfi_1wwLgKwh1vLvZ-ifzSQL8y_QSwA7gEbirvbvIXFXyHQ3FelZulqfynVfhu-BwiiSz59BN7YWUDUege_B0dzv3_YT4rpkWAEtqK0kuWEpBj0NcR1EVZlHIk-WYu7j8flYK66h2UYQMNiRnikKvjQ57lN24KP0uChLeF-XT9y0FswdnPu6fUWptteCyNrIMkpEQIOg5yq-V0dy1YK3Us2sIoQVvTOkysLHdTsC-ONTnrOBU%26sai%3DAMfl-YQtrHCfnLVQ3tomfnDHsGVKUt7DbnonfGbapcavLf60ShfRxqYsL_5o2sD9_LwhZHwezy13BI8GnVMW-8TBkHcdsAOcMjsdLsegd359Nhgfl8pTPB8eEdPTwm4AgFF87O1seVEWoSpoL9saIcNT%26sig%3DCg0ArKJSzFlGRHNGs8JiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=93;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Thu, 02 Nov 2023 19:21:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
70439
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 19:21:54 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 43BC 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssp3NPm1cek18kY_0jYdRQ6KIuAu7Wx3yU4wXlXipkZW7RLHAitcNrul_FFXLmcFuXECTQcc7_BxNygbjcPHaMhxogXYiR50Ni4l9NbdKbcLLh8Q-sqvoC8nfmBd2Lmzm-A7UH9NVTu41RJQahshZUQrZMNE62e9q6Yvrgo3KVBFewEeoBFDuqrXR8Emqk&sai=AMfl-YRvRkCJBcONVgsxV6x5t9xGelhuGwTNA9rdj_OWEqpZIakP6obuTmwuph22Oe9cFC6Q4L42smIxi_ZcLQGXLIgbnwcALXsIvIA3mw&sig=Cg0ArKJSzPQr-8qujGJsEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=1&cisv=r20231101.93661&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH8e9sBMN0PEYCGIAUlAY12N6BHpQoHpLHbxdmbIFLi6qN8VSqB8WgpHZP9QnmPkVs54fqtaCChpbIOOilv_8Fx76E0H2pwD_cJk-MCmh9VOa-5DUErjWTpBKc55CPgEfi_1wwLgKwh1vLvZ-ifzSQL8y_QSwA7gEbirvbvIXFXyHQ3FelZulqfynVfhu-BwiiSz59BN7YWUDUege_B0dzv3_YT4rpkWAEtqK0kuWEpBj0NcR1EVZlHIk-WYu7j8flYK66h2UYQMNiRnikKvjQ57lN24KP0uChLeF-XT9y0FswdnPu6fUWptteCyNrIMkpEQIOg5yq-V0dy1YK3Us2sIoQVvTOkysLHdTsC-ONTnrOBU%26sai%3DAMfl-YQtrHCfnLVQ3tomfnDHsGVKUt7DbnonfGbapcavLf60ShfRxqYsL_5o2sD9_LwhZHwezy13BI8GnVMW-8TBkHcdsAOcMjsdLsegd359Nhgfl8pTPB8eEdPTwm4AgFF87O1seVEWoSpoL9saIcNT%26sig%3DCg0ArKJSzFlGRHNGs8JiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=93;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 43BC 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH8e9sBMN0PEYCGIAUlAY12N6BHpQoHpLHbxdmbIFLi6qN8VSqB8WgpHZP9QnmPkVs54fqtaCChpbIOOilv_8Fx76E0H2pwD_cJk-MCmh9VOa-5DUErjWTpBKc55CPgEfi_1wwLgKwh1vLvZ-ifzSQL8y_QSwA7gEbirvbvIXFXyHQ3FelZulqfynVfhu-BwiiSz59BN7YWUDUege_B0dzv3_YT4rpkWAEtqK0kuWEpBj0NcR1EVZlHIk-WYu7j8flYK66h2UYQMNiRnikKvjQ57lN24KP0uChLeF-XT9y0FswdnPu6fUWptteCyNrIMkpEQIOg5yq-V0dy1YK3Us2sIoQVvTOkysLHdTsC-ONTnrOBU%26sai%3DAMfl-YQtrHCfnLVQ3tomfnDHsGVKUt7DbnonfGbapcavLf60ShfRxqYsL_5o2sD9_LwhZHwezy13BI8GnVMW-8TBkHcdsAOcMjsdLsegd359Nhgfl8pTPB8eEdPTwm4AgFF87O1seVEWoSpoL9saIcNT%26sig%3DCg0ArKJSzFlGRHNGs8JiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=93;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:17:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
2274
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 14:17:59 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 43BC 		189 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
URL: https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60699
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1698838693892887"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Nov 2023 14:55:53 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame F749 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2252
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 14:18:21 GMT
expires
Sat, 02 Nov 2024 14:18:21 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame E4B0 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2252
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 14:18:21 GMT
expires
Sat, 02 Nov 2024 14:18:21 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 1AB7 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8140198b2275e5400f6d6770ae311bf981b166d7a07809b4f6f8fa996fdcdbb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 43BC 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2313b54b39efae512166499e8f9581f15c4d099580c913f14e022c6281c031e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/png
view
googleads4.g.doubleclick.net/pcs/ Frame 1AB7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuj96f_kNy-AL7AZEOqW2D3gwBdFDKcm9SGRB-9qmX3B6vCfvZGBM_2UM5V2mWsZD-S8ptl8URFrU8wJHZdhNPQ6sKNU9jcOAJsuLWX023D3wodUfKruDQG0QR81-AiAgaNjFJyfSoZCCD__ZIV0Cb01ZOG5UjsIiPyZJ3u6-Y3Qgc0d_9PAFDcWncJDuM&sai=AMfl-YSbsqvV7EkyMwAljXIlx3yF9lMSTqOjNY4QhziQVo8HF-T3UezBCbTXs4ENReaYLbt1-JO_lkq3V8qweTiJp0qGe8nkr0xgm9-kpw&sig=Cg0ArKJSzOTLiWabqZznEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=554&vt=11&dtpt=553&dett=2&cstd=0&cisv=r20231101.48768&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=153375247;ord=gt2v1m;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsscFljlxJntKL8HGLtHPSyonMMbR3N_4r-TFmiEMy4EoqJrky5o9NzyOpB_I3CCxkf5z1VTTFVGnYwzlQinK7SL5_rb3FOfH1yyVeah3n0zgNQIVbBtvaG6i5KwWh68enRhXMNpQro_SbibDoM3K-0fOmpO1EYrSZFc8f8KlG81BbY8DpweG51_62dTvCg6TvJJKQmRw5Rvh2Q-OgeblqeMzNQpJN882WLmRaNoknamJmK4BgAUxsL7Wf1aaawFY9oHxIDdm-xHi3NZ7jV5T7p9I7srQi58rDUbWff9SGaGUORHfqoVkZjGS8cQ2Cbnijrf9lUwk79pjyuDXeJYXM5Sk2iJuHIzLhwcwTe9PVqZGosMcW6xxKndtSQxRLZ2bDbAeueRiCI%26sai%3DAMfl-YQGdsIilQVDvhlCgtrSmNoQA4_E2XHfSrGx0bYPbVGu9xNuicOLhGAaPrV_CS_UuEsvvzyWhZgJvOW1k4AJYLppKLyNcL9Rb-CVXvjGUxjPrItaHT7p1XFSqmtui8MWvXT4doY5HUGCzHVmbhs%26sig%3DCg0ArKJSzDROfnYbKxgqEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=64;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 1AB7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstVhklj9jzV77DycSzbxw_KXZx_tsInDOtT9GuRS0r2sTb1zrdxkNPOtgFX1T1TeWgYhRyD7NmgFc5O9-tRYxRIIzJKvUiYvyknjwl28VN9dqPIdkcDo3rlxwLmXLu6BYXc12xcn40W8PkkNgiybGOV7ezSghupSbQjfA8ZcxPeTcmYeVNivzlfwfSZpsZN-VCSBF-zY2P_nK9__GLZmq6HoA9U03EiepMBm918_9wMvEFoqNYwwy5MkGuMmlU0gQ_3CU5foQh91bfGuMYdy1sHoGDOQJb6tCIriAnihD8t1i-z482cApUWyc0y-EcXFJqKAl8I8z5R1mEPHSSZAnZdwapTykdypx0l_76vP6jzy4TEMu2_uEHD-K0NV1wu3W13440AfxXBJW-vMw&sai=AMfl-YRj0UpmE2M0-xvvU3C5DGVqALpf41ohbjdvxS3DqFzXv0eY9uVnhpc4LauQVUvbClBuggyUN5T7ih9YMJpCC565OVOTriUBwhvKSBplcuoTHGWllJhKPwxwyXt-1Xk4JZu67sfm51qdA7141UU&sig=Cg0ArKJSzGEeL6SuxJq-EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 03 Nov 2023 14:55:53 GMT
4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
pagead2.googlesyndication.com/bg/ Frame F749 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 13:40:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
4552
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15096
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 13:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 02 Nov 2024 13:40:01 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 845F 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv0tf6obOmPBXGTMOU-Hy5qvRr3bEiZkUAJQIrPBZMlAUqGr940rPR3a4wSrdRLYZ_AaK3eq2JtoHKpAWFi99gydfNlscFv-ZdlshiC0YW1ndzHPyL62wFMt8wWxT_P2Xv1KkiS-w1jTw&sig=Cg0ArKJSzCaKyijFIYMqEAE&id=lidar2&mcvt=1019&p=809,1046,1059,1346&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20231101&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=46218247&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699023352202&rpt=374&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
pagead2.googlesyndication.com/bg/ Frame E4B0 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 13:40:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
4552
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15096
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 13:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 02 Nov 2024 13:40:01 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 43BC 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssp3NPm1cek18kY_0jYdRQ6KIuAu7Wx3yU4wXlXipkZW7RLHAitcNrul_FFXLmcFuXECTQcc7_BxNygbjcPHaMhxogXYiR50Ni4l9NbdKbcLLh8Q-sqvoC8nfmBd2Lmzm-A7UH9NVTu41RJQahshZUQrZMNE62e9q6Yvrgo3KVBFewEeoBFDuqrXR8Emqk&sai=AMfl-YRvRkCJBcONVgsxV6x5t9xGelhuGwTNA9rdj_OWEqpZIakP6obuTmwuph22Oe9cFC6Q4L42smIxi_ZcLQGXLIgbnwcALXsIvIA3mw&sig=Cg0ArKJSzPQr-8qujGJsEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=787&vt=11&dtpt=785&dett=2&cstd=1&cisv=r20231101.93661&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=99.292;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=3756773004;ord=orkeqx;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstm8LyZ7mKEtFiNa9vmkHtQEuwsH8e9sBMN0PEYCGIAUlAY12N6BHpQoHpLHbxdmbIFLi6qN8VSqB8WgpHZP9QnmPkVs54fqtaCChpbIOOilv_8Fx76E0H2pwD_cJk-MCmh9VOa-5DUErjWTpBKc55CPgEfi_1wwLgKwh1vLvZ-ifzSQL8y_QSwA7gEbirvbvIXFXyHQ3FelZulqfynVfhu-BwiiSz59BN7YWUDUege_B0dzv3_YT4rpkWAEtqK0kuWEpBj0NcR1EVZlHIk-WYu7j8flYK66h2UYQMNiRnikKvjQ57lN24KP0uChLeF-XT9y0FswdnPu6fUWptteCyNrIMkpEQIOg5yq-V0dy1YK3Us2sIoQVvTOkysLHdTsC-ONTnrOBU%26sai%3DAMfl-YQtrHCfnLVQ3tomfnDHsGVKUt7DbnonfGbapcavLf60ShfRxqYsL_5o2sD9_LwhZHwezy13BI8GnVMW-8TBkHcdsAOcMjsdLsegd359Nhgfl8pTPB8eEdPTwm4AgFF87O1seVEWoSpoL9saIcNT%26sig%3DCg0ArKJSzFlGRHNGs8JiEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com$2,https%3A%2F%2F20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html$0;xdt=1;crlt=K!MUPr.Xyo;stc=1;chaa=1;sttr=93;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 43BC 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst9iMcwuhsHu2O5YHSlN06SAV8Dp1KFr8RvfqR9IVBZC3D3D0ejRj2gZJx2UxJ_bVdxAP6YvCAc3ZM5qSoiXRVkqP_8r36bL5QZF8VO_dfIGVfM7f2Ko34fivVevusjtE-EBqeJErSzCqVJSlYbxkCEP5ZLFHbcNr2qw9Zyx2E2YYIKD6IB0dmr1b8YD3QJijqAMJXaWNUXWGeLWNcI63hca29be74Y-aEOF5eHE5zxw08QpEpM5r4a5RszGgebGX9Ik8KCo8QJAujWgyY7RHvEHgnv5sT3Qx9scqtfF2SC_De-SJ32hz6zPnng_O5yeCWwSiNF1T3z8qSM8XVQkxfcek0HzavCueUn9Op5RAeDj2JkyTj-Hgem3QUjqooDb8CXh_Hvmk_Z8B21VQ&sai=AMfl-YTSQjwqgmECTH9a9tQudVe0NfsbBS_uju2QJcx1DjZoYHTph4_FJd7EnHYmLJzrbd72McQeRZIZq2aqpeiIuzx0Gnj7cdXABU7h-s5PPL1uPAmYzQNOXn2a7rZFtJAqC5e8aL5U3cySNscG2S9N&sig=Cg0ArKJSzKbvAHLNKZ-bEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 03 Nov 2023 14:55:53 GMT
nr-spa-1216.min.js
js-agent.newrelic.com/ 		49 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1216.min.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id
MElzWumrf8lREc3kORDlSWHVtEZAK4m8
content-encoding
br
via
1.1 varnish
date
Fri, 03 Nov 2023 14:55:54 GMT
strict-transport-security
max-age=300
x-amz-request-id
32QYX7CYP3SVBZFW
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
19141
x-amz-id-2
zpeR4hGaPEJ8N7wSToPc/Hl82I0OLylMeS61mx1asKAiLpidjrtRXbureUy+SXI/0YTrVdkpkJA=
x-served-by
cache-fra-eddf8230088-FRA
last-modified
Wed, 18 Oct 2023 21:31:16 GMT
server
AmazonS3
x-timer
S1699023354.138061,VS0,VE0
etag
"63e2df852d15ab21d7ff8fc4363222e8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
130303
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310300101&st=env
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e48f331851ce6730581c9d15ab56613baf3016827e786d76b2545b8654d22149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:53 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12296
x-xss-protection
0
RX_Logo_-_primary_logo_for_everyday_use.png
cdn.cookielaw.org/logos/c7f35e9f-bc78-43c8-9f0e-7cd83009704c/d5d2d0ac-164a-4501-8141-3a264a81333e/95f66c83-9442-43f5-9fb4-8a136c33442a/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/c7f35e9f-bc78-43c8-9f0e-7cd83009704c/d5d2d0ac-164a-4501-8141-3a264a81333e/95f66c83-9442-43f5-9fb4-8a136c33442a/RX_Logo_-_primary_logo_for_everyday_use.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
279b6c8b97bfb37476d6d075d1431d85a380ca36ebe6af4146844cfb135c21d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
yxwPB4FKahj/CgrZY2+Gbg==
age
32512
content-length
52319
x-ms-lease-status
unlocked
last-modified
Mon, 02 Aug 2021 09:46:17 GMT
server
cloudflare
etag
0x8D9559A5FD49D88
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
9d36135a-501e-00e4-55e1-5acbec000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
820575f9fbe4914a-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Nov 2023 14:55:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
60875
x-ms-lease-status
unlocked
last-modified
Thu, 02 Nov 2023 03:31:46 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
221880fa-b01e-0015-5340-0d2e30000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
820575f9fbe7914a-FRA
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 03 Nov 2023 14:55:54 GMT
NRJS-70b3f9b2c6f17cc4471
bam.eu01.nr-data.net/1/ 		56 B
552 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.eu01.nr-data.net/1/NRJS-70b3f9b2c6f17cc4471?a=241052313&v=1216.487a282&to=MhBSZQoZXxEDUkdRWQtacWIoV0UHD0FfWUIABh9GHRpBAwVUHVlFFQ0%3D&rst=3375&ck=1&ref=https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/&ap=11&be=272&fe=3027&dc=849&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1699023350827,%22n%22:0,%22f%22:0,%22dn%22:40,%22dne%22:40,%22c%22:40,%22s%22:81,%22ce%22:124,%22rq%22:124,%22rp%22:213,%22rpe%22:217,%22dl%22:217,%22di%22:850,%22ds%22:850,%22de%22:850,%22dc%22:3027,%22l%22:3027,%22le%22:3071%7D,%22navigation%22:%7B%7D%7D&fp=976&fcp=976&jsonp=NREUM.setToken
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:54 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
cross-origin-resource-policy
cross-origin
Connection
keep-alive
Content-Length
56
x-served-by
cache-fra-etou8220111-FRA
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 170F 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
4554
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 13:40:00 GMT
expires
Sat, 02 Nov 2024 13:40:00 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 1765 		829 B
984 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/spy-module-whatsapp-mods/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2b0b0d8c93032ba3870fa708e3ded4177b5e73d8aaa70624ca7f1b83148770ed
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nAKP-_cw0Gt4ZmJrfHO4ow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-nAKP-_cw0Gt4ZmJrfHO4ow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 03 Nov 2023 14:55:54 GMT
expires
Fri, 03 Nov 2023 14:55:54 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gen_204
pagead2.googlesyndication.com/pagead/ Frame F749 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Blt2l-AlFZcuWNZSyx_APyrC8gAoAAAAAOAHgBAI&bg=!GBulG1TNAAb4oU7C2KE7ADQBe5WfOJIkH4egM_khNoIr26P3gj17i1TSgnrmUxSjA7P1lkybkU8OEHSmuh0Hyg8i93JcAgAAAfNSAAAADGgBBwoAPoll8IFmsaHobCLY9-pqV-ORWPONkGpiPvwIZSP2T_dOCa7Z7Xs62_ytTVT0PIgEkvwnNtyZVY6bX9JwTMyamQNM_VR-WjiunbcT35LS5d5BThiWB0O__C7W4GxxzBDrgxl_bG-DN9WRLKyRYaTJr8y_g7gPxfTZISAIltemGe2x3j36POxE17kKrPuPaiC14bviwahePz4u6qqj0KlM7yYqMBHSig65ACGatXw4yGKtTgX_IiNU-56qfOHrfYtKPi0EfJlkxlcnHC5aSi3oN2wErkjpl2vFDJ703b_EkX_g9BueZ3Yqdc8KgJnyj9974K09lzP12SGEmANxGZjb1FrHpqeOz4K58TCQSUokSHpAdTdFGSmr00YQpzfOgOOFqHtxdLjx_VQWao327SL-q3xRcEHs25S5BpJv709Qn8nZe2JH4fFSWV8q6xfPcIWhFdrrDVlZgXHPklSOEswmWMHStewLv02gPZHNYUA_-VVd8UXSXrYwru-aGIs0qURR9-cE4Q_FTBKKIdQYMWWuXAyqCIQKq-bEk97yoov8nZvNWauvNltw8YylHTmL2unZDcgBfEZatKhfUoye2h2bkVKSHBA0ETVf9ZQVAivvprGFZzncUvudT5mH-o6dQPWMM7aWtfRU7hBQnrPZSi2Hq79_xW1RtluAYnEa8d1rEdCasr3yZlP9kq_d6E9JKYrqGRSeO2L5ZOvFU7Y5er_YgRTiGRccKQbCP9xTIgbd0TQQrCHoVqnlwg2QAdop0C1nDEOcGQPfZ8Q0j6j3CQ4Betq69aFUmyzrre6vUp5DRE9OaJ2TsCizWkyi9qx0TSctm6sseJ0TkynTz0sMMQgBBKIx4XJrPoMVO-RUhq22Vo7Z8hce373XWE_BQydlpP9dIMe6-hlDDgatcmHM8wZye2w_0868f8JmSqdUgyaDKu4chqx8XBmvZ77dSlmjd-QjCx2JImaAXXe8FxkYsM3EnmUk4Txu3YFZm-VLNyqw3wNF05HbJGIS5v68uRMw2L1XRyY2qz5UXbzNW45LmzRPGuZ6VHlKp7IQoUZh4vlIXCON5Hq7QeTNGwe61-1af8RkVAbjMliXLLa7fikG05Rnr_8ZMYFoXT8p9cjgAAK0J3cJbo1BQPhDkdPNC3mc75Bj_0eZsFzgLbn5bpBqSpNPe7xsx3vjhtuYqpI3rwssLx4_pdwOFPxt9xoIOGQ6EQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E4B0 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BMGRi-AlFZfihNZaf9u8PsOizmAgAAAAAOAHgBAI&bg=!DA-lD0DNAAb4oU7C2KE7ADQBe5WfOPIUeVgDED0sbY0AeVntAi9MbAT-aonMPD7EWLMhWoSacl81--mx_-nkGxRhWrsOAgAAAkVSAAAAC2gBB5kDUDEOsPtUCZUrdgV748AdX-LrLbHgQ2BHw6e7u3QykHEh_TFgISC5VoEkQf_svdLIoKudcY0062-vZIbxFq2CigO9tbY-EaXk8Jn_EThfdVpoVVC_JqQXi8WuS5I7iN59CHDa8TYEjOtPmHWo5rS0kRuFFvMXbxwnVxgfOt1SYXGc7LY7iIqxq68OUvwV-DruBOaoZ3Bo24GnLBIB15iMogJDl79q7_5MMcTAiD6P6KIEIidNVUCkDfnmdyrNgTI9O9_6bzSrhH25b-XsRhl0OjHQtlG2XqlvEnrg_ImNRG9mlOXx6OgIyLit--M_8yQeVnQjUOyBMcQPMTPJkld3UD_uedM5XZqr0pvuYNQbo7kQNu0AA9jlbMeIvRRvV6C1iJ4bTgSbvVOiGoYl6Kj5j_zWCf4SBpnh6jBtw3M-2H_B_dv0yQLeDJrGw34d2x7bOVjh-PyCf9JHjhbau8xoIhSpLfmEGMFHJ3za_-wmIzMtAkQI6OObohKXQgiVZY5yuCRrPKNcuNlOLwGkk2X1Z6nOqM6L8xcJsuy-acBtRJAWYC1S4vkTS4EfX-m_oa5X8952vrHvlRk28nAMfiGgFpuxT44a_vo8YtmxkePbXGPQKRVetId5m0uqstN9wuSdRW4O_ErzuIBUoZzPbLaEkov5y0MMjMEXJ4LacibB7OYx9fcYauhsLG8pLT_9Y6UxbKPoZUAnQjU49n5z3q3y8LrGqj96_ScCiaf23u6G0EQwFvODzFzDNhl5hB3WfoZUYE9eNnSfzpM0CHuPyaeSBgjZuCWenRnzG--HFqqPK1oVVGBhCy1e3RKDdzL0UxClEK8mYKl2ojR5JhtyuD9ox09JGBrIGVt99w1DlZ_wGN9f7Wzk6zxf3dyVOCwYEAivJzTcdiFmfExYNYGH5OlBi6UhC9zWDj6ZwSoqxY_cPceamGOICZPivsiOKtiAXSjx0VQh7-N2OOEMKHztrGxQr7RRD5qD7i0My62zGyzhs1mCB2nMGf2fZfQ_x3nkoXpIYeJ5FGTP3erFIpUw4HuZXbapAb79bY9Kozhh1WJqGQfGTjsI9aBCvIPa9IFwWVW3LevE5q4b-eO0Y0fb4lWacJwat9FaOrVATxUoOeNDMJZR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1765 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310300101&jk=659215907427172&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers
4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
pagead2.googlesyndication.com/bg/ Frame 170F 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 13:40:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
4553
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15096
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 13:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 02 Nov 2024 13:40:01 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1AB7 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsseYrXHKaxDMtdO_GFFCa_4QUtGlYDXzpjmJNZ7wwvgjmCk0UMsJceivjilOqVj5wRf-cDbBlIuVb6h_bx0ht_BXMWZ-jtJ5hWhOIm_Wx-rNvW7jtMJ9McJ7-1d&sig=Cg0ArKJSzAU8IiGRm5dHEAE&id=lidar2&mcvt=1036&p=0,0,90,728&mtos=1036,1036,1036,1036,1036&tos=1036,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=153375247&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699023352254&rpt=1277&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1AB7 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssl7igMiWGAv57UJ99V4pZFfX7L6cW2xEJSSwS1FVaWpEKll1qVG-Z7bTR16lk3iH0MuLndF7U8hzMDFj-bCF8a7Ul8mM8xs0JRC1rXtQ_d5m0R6o3o4FDM8NwMj7dKPleraVW0cMmmWA&sig=Cg0ArKJSzBHS7TtsMsPFEAE&id=lidar2&mcvt=1039&p=1102,436,1192,1164&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1680517896&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699023352254&rpt=1269&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 170F 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?Bjc4Bw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 14:55:54 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 43BC 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuVWqSm_3szJVvFKER6F_mnjQELep2JyJktMmY-UWjGD300EK0zcP6ggfRclmwIL6yeS2446OhAwL_PaX7PFYx8vCj6mhmoUVEAAedcbOG7jvwnLyrOvT5rR680c3OdiGnC24qNbUeJ7Q&sig=Cg0ArKJSzAnPjCI0pRUWEAE&id=lidar2&mcvt=1000&p=8,436,98,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2718483810&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699023352159&rpt=1683&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 43BC 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuVtE4p4GXGvZEqfoeqCvjVM25FLM_BmuR8yYYmuiakSTuqvtV00q39W2AyGRX-jOhGZQz8_iet321i5HWVxEch21ItZFhPw5eiNzJRAnSp3y8PebRQve4JTiTs&sig=Cg0ArKJSzBVD2u9qAQLHEAE&id=lidar2&mcvt=1002&p=0,0,90,728&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=3756773004&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699023352159&rpt=1691&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Nov 2023 14:55:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310300101&jk=659215907427172&bg=!UlGlUR7NAAb4oU7C2KE7ADQBe5WfOGoL1kZPstFivLBP7gZxSbMBaH2BoIGnto1SL57Co5odJRAJJ287zMvDTqH3DJyTAgAAAMhSAAAAC2gBB5kC_FcR3N56fhatbt93O_qzZSAKJ2z2LDjvPgkTMk00HhJwLc1NoPYtju7kQrex4PfRDoOrbLO1oOjtKp6zBGJqUbHRMYp0W99Gj0PM4MxMXWVbZqsJq2zmzCeEcfK8UYyurzhLLj0wjwcM-bEhpie9RbSVz2US77z1XRv9IyA89P3l6D2gIpk9m3yq3b9AfA_sSiPhlMBHd1rl7Q0S7HH-7BIB84tSA49YtqJOUQSQHAzygSVuQubD10ZrZU1ycQeZYhb-N51dfhcSJDvBjouPn6SQAZRKt0VuExuj-Bi0AjBxeKx9UMxKWZzIPA3mxhAnCy8eZeCyP6F7eTFrLdZgkA3O0ypz1mHj4PMkCY70h7mGlFFLVdFDW5bkFnz_gbjthuEmTF7n0DzwyEMw-pBJiWQ0UsWB53dvV3lwOM3XAxWIWo83fe_tgMoSU3VYZY6CvmOBmH9Z4UR-dhbj78lCMhGB4D0_PLI7Xaz8xkWqJ-DHjWrcaWRJtc5F4o2IrNZfHDgzFawVNhg5H8OTkKrsxRQe_XRGDrnc2irwEHFsGb7lUY0_2lDL6xu7NM_b69SxkhJR3qNXsJt997xsXHx2oL1bMuJ7qSCJ9hgZMUwn8iITzlRm56tBb6O6SYPzR2xxKwnrIdbSDAVXTGo5DQhv6foyFJRTbrEz3dg5MLi2dy7E2j6lvGCL85ygs7D6LnGMZ7sGDqLdTmN86_7Gi13qhgRm-JpNsHd90evfozY2VP1KGOZCJB5LVxEvmWsroxCT4YqBX8_4DeDUYnOMTg8S__h1QOZ8Q95OK_EkiiZkf8fTaRPXYIZWMdVquCLny3-1N2egzxuBizpVnmZYeEm4Xjt_k__5UOG5xleme4206l7TYeB7yFO2plBMh0yMymRrvLe3NlfdoSdbKFxx_WQhR9hwDJpaNkZzigmN9zd1hNOitI8hPq-PVMw_Az9NrPsMY8Vq2eniOwrh09xOHuEXhGLVGuA8B9L8LAinLN5Hmj6v9lefj2eYhs4WXaEe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| documentPictureInPicture object| NREUM object| newrelic function| __nr_require object| dataLayer object| OneTrustStub function| OptanonWrapper function| $ function| jQuery string| GoogleAnalyticsObject function| ga object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue object| sharelink number| webpageId object| prevalErrors undefined| obj undefined| error undefined| control string| gptZone object| gptTopics function| _ boolean| isFlyoutMenu boolean| isFlyoutOpen string| tabbableElements undefined| activeMegaDropdown function| openFlyout function| closeFlyout function| openMegaDrop function| closeMegaDrop function| megaDropFocusOutside function| saveResponse function| equalHeights function| moveToAnchor function| scrollToTop function| highlightNavigation object| ism object| gaplugins object| gaGlobal object| gaData undefined| google_measure_js_timing number| google_unique_id object| google_tag_manager string| OnetrustActiveGroups string| OptanonActiveGroups function| fbq function| _fbq object| otStubData object| _ml function| onYouTubeIframeAPIReady object| regeneratorRuntime object| twttr object| Optanon object| OneTrust function| gtag object| GooglebQhCsO object| GoogleGcLKhOms object| google_image_requests

14 Cookies

Domain/Path Name / Value
www.infosecurity-magazine.com/news/spy-module-whatsapp-mods Name: ISM.ScreenSize
Value: 1600
.infosecurity-magazine.com/ Name: _gid
Value: GA1.2.1228838921.1699023352
.infosecurity-magazine.com/ Name: __gads
Value: ID=5cd168a6a62001eb:T=1699023352:RT=1699023352:S=ALNI_Mb1VLBhdxYpNnKMih3jpbsgfNJ6TA
.infosecurity-magazine.com/ Name: __gpi
Value: UID=00000cc6bff71abd:T=1699023352:RT=1699023352:S=ALNI_MZxKsgcpIiDWr8rDRE_5OzKOyL4FQ
.doubleclick.net/ Name: IDE
Value: AHWqTUnlbMrJgps_4_Nf71G70tp66h1FocdXVvfBkL-JrQRopHZmkNec9Oht2e0Uwqs
.infosecurity-magazine.com/ Name: _ga_8VSXE5KKGM
Value: GS1.1.1699023352.1.0.1699023352.60.0.0
.infosecurity-magazine.com/ Name: _ga
Value: GA1.1.18218879.1699023352
.infosecurity-magazine.com/ Name: _fbp
Value: fb.1.1699023352707.1417469539
.twitter.com/ Name: personalization_id
Value: "v1_cNu+1GuwF55T9tSQE5a+AA=="
.infosecurity-magazine.com/ Name: _gcl_au
Value: 1.1.971822002.1699023353
.t.co/ Name: muc_ads
Value: b4cc622f-4159-422c-bda7-c27a24281e27
.doubleclick.net/ Name: APC
Value: AfxxVi5JijIdUVYsUUjeeIn7Ea6c0rOVmJiU8a5Jukvbb2ZuisRwyA
.infosecurity-magazine.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Nov+03+2023+15%3A55%3A53+GMT%2B0100+(Central+European+Standard+Time)&version=202308.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=3638e53b-c8f0-45a5-8675-784c9910bdc0&interactionCount=0&landingPath=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fspy-module-whatsapp-mods%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0
.nr-data.net/ Name: JSESSIONID
Value: dfe4e60e68b1843a

22 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'encrypted-media:'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: accelerometer, autoplay, camera, display-capture, fullscreen, geolocation, magnetometer, microphone, midi, payment, picture-in-picture, publickey-credentials-get, sync-xhr, usb, xr-spatial-tracking. Values defined in Permissions-Policy header will be used.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
other warning URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 92)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 92)
Message:
Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20d134e89cf46be720bf323352f5466e.safeframe.googlesyndication.com
ad.doubleclick.net
analytics.twitter.com
assets.infosecurity-magazine.com
bam.eu01.nr-data.net
cdn.cookielaw.org
cdn.jsdelivr.net
connect.facebook.net
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
in.ml314.com
js-agent.newrelic.com
ml314.com
p.typekit.net
pagead2.googlesyndication.com
region1.analytics.google.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tpc.googlesyndication.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.infosecurity-magazine.com
104.244.42.195
104.244.42.69
13.32.99.67
142.250.185.70
142.250.74.194
146.75.116.157
151.101.194.137
18.244.140.22
185.221.87.23
2001:4860:4802:32::36
2606:4700:4400::6812:2089
2606:4700::6810:5714
2606:4700::6812:82ec
2a00:1450:4001:803::2002
2a00:1450:4001:806::200e
2a00:1450:4001:808::2006
2a00:1450:4001:809::2004
2a00:1450:4001:811::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c0c::9b
2a02:26f0:3500:16::215:148b
2a02:26f0:480:3::210:ee8e
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
34.117.77.79
52.22.214.177
07ac84596d158248a60c2f747f609a508e6e2f1980a23f0608caee79a30291b7
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
09ddaf1d1202b5fc93ba151c407e0048b2dd605d8843679a5ec8e070e79a254b
0d907025f613848f5cc4734460fcfa67973b07ee888afb04cbea7be802ea7586
18d884e8a77b6671e05339f54d08deae7deea696359ee60bf818ce1ce5acc896
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2313b54b39efae512166499e8f9581f15c4d099580c913f14e022c6281c031e6
279b6c8b97bfb37476d6d075d1431d85a380ca36ebe6af4146844cfb135c21d6
294a8c22bf22c1757b6bc7e7fcce4a5e714ed5ff54de47d9ef99f4234f045c65
2a6230d0e7b43394bb523410283ce6346a8ca1770ce1000ebc47c46f2ebcc55e
2b0b0d8c93032ba3870fa708e3ded4177b5e73d8aaa70624ca7f1b83148770ed
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3b6c6519233b8ca2f850182f5d2fa21526c493eeb593525ec08a4f4198b249db
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4a338833f3bcad6e979f8800a8e728a77bf5cd9ffd28c5f98d371310e0da2848
4bc59d938c370352d3f6dba13a1894214ae7799cee0429916da77adebfcf73f0
4ca1e0e518aaf5d78abd4fc78268ac642cb679dbb56a905d2c57a296566a0bba
4e916eb59cd64cce6fc41e3355180f0284ae0edc2602686431e90f2e7f082652
4f8059cfd6739160b9073e937833a58c728a9791b380f27fcf2d047d76951155
530fbc39f85c0529d63fb512cf493ee06618a93ffe82195ae4471872bb099db8
53fc4495c7705b2373e2b73ec881c82dffb40cfbd744d8e5bd8ba7f5a018575b
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
556b62129d954b0d5b92c4f286ec0234774ac6d41353a3c84f8349fa94d88cf1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6249c20fc61d558d4f76e5cc313a522398b2159b07e4e738f39523c8c042aabe
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
65aa564dc18b0cfb594653e68cdbb82b20fbff59ce4894f0de483cc2387470a5
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
6bb2290fbbc2bcde7794fb024d865c32224c674c8692d39a309db83114768059
6bd5068ee3f41ad2ed4f003c13c4e939021c77f7a69ac82d25211c72868b520e
778f93243401b2fd6663834b51f4d3f32012d6ee11f40f6169af721331bd1682
7d472051cb5527ba5bee326e734963109bc52e0edc329a28b1479890708f5d7a
8140198b2275e5400f6d6770ae311bf981b166d7a07809b4f6f8fa996fdcdbb3
a45a4393f8b7ac978e32ac46f58dad43eb83811a4b3d9f7b79cac1f864edd662
a6082257fe9e807fd65d06b71d533e90481bce2e163e0f25b36ab36a552bc6fe
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
a8c12e465e0bcb94473e9b976211c4d42a49a024922896e5fa0953b8f9f6a88f
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b78d22857981449097f8c6afcc0159c0c67d071d3ba92ded2386d0e09aac17f7
bb20d24b99fd1eae4fd77c1e833ce0a4536189961ceb1114fd272ca31e8ebd82
be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7
c08e633b39381743b6e6bca9c5922e9aa9ba5f3044c29031b0076a47b4af1927
c3e5ede41b753a0a4790584be6a9f296f37243b9cb3129a6cb8ccbce2a1a8257
cbe5296bf61f4ee88ecab204fe1ec3a144660caa32b71d9744f01102286df62a
ccce220d05bbf8dbcb8a8a323a3bf2964cde2ddc1c27b6fc1f18e8f41df30661
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48f331851ce6730581c9d15ab56613baf3016827e786d76b2545b8654d22149
e661489507deca5599fe6e3b9543bb8d78ef9c95ace09f742114c87166867ce9
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ecde3c0d9f4721fd5bc3989d1e6103966b836786849f65ead031a1c758687ef0
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7a4701a775b68e58a0a259fc334f059fcc5fa00d5157c306bc008f4b1c6f2af
f7fbb92e03e044b3065bcf2c8e6ee284b8b8c0625c7ce7f33785bdda23a46606
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
fded88b84aecf0d550b1d26a85a971351a138a573dbd6bd88cb646de1e7ab42a