www.qudach.com Open in urlscan Pro
2606:4700:3035::6815:20f0 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Submission: On December 04 via api (December 4th 2021, 11:21:00 am UTC) from US — Scanned from DE

Summary HTTP 139 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 19 domains to perform 139 HTTP transactions. The main IP is 2606:4700:3035::6815:20f0, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.qudach.com.
TLS certificate: Issued by R3 on November 25th 2021. Valid for: 3 months.

This is the only time www.qudach.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2606:4700:303... 2606:4700:3035::6815:20f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	151.101.65.164 151.101.65.164	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
4 5	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
5	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	217.182.200.20 217.182.200.20	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
139	24

27 2606:4700:3035::6815:20f0 (United States)

ASN13335 (CLOUDFLARENET, US)

www.qudach.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.164 (United States)

ASN54113 (FASTLY, US)

static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.182.200.20 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm6.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	768 KB
27	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	188 KB
27	qudach.com www.qudach.com	264 KB
12	gstatic.com fonts.gstatic.com p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com	182 KB
7	google.com 4 redirects adservice.google.com www.google.com	2 KB
6	googletagservices.com www.googletagservices.com	219 KB
3	nyt.com static01.nyt.com	533 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	google.de adservice.google.de	914 B
2	google-analytics.com www.google-analytics.com	20 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	337 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	openx.net rtb.openx.net	352 B
1	quantserve.com cms.quantserve.com	463 B
1	googleadservices.com partner.googleadservices.com	643 B
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
139	19

	Domain	Requested by
32	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
27	www.qudach.com	www.qudach.com static.cloudflareinsights.com
22	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
17	pagead2.googlesyndication.com	www.qudach.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	www.googletagservices.com	googleads.g.doubleclick.net
5	cm.g.doubleclick.net	www.qudach.com googleads.g.doubleclick.net
5	www.google.com	4 redirects tpc.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
3	static01.nyt.com	www.qudach.com
2	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
2	image6.pubmatic.com	2 redirects
2	e.dlx.addthis.com	2 redirects
2	www.gstatic.com	googleads.g.doubleclick.net
2	p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.googleapis.com	www.qudach.com googleads.g.doubleclick.net
1	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
1	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
1	googlecm.hit.gemius.pl	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	static.cloudflareinsights.com	www.qudach.com
1	www.googletagmanager.com	www.qudach.com
139	27

This site contains links to these domains. Also see Links.

Domain
apps.qudach.com
jobs.qudach.com
facebook.com
twitter.com
api.whatsapp.com
vk.com
www.nytimes.com
www.reuters.com
techcrunch.com

Subject Issuer	Validity	Valid
*.qudach.com R3	`2021-11-25` - `2022-02-23`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-03` - `2022-04-06`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Frame ID: 32A97CC356898EC43F1770B95B59C2E1
Requests: 60 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211201/r20190131/zrt_lookup.html
Frame ID: 1D84220C68F3B5A397FE48E7DDA58413
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&adk=1812271804&adf=3025194257&lmt=1638616854&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854821&bpp=2&bdt=284&idt=121&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5072340414600&frm=20&pv=2&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=134
Frame ID: 5C0A17F1FEC08D90B82A62E17F1E4560
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141
Frame ID: 919057A5A894C6A29C3B4C0FACA4800A
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=2589133538&adf=320108023&pi=t.ma~as.3508289260&w=1112&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1112x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854825&bpp=1&bdt=289&idt=154&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=48&ady=1015&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=gjlBOqJ5H5&p=https%3A//www.qudach.com&dtd=157
Frame ID: 66B8A0F0BDEEEB67072DBA377B90DC57
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160
Frame ID: CA19B27F8904F023E8C44D8AD693B9D6
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=1262649813&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=161&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=588&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=TTLF3pZ3gQ&p=https%3A//www.qudach.com&dtd=163
Frame ID: B97E983066A3E5061FF8C55F8A4FA2A0
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168
Frame ID: 3455E123CD9073AB1B87D594902F8630
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&adk=2021101911&adf=3302722808&pi=t.aa~a.1736519672~rp.4&w=371&fwrn=4&fwrnh=100&lmt=1638616855&rafmt=1&to=qs&pwprc=3251190038&psa=0&format=371x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616855162&bpp=1&bdt=626&idt=1&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D698281874cad1c4c-22a883383ccc00ee%3AT%3D1638616855%3ART%3D1638616855%3AS%3DALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280%2C384x280&nras=2&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1203&ady=1625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=k90ThsQAj7&p=https%3A//www.qudach.com&dtd=10
Frame ID: 4A4DDC5966CEBA1951633F8D8E504807
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DB0BB652BF50C45056D1BFD9B1B2CC6F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CB9F7D2F0C765B7296D9EF2E3AC2B7DB
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C3CBE63507D4A681A43DB157B4ED69AF
Requests: 2 HTTP requests in this frame

Frame: https://p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 90F666719937B3102550CAC02223D636
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js
Frame ID: 062A46FBEAEADFC0F5C1ED600DF1EF4A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js
Frame ID: 180868157C464909774ED4E4F23DB070
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js
Frame ID: 5F91B105972BE87601F874235EFF1EEF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 020A7275B7EBF80642414107238D4748
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B176D7FB39D0F42C2C9E787840818A42
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js
Frame ID: 717CBE30DAD43231FCE02D46591CAADB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js
Frame ID: D1BD4176A9434E360DAAC60F1AD5B24E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js
Frame ID: EC6D8CA8B6ADC071C1B9ECC8B79DB81B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 35FB3324ECFA27860360B07580C9D5A8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 13DCCFC657F969EF4BECFE041FFB3B1A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Israeli Company’s Spyware Is Used to Target U.S. Embassy Employees in Africa - Qudach

Page Statistics

139
Requests

96 %
HTTPS

67 %
IPv6

19
Domains

27
Subdomains

24
IPs

4
Countries

2221 kB
Transfer

4214 kB
Size

26
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://apps.qudach.com/apps/dashboard/

Search URL Search Domain Scan URL

URL: https://jobs.qudach.com/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/mail/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/contacts/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/files/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/photos/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/tasks/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/calendar/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/passwords/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/apps/spreed/

Search URL Search Domain Scan URL

URL: https://apps.qudach.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Israeli%20Company%E2%80%99s%20Spyware%20Is%20Used%20to%20Target%20U.S.%20Embassy%20Employees%20in%20Africa&url=https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Search URL Search Domain Scan URL

URL: https://vk.com/share.php?url=https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&title=Israeli%20Company%E2%80%99s%20Spyware%20Is%20Used%20to%20Target%20U.S.%20Embassy%20Employees%20in%20Africa

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2021/11/03/business/nso-group-spyware-blacklist.html
Title: blacklisted a period ago

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2021/11/11/world/middleeast/israel-palestinian-nso-hacking.html
Title: sophisticated surveillance strategy

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2021/11/08/world/middleeast/nso-israel-palestinians-spyware.html
Title: bound to heighten the hostility with Israel

Search URL Search Domain Scan URL

URL: https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/
Title: Reuters reported

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2017/06/19/world/americas/mexico-spyware-anticrime.html
Title: an array of quality rights lawyers

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2021/11/03/business/nso-group-spyware-blacklist.html?searchResultPosition=1
Title: blacklisted

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html
Title: created a patch

Search URL Search Domain Scan URL

URL: https://techcrunch.com/2021/11/24/apple-nso-hacking-notify/
Title: According to nationalist reports,

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2021/12/03/us/politics/phone-hack-nso-group-israel-uganda.html
Title: Read Entire Article

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 106

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 108

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 121

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPL5QiK1TBH3g7CneEainyUFMK_26BEOpK6i3eg21FDGt6sdsPEuXropWRT1ON4F_MzFY5fnWP15vyeG8s_Dm5TsKMNlp7Va&google_gid=CAESEFFsmAslCZMrMeks3VfKGAs&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPL5QiK1TBH3g7CneEainyUFMK_26BEOpK6i3eg21FDGt6sdsPEuXropWRT1ON4F_MzFY5fnWP15vyeG8s_Dm5TsKMNlp7Va&google_gid=CAESEFFsmAslCZMrMeks3VfKGAs&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMDQxMTIwNTYwMDAxNjI4NDI2MTQzNA%3D%3D&google_push=AYg5qPL5QiK1TBH3g7CneEainyUFMK_26BEOpK6i3eg21FDGt6sdsPEuXropWRT1ON4F_MzFY5fnWP15vyeG8s_Dm5TsKMNlp7Va

Request Chain 123

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJzCo1WIqw9njQSpf_YSRgk&google_cver=1&google_push=AYg5qPKycNEUX7jUwd1IzKl7XWQ9uyBhU7HfXARgGyJgjyYIAjED5DkqCcIg8Ty_o_tuuvQjRBokOSN023vsK8SFV19rHVDeIkF4 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJzCo1WIqw9njQSpf_YSRgk&google_cver=1&google_push=AYg5qPKycNEUX7jUwd1IzKl7XWQ9uyBhU7HfXARgGyJgjyYIAjED5DkqCcIg8Ty_o_tuuvQjRBokOSN023vsK8SFV19rHVDeIkF4&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=hYuiM960RdmQdZVTTNhwPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKycNEUX7jUwd1IzKl7XWQ9uyBhU7HfXARgGyJgjyYIAjED5DkqCcIg8Ty_o_tuuvQjRBokOSN023vsK8SFV19rHVDeIkF4

Request Chain 124

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPTYSOY_O0bKBJ1SyCXBKvQ&google_cver=1&google_push=AYg5qPKLw72SnxeeJdsMeZCVMpP0HnrxbU-SChrToPxxXhN0TRB6qDsbK5pFlqOtRIKqbkexgaFzk8F3j3oOFpmgGGnSbTad2dFx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dSUTYyQUQtMi03UllQ&google_push=AYg5qPKLw72SnxeeJdsMeZCVMpP0HnrxbU-SChrToPxxXhN0TRB6qDsbK5pFlqOtRIKqbkexgaFzk8F3j3oOFpmgGGnSbTad2dFx

Request Chain 125

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI&google_cver=1&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI

Request Chain 126

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEF-Tw3z_K5sH7xeGHcFa2hA&google_cver=1&google_push=AYg5qPK3zkdfWqtDJiVnRoAJpvy-HE8ImDlbup-hrXI4B5indSm06npAylNNZuw0_sJS0r0UzGpDYypZsbYbtYbgUinnpfYXvruHoQ HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPK3zkdfWqtDJiVnRoAJpvy-HE8ImDlbup-hrXI4B5indSm06npAylNNZuw0_sJS0r0UzGpDYypZsbYbtYbgUinnpfYXvruHoQ&google_hm=

Request Chain 128

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

139 HTTP transactions
18 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html Show response
www.qudach.com/ 89 KB
28 KB 1054ms
1013ms Document
text/html 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.16
Resource Hash: 324f6d6790fc3aeae89be8998692fbb6c262fe63834f67420bcca257aea0dc92

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-type: text/html;charset=UTF-8
x-powered-by: PHP/7.4.16
cache-control: private,max-age=0
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=352qT56Gc6MfxMUNMNU69ZpFCGGZ16QyZo1BIrQkIUZovY5SERPIynItk2%2Fuu%2FP0VlVtKOmjODG%2FQ0Wk10j4HJd4NTx4KCk%2BHDsYYHqF2uqWpM45oQkpzL%2FZw4kL6Ob7HmS6N7XAA7pEV3ukRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b84a5e68b765c80-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 styles.css
www.qudach.com/site/themes/default/assets/css/ 159 KB
27 KB 19ms
18ms Stylesheet
text/css 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/themes/default/assets/css/styles.css?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 767dde1c4ba69b4408db8220339194c7a23d910653925baefc4ab4fc6704bfe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 742246
cf-polished: origSize=213288
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 11 Sep 2021 20:20:41 GMT
server: cloudflare
etag: W/"34128-5cbbdf7405840-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iN%2FL5kTd84p5f5oCYSDosVcqB9K3GLJ5kCDDylhL83Et670aWreEyzJZ2%2F8OWhoMYfMn9%2BpMDft%2FB9MBcFGWCz18Z8M3EYYBIURjk02h7IPmiSb9%2FfjJb5HT8f4rZ4CEeORQCyibLCPAze3r0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 6b84a5ecf9f55c80-FRA
expires: Thu, 02 Dec 2021 21:10:08 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
914 B 40ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=DM+Sans:400,500&display=swap&v=1.0.5

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

79bdef6bf54624bd1aa5405d78544f96c5d3e1e2fb610748e3e521f1d8aa4231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 11:20:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Dec 2021 11:20:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Dec 2021 11:20:54 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 66ms
31ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-203701614-1

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2ab09df309c25340424b9ba5e33f06de106b8bf1a441a2b0777b565d0edc4413

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36168
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Dec 2021 11:20:54 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 70ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a70c62060f63abcadb8fdd799e7eab903d6b18ae8c783cccc8c82c0450b4083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51232
x-xss-protection: 0
server: cafe
etag: 11905104200827002173
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Dec 2021 11:20:54 GMT

GET
H3 200 logo.png
www.qudach.com/site/assets/img/US/ 9 KB
10 KB 33ms
29ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/assets/img/US/logo.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ac9f99c170b5c85219aeb92b0f9fccf92c4ed71492226b947c7b401f4002b51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 11 Sep 2021 13:16:32 GMT
server: cloudflare
age: 695800
etag: W/"2464-5cbb80a5f6c00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZpcCx0kkNL%2FrbCWHnPvGgigNu%2FPTY6ruZX7cMCzlEB77JMS6IC0cYi3xnmCrwSPmAFLL1MudFWlBmpI%2Fh%2BzOFcKXHAEfGpm0%2BXSlH7jwnuFUxG0TOcMSgz3Z5Lf%2FwKGqxSVKsxE%2BHp29eCpMrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4df2701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:14 GMT

GET
H3 200 everything.png
www.qudach.com/site/assets/img/ 398 B
1 KB 31ms
27ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/assets/img/everything.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e80cecde94e949338b581c600baded9fb2e1399f18e47aa2cd7ed9fd6317232

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:47:24 GMT
server: cloudflare
age: 695799
etag: W/"18e-5c86d40943b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YvnHVRohU12pTNnvpzzrXHjogkGMnngkWxrJ5y3G0eBC5UBe6Ulv539eDDlKWAGRUJdbUAVNtTJJLHjvmAR%2BxJxc6v97bCpa6RFoizi%2F29LWmh8dEWWPT9Cej4GjeoOm4XaSjtDkNBfQQSZuZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4df4701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-delivery-13-48.png
www.qudach.com/site/uploads/2019/Oct/04/ 16 KB
17 KB 31ms
27ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-delivery-13-48.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef88f528a5d1c110782f7d8cfbaa2acb6311adebc512bac7a2ed4243ff6918d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:14 GMT
server: cloudflare
age: 695799
etag: W/"41e3-5c86d4ab63980-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zs%2F1EMKJ4AAcTmQG36NWWu7NhRvlmbTWgWPiyusMePSgjDi2gbF%2FySjP1p3ONXeiHhGsZ%2FrrskVs7CzpF9ud9a0Ix7bcpaDleMEt6Awlh77Zp455neOko5kLTGFo5HxtqxSOHwrHvtiZEBpovQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4df6701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-building-35-48.png
www.qudach.com/site/uploads/2019/Oct/04/ 15 KB
16 KB 32ms
28ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-building-35-48.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77340e30ad686a7d5595890622e9c5d1718eda26fd0deeceda1bf751ba2f78d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:12 GMT
server: cloudflare
age: 695799
etag: W/"3c44-5c86d4a97b500-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2B5t3qUbPPaUUDrhaI4gkiFg1KvWtWp%2F5veXDNU%2BWyiPviZ9lu9warT0UBrf%2BRED%2BxtOt35RdEzDB02rVtnKI8gSgWNgf9ZxONgm93503sLGZkgY%2BD3oABD4LLdkcV4inOGS4aUQXlXo6JJkMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4df7701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-map-8-48.png
www.qudach.com/site/uploads/2019/Oct/04/ 16 KB
17 KB 36ms
32ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-map-8-48.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5cc18efea85afe3c48d25cb1fb87e19bcecd962e585eeb23512cca4abf566fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:16 GMT
server: cloudflare
age: 695799
etag: W/"403e-5c86d4ad4be00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5oQtybV06d%2BxtwX171ryQ5k3AmB63fMWAyvy0bveNSewbZq1eGQUbdQNHI%2BigmLYOQV4LdgueV2CesZm6rr%2BIkTWQ0e4TwJOJz9BDwMUhrKaely8VHjMWekrwSLd8TCMVMalZaN4erWlCYNHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4dfb701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-chart-6-48.png
www.qudach.com/site/uploads/2019/Oct/04/ 15 KB
16 KB 36ms
33ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-chart-6-48.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1ca39caeffc18432d3459844918984e6b34300c4d2ea73ed5bf808da09d330a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:14 GMT
server: cloudflare
age: 695799
etag: W/"3d03-5c86d4ab63980-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mp60AF4Rpr%2BcU7csVvvy3%2B8b9QymASAJK4DnUsJn9k%2FU2puHlZX7Xot5fjnPs9I4VBczwF3bVyjsE72qAlvF6ChNuXRJfJ4aELZnd63c%2BhLiM57kIKMbwP2oTRIBxgjfnD7R2%2B5lUoy%2B2KJ76Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4dfc701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-soccer-1-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 2 KB
2 KB 37ms
33ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-soccer-1-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c3ba340099e1d408fe652e4c81f2da87378d321912c6455c7052e81e185b1ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:18 GMT
server: cloudflare
age: 695799
etag: W/"60a-5c86d4af34280-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9t05IklXCC0mf9jPCYtbFEvZgXtn6Ex4Vd94D2YZs4%2BJtBVVyfnZRHTO5NN%2FV1u2rx38ZSjpsRhVWDAjtC5TR8pIAaytMBGvIBoN8EnqCxsm66Xjt%2Ftecy2ckqRTGCD985ZYaAkUlN0nWKX5oA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e00701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-party-15-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 1 KB
2 KB 38ms
34ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-party-15-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 166fbbbfbb81e0b2aa1829dd5190caf1c1d5e3770ab0d82e8d420df4cfa6abe4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:16 GMT
server: cloudflare
age: 695799
etag: W/"466-5c86d4ad4be00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLPFzJrRgd%2BpNYgTt5j12Jf6kfhz8kEMJ7yX%2FTM38DgpKDfyLEh4ZOSIUPWSx4O3ka4RFEUJQIuZfl6jjCqGPDdbdR2VN%2BZft9NPIQ%2F3Q4I27uvgBIsycNhcDGsMXvCzsSAJF65TZYwyB6scaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e02701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-glasses-13-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 837 B
1 KB 38ms
35ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-glasses-13-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51a3384f28655d54ee3c773771d4efd67201819623e29f505838229182e006cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:14 GMT
server: cloudflare
age: 695799
etag: W/"345-5c86d4ab63980-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgzSiLR4cwaFeF6MEskoPRABNbB82p4Pyr%2BmhE7cjFmQoh93QQKny4QXsUbZe%2F1O%2Bu4sGINB2QUAIJ2dH3t%2FG71O1RptpkP1MVLzOL26iCr9sdbL2y%2FwvRSUX8Z1Lff%2BMOhea9A5RRFTc%2BsZqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e06701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-battery-10-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 412 B
1 KB 38ms
35ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-battery-10-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f2c144f45a057c6f944b1a0d58de8eeb55032e20b6a89a6803f7b813ebfa245

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:12 GMT
server: cloudflare
age: 695799
etag: W/"19c-5c86d4a97b500-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Igl8XYeMMqmuZH4kJkaebW%2B248EASfkMb6TaXA6vAtelsHGyFRRFhBoB0YZoJGHa6PfganbRfeOUWTPN9yDk20nzsO4DTImhFkmr9u87frHRPD1EC4VphHX%2BxF1C39v9j4puq%2FS9vqkRGIC9aA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e08701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 automobile.png
www.qudach.com/site/uploads/2021/Nov/24/ 639 B
1 KB 38ms
35ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2021/Nov/24/automobile.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd0cfc43cf7f4dc5d9c0d765c43c9218c741ecb351a1a8791a0c247d48f09ec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Wed, 24 Nov 2021 07:59:42 GMT
server: cloudflare
age: 695799
etag: W/"27f-5d1843d8b9780-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ml0V6PBPo0aoTtecPpPi7rO41yUN2b8crFngGVo5EExzFPNPIX69B%2B4NIWwDV6uDF%2F57302Wu5CI%2FnlmO7Jl7p%2BgDqJBTUfe1nYWo%2FBGDSrrHRdsVP11nyhYk3u7KWNwrE6JXYmYxpnvRiJ5bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e10701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-school-18-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 2 KB
3 KB 39ms
36ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-school-18-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a616ecab96a7e000215ea42344c7ddea35402e9ab3253d55f2ebc6de45e4ad54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:18 GMT
server: cloudflare
age: 695799
etag: W/"78a-5c86d4af34280-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTPbvbIXV030ax8GTzSMgxNJFo9YMA7r2G0TgUofOjLP7bIR4yfViR5CPgVYxoUlPMsDP3ZT%2B%2BB01IW%2FjqYSQ2%2BuHMy0NMxX3vupUeqYxPD3xIpkgp7P38gRGDXnLCao2lIo2%2FIQZjWgLJ8Ysg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e11701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-medical-6-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 1012 B
2 KB 39ms
36ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-medical-6-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 851596196e9ac893121cdc4543df454c98e019b7d87ff25c6854d0cd800245cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:16 GMT
server: cloudflare
age: 695798
etag: W/"3f4-5c86d4ad4be00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wl%2BvLCQrOe0j%2BNBkVJyp%2BUgKqvqH825vBUXH1bwpEJggTV3s3Z%2Bck7K5%2B3x%2Fk%2BsSFyvXCMqaS29mbU7PkQJvIAzQSvwfkkafJD4uOv9fQitlXXmnBM54ziWsfvmLoNqxiw15WI3ZvH4DD3F4Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e13701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:15 GMT

GET
H3 200 iconmonstr-book-17-32.png
www.qudach.com/site/uploads/2019/Oct/04/ 671 B
1 KB 39ms
36ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2019/Oct/04/iconmonstr-book-17-32.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11c73cd1795cbb74af317b1c63dc9ffd0bac19fd766d10dfa6ee78277391901c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Sat, 31 Jul 2021 15:50:12 GMT
server: cloudflare
age: 695798
etag: W/"29f-5c86d4a97b500-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2Bl4lKCvqWBD%2BET9F%2BBlY%2BAiZNbXLlYYbb95uTlAyYMIXvN6L26qvALwngsX%2Fuuc1cV7FyxwKfPqeiZfvZu15oMz%2BZM0rg9SBYz0Umva2NQAVvXS9QHxHQcNPVvq45Wlcgv2SIQ9wF9CFiOHbw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e14701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:04:16 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 53ms
27ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4282713857336023

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37f62ef8693878e02f8d3910e2d7b3e4c55ce99d4eca6426562c1bc838167456

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.qudach.com/
Origin: https://www.qudach.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51922
x-xss-protection: 0
server: cafe
etag: 16820177176561863112
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Dec 2021 11:20:54 GMT

GET
H2 200 NYT_logo_rss_250x40.png
static01.nyt.com/images/misc/ 3 KB
3 KB 51ms
7ms Image
image/png 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/misc/NYT_logo_rss_250x40.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: adc0243f7a45a023b613786a76b2578c45300334625d013e9353ac036e3a374b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 561651
x-amz-meta-goog-reserved-file-mtime: 1308237006
x-guploader-uploadid: ADPycdseW85UcS9V66HpA4ePNYDOtcjTHXq5s-kQUWyMne5W4sTxKfLT6E3OiYQHu9WhihNQIH-q_iXSKWz_TfodyI0
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
content-length: 2702
x-served-by: cache-bwi5133-BWI, cache-fra19160-FRA
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
last-modified: Fri, 26 Jan 2018 19:17:27 GMT
server: UploadServer
x-timer: S1638616855.648516,VS0,VE0
etag: "adfe288bd417513851bf79389249d5ce"
vary: Origin
x-goog-hash: crc32c=VVz4tA==, md5=rf4oi9QXUThRv3k4kknVzg==
content-type: image/png
access-control-allow-origin: *
expires: Sat, 20 Nov 2021 23:20:02 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 3

GET
H2 200 merlin_197270709_23c129c1-e583-49ec-ac93-9018ec94ff90-superJumbo.jpg
static01.nyt.com/images/2021/12/03/us/politics/03dc-hack/ 389 KB
390 KB 61ms
17ms Image
image/webp 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2021/12/03/us/politics/03dc-hack/merlin_197270709_23c129c1-e583-49ec-ac93-9018ec94ff90-superJumbo.jpg?quality=75&auto=webp
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: a75c75179d9dbec0883fbe6a9310f5e1dd6bf73247de9fc62b7840596183e68c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 38517
x-guploader-uploadid: ADPycduaCstZUL1qIKKRfSLKawnN3K_FPrdEGSxPDk0kYN-YlNiT54OQJ_dmx8fcvq9htn3a_Eg0MOMI24fo81taP6w
x-cache: HIT, HIT
fastly-io-info: ifsz=761905 idim=2048x1536 ifmt=jpeg ofsz=398706 odim=2048x1536 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
fastly-stats: io=1
content-length: 398706
x-served-by: cache-bwi5168-BWI, cache-fra19160-FRA
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
server: UploadServer
x-timer: S1638616855.648662,VS0,VE1
etag: "Uw6T32d2veOcjWQvoj1jzbVZ7MqyIXDTOfmQQ0y4Ehg"
vary: Accept
x-goog-hash: crc32c=mw5lvQ==, md5=uBLhvI7xF9Tp50l0JUJ7lA==
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 04 Dec 2021 00:38:57 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H3 200 huffpost.jpg
www.qudach.com/site/uploads/2021/Aug/03/ 30 KB
30 KB 39ms
36ms Image
image/jpeg 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2021/Aug/03/huffpost.jpg
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94b00e5de4b6e85cd7baa3385a9d84b6e71533cc1433be5d09389517b71fbe59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Mon, 02 Aug 2021 18:16:56 GMT
server: cloudflare
age: 692616
etag: W/"7692-5c8979308d600-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xk39a13jcNuL0Dx2S%2BV%2FNzvDAk6QOrK8aiLK1T0XnMk9zM2nbBiKixjPhUiABV%2F8RvblWeBAxLWLdQdoewf7BCmGUhBd4Rof0p2%2BaWcZz5uNNncD2WrGizEFf2oyBnKDv%2Fk1mvU36JiwpTxgRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e15701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 26 Dec 2021 10:57:18 GMT

GET
H3 200 Reuters.png
www.qudach.com/site/uploads/2021/Sep/23/ 8 KB
8 KB 42ms
40ms Image
image/png 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/site/uploads/2021/Sep/23/Reuters.png
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f4230a7e8ce515ae80261cc9e3ab2938ec725377085647eaa264e8c9833029f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Sep 2021 10:16:25 GMT
server: cloudflare
age: 645567
etag: W/"1e0f-5cca6ec523040-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZmaTnqHQ97je2h4GsXDDzyEtMnG5JDpgqk%2BGLrzT3qrpg36peKDqcVSzY3QlmEDIg9txhxTfQNxWjRel2oeDdNClWfA6soaDusYomxwDDmt7t14FmHwt3IfgAcpo7mSRfUO4KwJPNWEwDPjlg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b84a5ed4e17701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 27 Dec 2021 00:01:27 GMT

GET
H3 200 jquery-3.3.1.min.js Show response
www.qudach.com/site/assets/js/ 85 KB
31 KB 19ms
19ms Script
application/javascript 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/assets/js/jquery-3.3.1.min.js?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 695800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 31 Jul 2021 15:47:38 GMT
server: cloudflare
etag: W/"1538f-5c86d4169da80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQAR%2FpXL9gnE95Nkh%2BLlIoA7%2FKGtIrxEYvuma7I4hH8IYZXnyh1DXEJn7746XmExxL3XZ6uM7TwJHFMfLQe0JtGo8fIor1YCEq8W8%2F5QqO6OVthEEnhPwyoNv4NPqb5pf4tpMW6rVLdLdtnXCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 6b84a5ed2d68701c-FRA
expires: Fri, 03 Dec 2021 10:04:14 GMT

GET
H3 200 bootstrap.bundle.min.js Show response
www.qudach.com/site/themes/default/assets/js/ 77 KB
23 KB 23ms
23ms Script
application/javascript 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/themes/default/assets/js/bootstrap.bundle.min.js?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88cec8f3de1ea9c2c8f2525cb3aceb4585427522ef3062795c59bf48ffc5037b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 695800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 31 Jul 2021 15:49:34 GMT
server: cloudflare
etag: W/"1332c-5c86d4853df80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nhT2Z8iEFW%2FlM415qVpGM4aHsf4Lkpe701tsnjgj1txVu4WTEg53kZcN%2FhCqTF43SzlTvXUfuZv0%2BTC%2F02uh%2FUbET74n2HD9VeHki86Qc4lrIdAuFxqSZF7hDMrurUD1DYT261vbDQkYrc2cPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 6b84a5ed3dbf701c-FRA
expires: Fri, 03 Dec 2021 10:04:14 GMT

GET
H3 200 theme.js Show response
www.qudach.com/site/themes/default/assets/js/ 2 KB
1 KB 24ms
22ms Script
application/javascript 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/themes/default/assets/js/theme.js?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a3a32981aaffc5eee6e7b4363b2874b3731b834a684bcf2b5c46c1c37be34d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 742246
cf-polished: origSize=2937
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 31 Jul 2021 15:49:38 GMT
server: cloudflare
etag: W/"b79-5c86d4890e880-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2FPBfhxWVP8I7cBLDboud2MbPCox7m%2BN%2B49SHVIsMvPsp2Zeq3oGMyAANkkNE500ZUGJVxNqJfrwzQgFZUGO6GkK0t8JrT%2Fx%2BJVrzCC1V3gms6IsczVWipBnErKUdOJJe1wfZf5NfdIT3WZRVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 6b84a5ed4dd0701c-FRA
expires: Thu, 02 Dec 2021 21:10:08 GMT

GET
H3 200 jquery.auto-complete.min.js Show response
www.qudach.com/site/themes/default/assets/js/ 4 KB
2 KB 30ms
27ms Script
application/javascript 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/themes/default/assets/js/jquery.auto-complete.min.js?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cece1097f127c3259563e9936c64b658830b75f606b503a191e52d39ac0a6556

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 695800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 31 Jul 2021 15:49:36 GMT
server: cloudflare
etag: W/"f55-5c86d48726400-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=14%2BRJyenCMwdJrKO73UuWLMiKETKOmfJOQ%2B7JO8mBQxaqlIJMSIuVY9mIRGw5RjlWGt%2B7xrmerTwOD%2FyRHUIm3M%2B%2Fys4seoTSdlUujsvN%2FqofCUjjd6KdrDYjILN9QuSBgIXaWxlVNhosNSesw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 6b84a5ed4deb701c-FRA
expires: Fri, 03 Dec 2021 10:04:14 GMT

GET
H3 200 jquery.sticky-sidebar.min.js Show response
www.qudach.com/site/themes/default/assets/js/ 10 KB
4 KB 24ms
20ms Script
application/javascript 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/themes/default/assets/js/jquery.sticky-sidebar.min.js?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2890adb9bd41a5801dbd2ba5a6d904c9f804e828d1b53f6c3d008f8eef1d868

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 695800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 31 Jul 2021 15:49:36 GMT
server: cloudflare
etag: W/"298c-5c86d48726400-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0z%2BM74gd6yfufao4ADGY51YqBgThf0psMMgz5swks%2BlF9NcifWDNWYqPwOsNEjPZEin8FcZk1wtFXz5xnMi00ZQqiCIRVN%2BEOw97bTp0uzhZPgNjGPTrR1xqbpi4ItuNf0WVGslvht%2FpRgMczQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 6b84a5ed4dee701c-FRA
expires: Fri, 03 Dec 2021 10:04:14 GMT

GET
H3 200 jquery.unveil.min.js Show response
www.qudach.com/site/themes/default/assets/js/ 661 B
1019 B 31ms
27ms Script
application/javascript 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.qudach.com/site/themes/default/assets/js/jquery.unveil.min.js?v=1.0.5
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 465f3a7af8b8519bb793bb3b515751ec06f6e724f4b9061729b67af05aa16fe0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 695800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 31 Jul 2021 15:49:36 GMT
server: cloudflare
etag: W/"295-5c86d48726400-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76j2Uav6td6wN3Oh5Vi8fI3XB6yAkWqKTnWTT5AXluG9XylMVF%2BlqovIIMyc0%2BjbzUG%2Fqd%2FJk2IYLz%2FdqoeBw4Fhb%2Bmc6D0Db7lNo%2F3dfLBemw4vrjfKzLLiMv19CrRdUF1HislXssZKAw7dRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 6b84a5ed4df0701c-FRA
expires: Fri, 03 Dec 2021 10:04:14 GMT

GET
H2 200 v64f9daad31f64f81be21cbef6184a5e31634941392597 Show response
static.cloudflareinsights.com/beacon.min.js/ 13 KB
5 KB 105ms
62ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer: https://www.qudach.com/
Origin: https://www.qudach.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.10.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6b84a5ed89f06949-FRA

GET
DATA 200
OK truncated
/ 164 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 606b96d33d081306c5bd269573d45959bbe0253b661e368b694dc6999655401b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 363 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17f0d815061a330cfcde41461340efd9ba7e4bc4b2000be65b5a5ce056ca8631

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f7a74b2ee8d20463675e1a8d62796a366b0987f1ccb63522726286e621c45e0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0840e4e29129ab86cab48b8d00f170407504a087c34a8b28e77ae3ea0e7afcc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 636 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 670591570ae55174ffbd62e283be10dfb84ba7a72cddb0ed1550593ad0e7d350

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 243 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d55419e228ae290f55da015f0f85f1688969f09bf2c6323082cba90f94cf76f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 842 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5d61689fed57c6399922d3d7397ca3a84eaf27215ac4dd5ddc7abf9246848ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 894 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab84191c2539a79688fabd97e98dbb0390ebaeccee528eeac61178c806960d5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 393a83f90f8d1ec9f96356fa0cb3d8509af3d564b6145f0386f9e7b18c672d63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 825 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91481c7913fdda095a6b3ee46de1732291452e704e0fcfdf8c61dbd038b906c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 563 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba5814cda001a4edf2bb8217e9e93f83ba48e5d0eb2cca4784796df95f3c04c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v6/ 18 KB
18 KB 34ms
3ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v6/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Sans:400,500&display=swap&v=1.0.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

951a3b8ec1c6a0ae2767a3bb90ba6995397c5d13bd7ff79ea0bc87529b8024ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.qudach.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 20:10:40 GMT
x-content-type-options: nosniff
age: 227414
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18076
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:00:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 20:10:40 GMT

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad2845cf9db3c8b7897d293e61f0f7334c782b34f997a26c519151121d9da562

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 03dc-hack-facebookJumbo.jpg
static01.nyt.com/images/2021/12/03/us/politics/03dc-hack/ 139 KB
140 KB 19ms
8ms Image
image/jpeg 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static01.nyt.com/images/2021/12/03/us/politics/03dc-hack/03dc-hack-facebookJumbo.jpg
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 409048ab6bf8c53e0c2253b01d7af608c0a81f68e238676796c526c6b53a54a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 38532
x-guploader-uploadid: ADPycds9YgQQA2R6wTZjn7g0imqeX7w2qjB2DNs6ooFWp3yE_KkLXGce6p9NDKV3q8rpXHeyif7WL8eS_1azGVygw3Q
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
content-length: 142618
x-served-by: cache-bwi5127-BWI, cache-fra19160-FRA
x-nyt-gcs-bucket: cms-gke-prd-publish-images-storage
last-modified: Sat, 04 Dec 2021 00:38:36 GMT
server: UploadServer
x-timer: S1638616855.648812,VS0,VE1
etag: "e17bbe66a9b17e14046a34ae242f599d"
vary: Origin
x-goog-hash: crc32c=y3g7AQ==, md5=4Xu+ZqmxfhQEajSuJC9ZnQ==
content-type: image/jpeg
access-control-allow-origin: *
expires: Sat, 04 Dec 2021 00:38:42 GMT
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 rP2Cp2ywxg089UriAWCrCBimCw.woff2
fonts.gstatic.com/s/dmsans/v6/ 18 KB
18 KB 11ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v6/rP2Cp2ywxg089UriAWCrCBimCw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Sans:400,500&display=swap&v=1.0.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3411c961b332008c61452f483ada3da4cd0fd06cc264c7f2facfb01bc4b1d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.qudach.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 20:14:41 GMT
x-content-type-options: nosniff
age: 227173
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18296
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:00:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 20:14:41 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111170101/ 272 KB
98 KB 60ms
44ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4282713857336023&plah=www.qudach.com&bust=31063835

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7009f04f5e5a747c862f9052fa450e2d07e7146f4d7c5306db6aedff7d4cc605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100174
x-xss-protection: 0
server: cafe
etag: 6138959726235216399
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Dec 2021 11:20:54 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211201/r20190131/ Frame 1D84 11 KB
5 KB 60ms
21ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211201/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16923f9fcc118f6870a574a73697c19eb79210b2ce401e5e1b92a2a5fcda080a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Dec 2021 21:22:37 GMT
expires: Fri, 17 Dec 2021 21:22:37 GMT
content-type: text/html; charset=UTF-8
etag: 6406113418471942685
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4879
x-xss-protection: 0
age: 50297
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 250x140
www.qudach.com/thumb/211683/ 8 KB
9 KB 145ms
144ms Image
image/webp 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/thumb/211683/250x140
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.16
Resource Hash: 8999c33fbd24a03af5e1c8ccf9b9ebfed7e2a346b27ca90b1b26259baeba77cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:55 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 03 Dec 2021 15:28:54 GMT
server: cloudflare
x-powered-by: PHP/7.4.16
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUwivNIUlzlZxVg1GtLkj%2BLML4mGfP6xEpgBuIMWGRfcesaJoZSlbC1tdCuFO31kXgfJZhVyGK44n1OhD%2BJzC1ue2%2BmzyaPJTyO%2Fhe70YQjU1KPEky9buknh2sUV9pqh3Kubz3unZrZjNjxsbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=604800, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="211683-250.webp"
cf-ray: 6b84a5eeeac5701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 11 Dec 2021 11:20:54 GMT

GET
H3 200 250x140
www.qudach.com/thumb/211578/ 9 KB
10 KB 140ms
140ms Image
image/webp 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.qudach.com/thumb/211578/250x140
Requested by: Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.16
Resource Hash: fc0fd14a939f79b7f287e4688f62fa264f3bae2579e14a3e8c4c33387818a3d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:54 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 03 Dec 2021 14:28:59 GMT
server: cloudflare
x-powered-by: PHP/7.4.16
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7jxU1KtE8nWCwyrdAJv%2BbOU6%2BuT5QffD5EFT8Y14Xx50UgiJZVtSIBmivEHyRne3PFZwHXcYvnlRbPe4JXlkpnjc4fT5vLUvuGtkWmPSNgxysCNJMdo%2BdAqmCPPoLcEnfGrS4o8ujsLNxvkvjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=604800, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="211578-250.webp"
cf-ray: 6b84a5eeeac8701c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 11 Dec 2021 11:20:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-203701614-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1187
date: Sat, 04 Dec 2021 11:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 04 Dec 2021 13:01:07 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 214 B
643 B 67ms
15ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.qudach.com&callback=_gfp_s_&client=ca-pub-4282713857336023

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4282713857336023&plah=www.qudach.com&bust=31063835

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

a798639d7c9086ecefc74cec52f8d259bd73b8cf1e871894c19d24c59e8a7f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 40ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.qudach.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
18ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.qudach.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 11:20:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5C0A 30 KB
5 KB 172ms
155ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&adk=1812271804&adf=3025194257&lmt=1638616854&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854821&bpp=2&bdt=284&idt=121&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5072340414600&frm=20&pv=2&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=134

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4552b33c74fe552dc4c6934ac4c42d8f3e4ff44266c38de46b14aa9f54c22437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:55 GMT
server: cafe
content-length: 5482
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:55 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9190 83 KB
29 KB 743ms
735ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc1c82b4c10ec83401c439337d78e58a8001cd6350998dc2900ba72eb4fdfa24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:55 GMT
server: cafe
content-length: 29972
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:55 GMT
cache-control: private

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 30ms
14ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=36665001&t=pageview&_s=1&dl=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&ul=en-us&de=UTF-8&dt=Israeli%20Company%E2%80%99s%20Spyware%20Is%20Used%20to%20Target%20U.S.%20Embassy%20Employees%20in%20Africa%20-%20Qudach&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=529795947&gjid=1994576815&cid=387954040.1638616855&tid=UA-203701614-1&_gid=1065727168.1638616855&_r=1&gtm=2ouc10&z=1395437195

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.qudach.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.qudach.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66B8 83 KB
29 KB 670ms
670ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=2589133538&adf=320108023&pi=t.ma~as.3508289260&w=1112&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1112x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854825&bpp=1&bdt=289&idt=154&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=48&ady=1015&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=gjlBOqJ5H5&p=https%3A//www.qudach.com&dtd=157

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6427e45b4f9f900bb66eae08ace0eeb3b60fda38ee940426b799c0d1dc3b34c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:55 GMT
server: cafe
content-length: 30151
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:55 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CA19 88 KB
30 KB 774ms
774ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec1639109547554eadcc3bb66bad01bd8b1cf079bdb7b16262050d38cbdc4ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:55 GMT
server: cafe
content-length: 30777
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:55 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B97E 71 KB
27 KB 727ms
727ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=1262649813&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=161&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=588&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=TTLF3pZ3gQ&p=https%3A//www.qudach.com&dtd=163

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e94ad217ce6b1f780f906cb6caf804196acee0ea9d85016db975b8abe5963071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:55 GMT
server: cafe
content-length: 27824
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:55 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3455 96 KB
30 KB 1469ms
1468ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc85e9b9de1299eb04ba6bb96bcbb75971f82ecbfffd22541b34660c4dbc9d27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 31123
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 34ms
18ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.qudach.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 33ms
18ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.qudach.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4A4D 75 KB
29 KB 1001ms
1001ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&adk=2021101911&adf=3302722808&pi=t.aa~a.1736519672~rp.4&w=371&fwrn=4&fwrnh=100&lmt=1638616855&rafmt=1&to=qs&pwprc=3251190038&psa=0&format=371x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616855162&bpp=1&bdt=626&idt=1&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D698281874cad1c4c-22a883383ccc00ee%3AT%3D1638616855%3ART%3D1638616855%3AS%3DALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280%2C384x280&nras=2&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1203&ady=1625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=k90ThsQAj7&p=https%3A//www.qudach.com&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41bf0407f003ba093ecb26bb725507175c5d9906d899826afc0799f9a8bd0be3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 29960
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private

GET
H2 200 160551244794291671
tpc.googlesyndication.com/daca_images/simgad/ Frame 66B8 138 KB
138 KB 35ms
12ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/160551244794291671

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=2589133538&adf=320108023&pi=t.ma~as.3508289260&w=1112&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1112x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854825&bpp=1&bdt=289&idt=154&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=48&ady=1015&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=gjlBOqJ5H5&p=https%3A//www.qudach.com&dtd=157

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1597fa8b467fe5fc852c0d451b664650ac85788066bcdbb61827d29af7819e06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:01:34 GMT
x-content-type-options: nosniff
age: 346761
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140841
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 05:41:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Nov 2022 11:01:34 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/ Frame 66B8 19 KB
8 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0
server: cafe
etag: 2255741555227857113
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:16:01 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 66B8 2 KB
1 KB 30ms
11ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:20:16 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66B8 0
0 48ms
48ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C3mGkF0-rYaCsBMuNsALUvafQCrPl28FmlaT9s-kOv-EeEAEgpoPdigFglYKAgKwHoAHQqLu6AsgBAqgDAcgDyQSqBNYCT9AwZecIbfFLDOYnwYyO3uPWWrXm4-VqlKY3_WeW4LyiseOvuz7y-bFbAOmHrd1La1_-a99Z69QGXUVpOkGFv4YO62pSUXGU6tRY71MvTPGBEidjOtvWZHm6WKv5ABWIOOjcTOdu9CIgc-Ds51dzYH9ok9EwJvPp7GuC19ExgDXJKF5wMMzue2vkmE5AANcS__rT9YPLEAcuCVRpMma_9o86g5-mh_yhE3eEZXLhQiWLlYOCpSl08W509TRubLj280wslYA09-f1v5nZP-LAwRQNS3wT5SBLLSSj8Q9hEEnLFiNxLb3K9GfNkiKbym40tCn8L7GyXCXT-Ugag3wRWck57PRy1uKLO9WG7qRulgKd1PRGhAEoNRLGH-SQaPIhextIlgC8RxaTNmpuiMm42iMjtMBOokru60TE36UzqtF5AgDOv0ihqtWUfpsaAI8HUq8QtU5KwATgofeG4wOSBQQIBBgBkgUECAUYBKAGAoAHvbqLzwGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDF6QzSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNDI4MjcxMzg1NzMzNjAyMxgA&sigh=dKFc_TQ7QI8&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=2589133538&adf=320108023&pi=t.ma~as.3508289260&w=1112&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1112x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854825&bpp=1&bdt=289&idt=154&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=48&ady=1015&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=gjlBOqJ5H5&p=https%3A//www.qudach.com&dtd=157
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Dec 2021 11:20:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 04 Dec 2021 11:20:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 66B8 119 KB
37 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Dec 2021 11:20:55 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 66B8 15 KB
6 KB 26ms
8ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 868
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6446
x-xss-protection: 0
server: cafe
etag: 5472324691301332805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:06:27 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 66B8 27 KB
11 KB 29ms
11ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11652e7b04cdcc9c0bc7948055c05aaf8f7c066e6059d52f9b186c55368cb9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 10:25:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11392
x-xss-protection: 0
server: cafe
etag: 7769099329773015066
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 10:25:32 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DB0B 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=2589133538&adf=320108023&pi=t.ma~as.3508289260&w=1112&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1112x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854825&bpp=1&bdt=289&idt=154&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=48&ady=1015&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=gjlBOqJ5H5&p=https%3A//www.qudach.com&dtd=157

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Dec 2021 10:58:32 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4136825444951894073
tpc.googlesyndication.com/daca_images/simgad/ Frame 9190 79 KB
79 KB 26ms
8ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/4136825444951894073

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab345a737c6306b5f6baac4b4d8a361013a692273cea73e0f1c98ecf1c5b4f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 07:44:42 GMT
x-content-type-options: nosniff
age: 444973
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80756
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 05:55:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 29 Nov 2022 07:44:42 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/ Frame 9190 19 KB
8 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:18:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0
server: cafe
etag: 2255741555227857113
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:18:56 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 9190 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:19:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:19:39 GMT

GET
DATA 200
OK truncated
/ Frame 66B8 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e57be86d662c2e4800a3ef6c3f6625e2023c1f14e8aae3b590ccf2471d0e3104

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9190 0
0 52ms
51ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIb6qF0-rYbabA4OHzLUPwvmT2Arlj8CwZviEydKqD4iozMS4DhABIKaD3YoBYJWCgICsB6ABrPK4vwHIAQKpAlPZai9pHg0-qAMByAPJBKoE2AJP0CThl7i19EDQN3OL_tQznhOPAggrf01FlkSzPpCFkCWPK8eaTT6qhXPK6yKP9MRrffI8pBUal1XKFVKWG2AZjimgcmoj2X9p65atmFt7Bh7gXaCv1TFDznMbsVlT2ZgqtiizCzisCUWFYZ9a64-NhVhfWMFa-voDREXKwvBsojBlTGchlUrzt43-yckkFziXiztE5bx7mhmhCTRJLEcUQNNUSMlLMh5vxo6BCHdq0B-8ZsWWQo7xLBWsPGKPnlIZxdynKxVRfQyMbr5Ks7H-94U_RoRvcGKHAS7H78cenUZ5pGcW1U3nuisEJNOnt28NcjDw9dwQCNFq6e8_ktsEJIWPwEVQU56AjunMZoybmePkobzZlSR7eUlnDi6Ku7eZccrV5406Gj5SNoamFlrlbhsvBUPprSpzACtuBLWyW7FQjGauY1YWOKw39fCc85d2svQs6ZNVzcAEl53BrOIDkgUECAQYAZIFBAgFGASgBgKAB7yNx8ACqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQifQK0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTQyODI3MTM4NTczMzYwMjMYAA&sigh=DjKjfFWHbqM&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Dec 2021 11:20:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9190 119 KB
36 KB 32ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Dec 2021 11:20:55 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 9190 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 868
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6446
x-xss-protection: 0
server: cafe
etag: 5472324691301332805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:06:27 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 9190 27 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11652e7b04cdcc9c0bc7948055c05aaf8f7c066e6059d52f9b186c55368cb9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 10:25:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11392
x-xss-protection: 0
server: cafe
etag: 7769099329773015066
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 10:25:32 GMT

GET
H3 200 16931801857099529234
tpc.googlesyndication.com/simgad/ Frame B97E 22 KB
22 KB 9ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16931801857099529234?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnAxO3DmqsryMGDGxV2VocyAxV9pg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=1262649813&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=161&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=588&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=TTLF3pZ3gQ&p=https%3A//www.qudach.com&dtd=163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00d645dba8306a4c4566eeca187f39f06012c13ff1c5b30b9bb480131d48e491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 23:32:17 GMT
x-content-type-options: nosniff
age: 301718
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22946
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 09:26:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Nov 2022 23:32:17 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/ Frame B97E 19 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:18:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0
server: cafe
etag: 2255741555227857113
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:18:56 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame B97E 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:19:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:19:39 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame B97E 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 868
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6446
x-xss-protection: 0
server: cafe
etag: 5472324691301332805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:06:27 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B97E 119 KB
36 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Dec 2021 11:20:55 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame B97E 27 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11652e7b04cdcc9c0bc7948055c05aaf8f7c066e6059d52f9b186c55368cb9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 10:25:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11392
x-xss-protection: 0
server: cafe
etag: 7769099329773015066
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 10:25:32 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B97E 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRg0sF0-rYf6UBJODsALss6uABcHC39NmgO7j2O8Ov-EeEAEgpoPdigFglYKAgKwHoAGdqL2jA8gBAqkCKNaZ-39bfT6oAwHIA8kEqgS7Ak_Q8GwKCeUS7QYpnqOEYavDgz304MKh9um9ZDYZ084ARaunaS2MK9cppdLyjL2HaQYVj-7p7UrwzYpRUUotrXPVjkY4wLE-FSEAcujad32UYz2BIhWqknTN9N_2qK3y1QjdB4hnj3mc1ohwhuXGAiO9BZy4Q8jx4Ia6pV0A4GBFPWPgFgTD_jz3zF1JnLQgxlMIs3t0Pd_caJDkKM89aj1ZAaPPx_VqLJh0ZXru_ctN6waU4BTrmtAcTSNNe0G4AP-QfDUu1S9kmVO5aXCB1_iWr7qzMxk9EWHIF8zLwO1QbniTsgdg3huV-kGEd9IJTM2uen-hHEB5aQkDxy0ccgCcffqh76RtjaxHRnX6di6nxR0JjqWr3blEFEx9FoZL5pxrg3IJ899lT-It2X8y2MNeHVMpO2OBpnufXMAEvYSzzbgDkgUECAQYAZIFBAgFGASgBgKAB8vXwlyoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDkkSfSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNDI4MjcxMzg1NzMzNjAyMxgA&sigh=GGpG5HKVIlE&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=1262649813&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=161&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=588&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=TTLF3pZ3gQ&p=https%3A//www.qudach.com&dtd=163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Dec 2021 11:20:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CB9F 143 B
163 B 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Dec 2021 10:58:32 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame CA19 4 KB
618 B 31ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 09:40:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Dec 2021 11:20:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Dec 2021 11:20:55 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame CA19 1 KB
880 B 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:04:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:04:45 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C3CB 143 B
163 B 9ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=1262649813&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=161&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=588&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=TTLF3pZ3gQ&p=https%3A//www.qudach.com&dtd=163

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Dec 2021 10:58:32 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 90F6 247 B
964 B 53ms
14ms Document
text/html 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

0ab58f35d8f85fc8e72e2d5281a054842259120d123403a9de13d8644fd7d3c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-ow5jxGxUS9qxrGG3WPEVbA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 205
date: Sat, 04 Dec 2021 11:20:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DB0B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

86ms
86ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:55 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 062A 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/ Frame CA19 19 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:18:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0
server: cafe
etag: 2255741555227857113
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:18:56 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame CA19 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:19:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:19:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CA19 119 KB
36 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Dec 2021 11:20:55 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame CA19 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 868
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6446
x-xss-protection: 0
server: cafe
etag: 5472324691301332805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:06:27 GMT

GET
H2 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame CA19 27 KB
12 KB 35ms
12ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 11:56:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84268
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 11:56:27 GMT

GET
DATA 200
OK truncated
/ Frame 9190 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4fbd24a7c8276967da7830477ef8e02a1f6455a6f03de6dccd50a3454cb07faa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B97E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ada9ef56d6f268e9dfc11d8a21caa7b1facd18ad87337a7bc148a86c1d79f76b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CA19 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJuYIF0-rYdeKBK2Z7gKn4ZGoBKHG1shlxYqL7asLmJL4h7MCEAEgpoPdigFglYKAgKwHoAHTuoP_A8gBBqgDAcgDywSqBMMCT9AcZ-IbsR1ZMANlj7VKGlZaHqDi2lgcuICi_c-zxoyaebpgKXjIi9nlDS2GW86oKQijryyLXerQHJqv9uxEsHAFtQz8SIFk5jG1uDUO1QySDLUmUUC6xe8ErLm--m26-3HcimhYZlE9fr4IcOrWcv3uwdpC0iaLUkxYjNrxnuipaWnbB_IYgaOZdeFYLm9ojhg88-tIwx-Kjj0TIbf4dwv6H1SrVpUop_eBA1lYrsh7wH2KVqLKxI1_vt09d_bn0_OWROWnY2swCe6i4utwjz-zLfMw1tGoOajenkGG0pZ0aB5hQSLEDsyx9UJR9o8YL8yvLyQApmfzybHNR6PJjYrFj258M2obJPf0Mxd4IdPCAN04cD1AeoRJSI2oTqUOBM9g_guU_pYoFNFhXdY6LV91ZSlHzs39PgvXulyI_dDMb13ABOjAkubCAZIFBAgEGAGSBQQIBRgEoAY3gAeVxXyoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDX-w3SCAkIgOGAEBABGB-ACgHICwHYEw2IFALQFQGYFgGAFwGyFxwKGggAEhRwdWItNDI4MjcxMzg1NzMzNjAyMxgA&sigh=kIKdihTdU1c&uach_m=[UACH]&template_id=492

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Dec 2021 11:20:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15569078075006794545/ Frame CA19 25 KB
25 KB 8ms
8ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15569078075006794545/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da9fcd0bec0cacdb7b3e47f1d0e04fafcb710f1008ccc2cc85d632f90803507e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 20:08:05 GMT
x-content-type-options: nosniff
age: 313970
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25905
x-xss-protection: 0
last-modified: Mon, 01 Mar 2021 13:42:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Nov 2022 20:08:05 GMT

GET
DATA 200
OK truncated
/ Frame CA19 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ace334b45aed93b9e046e19adc6803ddfea56ed0e34f73961b3d940cc3605d81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 iframe.html Show response
p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 90F6 4 KB
2 KB 32ms
16ms Document
text/html 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

98e0c95960ff9d657a94a987c741b7b9fcfe925a2c3343f43b0ecafc8e1a5981

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-Bx-TAh3jPA-AAYQa6ZlroQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1862
date: Sat, 04 Dec 2021 11:20:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame CA19 15 KB
15 KB 23ms
8ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 15:45:42 GMT
x-content-type-options: nosniff
age: 243313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 15:45:42 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame CA19 16 KB
16 KB 24ms
10ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 05:33:18 GMT
x-content-type-options: nosniff
age: 280057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 05:33:18 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CB9F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

57ms
56ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1808 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=1273110253&adf=1402801878&pi=t.ma~as.3508289260&w=1200&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854823&bpp=2&bdt=286&idt=137&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3IxuPd5Wln&p=https%3A//www.qudach.com&dtd=141

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C3CB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

108ms
108ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 5F91 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&slotname=3508289260&adk=600365428&adf=3512914482&pi=t.ma~as.3508289260&w=1160&fwrn=4&lmt=1638616854&rafmt=11&psa=0&format=1160x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854826&bpp=1&bdt=290&idt=158&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=24&ady=3914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ctH0N2glxl&p=https%3A//www.qudach.com&dtd=160

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

GET
H3 200 18284756637143720032
tpc.googlesyndication.com/simgad/ Frame 4A4D 53 KB
53 KB 8ms
8ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18284756637143720032?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qn4WOImK8RhNgi5er0uB_gdOEexkA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&adk=2021101911&adf=3302722808&pi=t.aa~a.1736519672~rp.4&w=371&fwrn=4&fwrnh=100&lmt=1638616855&rafmt=1&to=qs&pwprc=3251190038&psa=0&format=371x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616855162&bpp=1&bdt=626&idt=1&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D698281874cad1c4c-22a883383ccc00ee%3AT%3D1638616855%3ART%3D1638616855%3AS%3DALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280%2C384x280&nras=2&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1203&ady=1625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=k90ThsQAj7&p=https%3A//www.qudach.com&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c93cc6e3e306b43acd77b7658ba13560370b7513af5a20e7a7a0512287bf2e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:04 GMT
x-content-type-options: nosniff
age: 345472
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53765
x-xss-protection: 0
last-modified: Sat, 06 Mar 2021 08:34:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Nov 2022 11:23:04 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/ Frame 4A4D 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:18:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0
server: cafe
etag: 2255741555227857113
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:18:56 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 4A4D 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:19:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:19:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4A4D 119 KB
36 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Dec 2021 11:20:56 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 4A4D 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 869
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6446
x-xss-protection: 0
server: cafe
etag: 5472324691301332805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:06:27 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 4A4D 27 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11652e7b04cdcc9c0bc7948055c05aaf8f7c066e6059d52f9b186c55368cb9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 10:25:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3324
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11392
x-xss-protection: 0
server: cafe
etag: 7769099329773015066
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 10:25:32 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4A4D 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=COrKFF0-rYeC0D8uaj-8P4durqAOag6yrZu7eoKDcDt3ZHhABIKaD3YoBYJWCgICsB6AB55_TtwLIAQKoAwHIA8kEqgSoAk_Q6egi_6-3X9HN8jPDLDio1hlqNATDIgR0Ri8L5nf5maVFhGk2d0MJWv5rquILIAf-kyzRPBkp3dFBymYaRTIdm6wlS5tJJubgKJN0ofrlE8oVq7ehAt107fefP4GUGgA_5URY1NaD3COtYA6MwxOI2pg2scQGHYtP80awKDpuZvuJgltb7fOtpKXNnrUNxjiBPwUsShDYR6j2PYF-lfRtccbpbZfR3V2aMa54f2vweWzcYPY645TJTcCNeH1jBJwSVkjLOaUwN0vKmSI8xwfyYuOEzBJfvUgaqIY60tf62MftXZmImuaztEwMb8LVHUenC6rnlg3uo8LnNxEElY6u8WFjIrC93ZpWhlDPYu9lU75Tbic99JMgeqFe5r1uXUwFmysTU_5HwATH0dCZ5wOSBQQIBBgBkgUECAUYBKAGAoAHre33yAGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCDygPSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNDI4MjcxMzg1NzMzNjAyMxgA&sigh=bOp78e6AF2U&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&adk=2021101911&adf=3302722808&pi=t.aa~a.1736519672~rp.4&w=371&fwrn=4&fwrnh=100&lmt=1638616855&rafmt=1&to=qs&pwprc=3251190038&psa=0&format=371x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616855162&bpp=1&bdt=626&idt=1&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D698281874cad1c4c-22a883383ccc00ee%3AT%3D1638616855%3ART%3D1638616855%3AS%3DALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280%2C384x280&nras=2&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1203&ady=1625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=k90ThsQAj7&p=https%3A//www.qudach.com&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Dec 2021 11:20:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 020A 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&adk=2021101911&adf=3302722808&pi=t.aa~a.1736519672~rp.4&w=371&fwrn=4&fwrnh=100&lmt=1638616855&rafmt=1&to=qs&pwprc=3251190038&psa=0&format=371x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616855162&bpp=1&bdt=626&idt=1&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D698281874cad1c4c-22a883383ccc00ee%3AT%3D1638616855%3ART%3D1638616855%3AS%3DALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280%2C384x280&nras=2&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1203&ady=1625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=k90ThsQAj7&p=https%3A//www.qudach.com&dtd=10

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Dec 2021 10:58:32 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B176 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Dec 2021 13:26:12 GMT
expires: Sat, 04 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 78884
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4A4D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11c2d24e6b8c62b74b5e308645c3db48673600fb2129bc90795d3bb476103b3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame B176 35 B
463 B 38ms
10ms Image
image/gif 2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENXGXNRDFqSoSCOaH2YCU6I&google_cver=1&google_push=AYg5qPIzQ78gr6ymtzcmW4Vfh7ie4nURklq3z85SOq-0sxAoqYbApi_K0L17yxxiRhZJ9Yr7nLfqb59lEFSbyRjJvicz1PDokIoo

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B176
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPL5QiK1...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPL5QiK1...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMDQxMTIwNTYwMDAxNjI4NDI2MTQzNA%3D%3D&google_push=AYg5qPL5QiK1TBH3g7CneEainyUFMK_26BEOpK6i3eg21FDGt6sdsPEuXropWRT1ON4F_M...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMDQxMTIwNTYwMDAxNjI4NDI2MTQzNA%3D%3D&google_push=AYg5qPL5QiK1TBH3g7CneEainyUFMK_26BEOpK6i3eg21FDGt6sdsPEuXropWRT1ON4F_MzFY5fnWP15vyeG8s_Dm5TsKMNlp7Va

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMDQxMTIwNTYwMDAxNjI4NDI2MTQzNA%3D%3D&google_push=AYg5qPL5QiK1TBH3g7CneEainyUFMK_26BEOpK6i3eg21FDGt6sdsPEuXropWRT1ON4F_MzFY5fnWP15vyeG8s_Dm5TsKMNlp7Va
pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sat, 04 Dec 2021 11:20:56 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame B176 43 B
352 B 38ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPN0dXHbIWUM11QppIcc4YM&google_cver=1&google_push=AYg5qPLUBPXLI_sGOtmeeAnW-o_NH1sJrW4IrFwDRHRt5Uf9i1G2XwEc_YWDoj5hF6tsp5OsQmF7wN8EVSnYPIcSPb6nHm0Og5hi
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=200&adk=2021101911&adf=3302722808&pi=t.aa~a.1736519672~rp.4&w=371&fwrn=4&fwrnh=100&lmt=1638616855&rafmt=1&to=qs&pwprc=3251190038&psa=0&format=371x200&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616855162&bpp=1&bdt=626&idt=1&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D698281874cad1c4c-22a883383ccc00ee%3AT%3D1638616855%3ART%3D1638616855%3AS%3DALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280%2C384x280&nras=2&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1203&ady=1625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=k90ThsQAj7&p=https%3A//www.qudach.com&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:55 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: b4rjkikjjs3bdflb5lk8kq4p3d5roaet

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B176
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=hYuiM960RdmQdZVTTNhwPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

25ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=hYuiM960RdmQdZVTTNhwPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKycNEUX7jUwd1IzKl7XWQ9uyBhU7HfXARgGyJgjyYIAjED5DkqCcIg8Ty_o_tuuvQjRBokOSN023vsK8SFV19rHVDeIkF4

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=hYuiM960RdmQdZVTTNhwPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKycNEUX7jUwd1IzKl7XWQ9uyBhU7HfXARgGyJgjyYIAjED5DkqCcIg8Ty_o_tuuvQjRBokOSN023vsK8SFV19rHVDeIkF4
date: Sat, 04 Dec 2021 11:20:56 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B176
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPTYSOY_O0bKBJ1SyCXBKvQ&google_cver=1&google_push=AYg5qPKLw72SnxeeJdsMeZCVMpP0HnrxbU-SChrToPxxXhN0TRB6qDsbK5pFlqOtRIKqbkexgaF...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dSUTYyQUQtMi03UllQ&google_push=AYg5qPKLw72SnxeeJdsMeZCVMpP0HnrxbU-SChrToPxxXhN0TRB6qDsbK5pFlqOtRIKqbkexgaFzk8F3j3oOFpmgGGnSbTad2dFx

170 B
188 B

36ms
21ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dSUTYyQUQtMi03UllQ&google_push=AYg5qPKLw72SnxeeJdsMeZCVMpP0HnrxbU-SChrToPxxXhN0TRB6qDsbK5pFlqOtRIKqbkexgaFzk8F3j3oOFpmgGGnSbTad2dFx

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dSUTYyQUQtMi03UllQ&google_push=AYg5qPKLw72SnxeeJdsMeZCVMpP0HnrxbU-SChrToPxxXhN0TRB6qDsbK5pFlqOtRIKqbkexgaFzk8F3j3oOFpmgGGnSbTad2dFx
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame B176
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B176
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEF-Tw3z_K5sH7xeGHcFa2hA&google_cver=1&google_push=AYg5qPK3zkdfWqtDJiVnRoAJ...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPK3zkdfWqtDJiVnRoAJpvy-HE8ImDlbup-hrXI4B5indSm06npAylNNZuw0_sJS0r0UzGpDYypZsbYbtYbgUinnpfYXvruHoQ&google_hm=

170 B
188 B

33ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPK3zkdfWqtDJiVnRoAJpvy-HE8ImDlbup-hrXI4B5indSm06npAylNNZuw0_sJS0r0UzGpDYypZsbYbtYbgUinnpfYXvruHoQ&google_hm=

Requested by

Host: www.qudach.com
URL: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPK3zkdfWqtDJiVnRoAJpvy-HE8ImDlbup-hrXI4B5indSm06npAylNNZuw0_sJS0r0UzGpDYypZsbYbtYbgUinnpfYXvruHoQ&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Fri, 03 Dec 2021 11:20:56 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame B176 0
232 B 53ms
15ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Im59CeUV7a6ECXLQ_cknHesC7Ov8QCi-DdqcNgeamqMMQT1kUgXJNDRwGmkAs7C598j521yg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:56 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 020A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

66ms
65ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 11:20:56 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 717C 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame D1BD 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 3455 1 KB
881 B 11ms
10ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:04:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 971
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:04:45 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/ Frame 3455 19 KB
8 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:18:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7857
x-xss-protection: 0
server: cafe
etag: 2255741555227857113
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:18:56 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 3455 2 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:19:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:19:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3455 119 KB
36 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Dec 2021 11:20:56 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/ Frame 3455 15 KB
6 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211201/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 869
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6446
x-xss-protection: 0
server: cafe
etag: 5472324691301332805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 11:06:27 GMT

GET
H3 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame 3455 27 KB
11 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 11:56:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84269
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 11:56:27 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3455 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIBR3F0-rYbHTBMqej-8PwvuuwAjm-5DgZZL5zrjnDZaCzYWIFhABIKaD3YoBYJWCgICsB6ABpMiNuwPIAQmpAgP2gRZJ-rI-qAMByAPLBKoEzgJP0IqoSd_M1KL-ExFyemnkWX0JLsCILp-pNEpOyfKg3VIN2wVrYnm4o-3_5Nta1bJrYr7IwKZynqrpUgZIoWRpt0f2st_3of6egeJ4lY6QE5E6-Gvu5O3rlMsxUzIV6_0cZ5BOGsMwz9470z5-3jyKzlRzPMZ5TXL3dbILrQsCXrMQ7wd8rGSzsd33fjdX40JebkJvN5SkyVMXgdWV6xLGjOlJPnH1Nh0daZ0-vV_Ch2y_KFgs2CC1K2MyAu9XUSage8fMqu5F2qXVLPyf3xYXP6AvpWUoYClx7Q23CcNMff5sb94IJTipaH1vN5VJ-oqMg3qltyj70fy-LHgzg5w3atNMYiRo73plZA1H-atpjStacas9JvP4EGHiFhGSZs7PYK-pS3xO574AVkryC-fdTJqsh_B7odzLTHiMMrdtTQWvBTOBD64LsoFhdHRqwATlnujRwgOSBQQIBBgBkgUECAUYBKAGLoAHxLfyRKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHBBCTyAfSCAkIgOGAEBABGB-ACgHICwHYEw7QFQGYFgGAFwGyFxwKGggAEhRwdWItNDI4MjcxMzg1NzMzNjAyMxgA&sigh=X0xYHICVi_E&uach_m=[UACH]&template_id=494

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 04 Dec 2021 11:20:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 3455 14 KB
15 KB 48ms
9ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQtjeo7EfustXnpHA_yAeErQJUMj8DZpSnxhUr62NgKg-ffF3EZTIqtqp-ptN8&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cb83dbef5c416d85148d0aaf717e1099052544bcc9946fc7fefc3f56304c88c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:55:14 GMT
x-content-type-options: nosniff
age: 318342
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14600
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 09:58:13 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 30 Nov 2022 18:55:14 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 3455 34 KB
34 KB 50ms
12ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQOaJsW0HojMndaNvTuTEsOGg0ZPXeJOtdw89vG8JFruoJeSy_m06kc9C_PFWY&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23db1d0f3ae5c60055b7ab4a975779cc3498d4d62b87242b7fdf5cd2365baaca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 12:00:53 GMT
x-content-type-options: nosniff
age: 429603
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34682
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 01:36:41 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 29 Nov 2022 12:00:53 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 3455 25 KB
26 KB 47ms
8ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQV81fW1leCC60xmZSvQzzeKaaovdBnvsJzCiKJ0B5t7JSp9980GmtHy1s0SQ&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6219b5ab4e361370c81fbf2d3427dd96ad949016ea3dcd4e34683e472b62648

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 09:06:04 GMT
x-content-type-options: nosniff
age: 353692
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25703
x-xss-protection: 0
last-modified: Fri, 22 Oct 2021 04:51:10 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 30 Nov 2022 09:06:04 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 3455 14 KB
14 KB 46ms
7ms Image
image/png 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRhDf76typZMMP9uo03z1iv3w10Aw2WLLEryZ83ZT_ZgbW02Ok&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baad4ea1c89986d16b38a7b13dafe5e4ac4115ee6e116557d833a2f0ebe035f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 20:14:36 GMT
x-content-type-options: nosniff
age: 313580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14189
x-xss-protection: 0
last-modified: Mon, 14 Sep 2020 10:17:32 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 30 Nov 2022 20:14:36 GMT

GET
DATA 200
OK truncated
/ Frame 3455 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7716a035ac1f8c0d498e43543341d05b5f518d17f6d37fe73452a1645f5372aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 38ms
22ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211201&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc2cf77fb61c8cb15c78ce4c2367a76dd52ce8bfbb7934a61f2c429c78efbdc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Dec 2021 11:20:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8670
x-xss-protection: 0

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame EC6D 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4282713857336023&output=html&h=280&slotname=6328031909&adk=2147873996&adf=186966999&pi=t.ma~as.6328031909&w=384&fwrn=4&fwrnh=100&lmt=1638616854&rafmt=1&psa=0&format=384x280&url=https%3A%2F%2Fwww.qudach.com%2Fisraeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638616854827&bpp=1&bdt=290&idt=164&shv=r20211201&mjsv=m202111170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x200%2C1112x200%2C1160x200%2C384x280&nras=1&correlator=5072340414600&frm=20&pv=1&ga_vid=387954040.1638616855&ga_sid=1638616855&ga_hid=36665001&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1196&ady=1649&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C44754332%2C31063825%2C31063835&oid=2&pvsid=3962315020285265&pem=52&tmod=1644826928&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=W5UIUNSx1b&p=https%3A//www.qudach.com&dtd=168

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

POST
H3 200 rum Show response
www.qudach.com/cdn-cgi/ 0
166 B 10ms
10ms XHR
text/plain 2606:4700:3035::6815:20f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.qudach.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:20f0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.qudach.com/israeli-company-s-spyware-is-used-to-target-u-s-embassy-employees-in-africa-212716.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

date: Sat, 04 Dec 2021 11:20:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.qudach.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6b84a5f99c93701c-FRA
vary: Origin

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 04 Dec 2021 11:20:56 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 35FB 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Sat, 04 Dec 2021 10:57:16 GMT
expires: Sun, 04 Dec 2022 10:57:16 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1420
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 13DC 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f9005990a6d64f892508afa8f1d5c98c667e6a7c276527a081d09924d0227faa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WyGhmzraCROJnP4QuBoGAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 04 Dec 2021 11:20:56 GMT
date: Sat, 04 Dec 2021 11:20:56 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-WyGhmzraCROJnP4QuBoGAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js Show response
pagead2.googlesyndication.com/bg/ Frame 35FB 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4Sfc45HFswufgCf8fQCX22Ys6cavju9jIH_-ShQytV0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 23:56:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13379
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 23:56:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 13DC 0
0 43ms
42ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211201&jk=3962315020285265&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 35FB 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3gLPcA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 11:20:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 66B8 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0C8J54C2--DQnRKiXEkZ2nJ3ycXhmE5gdacbrYr8wknx8x2WRlPEjHY8c_MJXlXPgAVS-23PsI7zAihWTtcH02z21A6Nu-sc9JlceaW7GvcQ7bFyo7Q&sai=AMfl-YQHMx1hAp_KaYU7dlypDdngM4tPb8c3ma_HEXU4FexzXD8kaI50fkBSQznwFUXDJHw8mfOJHRTy8HIH&sig=Cg0ArKJSzL_8G2TYHXO6EAE&id=lidar2&mcvt=1004&p=0,0,200,776&mtos=0,1004,1004,1004,1004&tos=0,1004,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&app=0&itpl=4&adk=2589133538&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638616854983&rpt=774&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211201&jk=3962315020285265&bg=!LC-lL2vNAAaQHwIOkB87ACkAdvg8Wgx2HjhWf7dBJhOOKm3fhTXJSEewZopDJit8iFk8Keh7jOVegwIAAABHUgAAAAtoAQeZAruAWwmK4FGy4Y1V0xRcdytV-oPXENniRWf9kPPVzudEpi_pgFDejYAC0Y6zgG46uryxHa8h12Zu9r08xgBB6xOMqnqB_iJmPTyna3ihdvZ3_qLovwiJ4mfFpg45eM1PhTiDhAZ7z-rEG46r9w6AkYIwOvUaMlIhX_pG87TPJmXH7j9iMJpnrIISGZOkiAZrtl9Wacsw9xi5zvLPAl7_uqJkyTPAmTO9zynR8tUWC6uPlVidRzeFIT_kaeMrB8D-0yoJYtY1TiLGQ_pV4v-fWcQKYHvpdfuUV7Sn4uZSO40ePkyuOq0Dy8soL8HZfze7GPiIrp2-6ZEUSEE1M2n-1FKO4rCaRy3qxNoNjQUr-cZ9O0rDsjnnmg_d8XIk7FhdVP7e_wC9y7WY6X32EYO2_h8t7NqLyDjWl9_6dKRvsljph0z_B2qnsfeXaTsGx2Vc7nJr2HsfWd5-En6o26Nj8wOHCkXsGLB4-pZBeaLhW1QvnuRkMp_UGq9n_vtFSg3rkDX7wn6MqmMqWIDDliUUKKg-jdG015VnEuECxfC1Evo2qBa5XwQZ3Gd5jPukZin-9fuhnLJ2GU0H8d_4QyJ6dI7dalPtqOydRapb6Abjma6QWFfP89i98qFuSk7pEcdvjeRexWT2U8LobdgfdDApt0lqvSXywSDxIp_rVY3hl87ETF-y_dlufuZR7YkEnXaXEZ2-ZzoToE4OHpWXyEYG_tGCV-eUl4rLOH97JwOaoOjiyaWBxBOuMfJCUYdTaiH92iX3W0HjBTk1UN7t29lBoSeKE5Rf4W1m0OtKTkKJRCCSAoNpdelRc_NMoeY5wFgc2fDaVsxCRT4uNMYYwn0xzszu0yxo8f7JjDsBH9WAY-JLxMDi-STpWZyvDkT_5zhkOaBRADhXSx5fugCduMu_eekH66isHN94WtUN0cM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.qudach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9190 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuJNbRixUYbuzhRKer2VtBdDJ7avq3mna_3bSZD-O_hljBHFi4rUl91PCfX7xuzVLo4Z3m_6gfr9l6SA4oQIZpZXTFsba6H6lRXbKs7ivjFIrsj0wlnQA&sai=AMfl-YT4bmaTBndJv2l-7iMZwAZVWI8m9eiUN422EFG9oBSSL-0tzh5O5BW2plc3_CbRyxPyl_ABPGZ5LlA9&sig=Cg0ArKJSzO1QuZWNZYHyEAE&id=lidar2&mcvt=1000&p=0,212,200,988&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1273110253&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638616854965&rpt=878&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B97E 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsukaDSS0QEkB34ab2lXFIDbbgOLSF-fjOWCPci4cuI-K37a7aQHHLKZit1WLNjHdO6lau_pqZF4iGXGinI-D5dZbeKw25V91ykfnyFxlC_QtTLh8T5AdA&sai=AMfl-YQVe0OoPEppYmwdfbcY_Uc8wAKKiXQBs96MbaqcNGowwHvM4LD9mMuDR0-HPJ9Oicw6wAIhr_Gj8ycL&sig=Cg0ArKJSzFxY9NXM3KJSEAE&id=lidar2&mcvt=1001&p=0,24,280,360&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=2147873996&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638616854990&rpt=878&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 11:20:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.qudach.com/	1969-12-31 23:59:59	Name: __spark_sess_id Value: ptgr94158bvj27gsqb24bcic97
.www.qudach.com/	1970-01-19 23:10:18	Name: region Value: US
.qudach.com/	1970-01-20 16:41:28	Name: _ga Value: GA1.2.387954040.1638616855
.qudach.com/	1970-01-19 23:11:43	Name: _gid Value: GA1.2.1065727168.1638616855
.qudach.com/	1970-01-19 23:10:16	Name: _gat_gtag_UA_203701614_1 Value: 1
.qudach.com/	1970-01-20 08:31:52	Name: __gads Value: ID=698281874cad1c4c-22a883383ccc00ee:T=1638616855:RT=1638616855:S=ALNI_MYNjn-k6PhaTn3KfmKgxK0lK8k7xQ
.doubleclick.net/	1970-01-19 23:10:20	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 08:31:52	Name: IDE Value: AHWqTUlOTBhY9esu7VV8MrKcGGJitoFQ2QnrG-SN-C2rtBcypqrvUAR6A1Y_r1-jvFA
.quantserve.com/	1970-01-20 01:19:52	Name: d Value: EEwBCQHwJIEA
.quantserve.com/	1970-01-20 08:40:31	Name: mc Value: 61ab4f18-547f0-770bf-5ed3c
.casalemedia.com/	1970-01-20 07:55:52	Name: CMID Value: YatPGHlk5uB8pqDGUy47eQAA
.casalemedia.com/	1970-01-20 01:19:52	Name: CMPS Value: 5209
.pubmatic.com/	1970-01-19 23:11:43	Name: KTPCACOOKIE Value: YES
.casalemedia.com/	1970-01-20 01:19:52	Name: CMPRO Value: 1184
.casalemedia.com/	1970-01-19 23:11:43	Name: CMST Value: YatPGGGrTxgA
.pubmatic.com/	1970-01-20 01:19:52	Name: KADUSERCOOKIE Value: 858BA233-DEB4-45D9-9075-95534CD8703C
.doubleclick.net/	1970-01-19 23:10:17	Name: test_cookie Value: CheckForPermission
.e.dlx.addthis.com/	1970-01-20 08:40:31	Name: na_tc Value: Y
.addthis.com/	1970-01-20 08:40:31	Name: na_id Value: 2021120411205600016284261434
.addthis.com/	1970-01-20 08:40:31	Name: na_tc Value: Y
.addthis.com/	1970-01-20 08:40:31	Name: uid Value: 61ab4f181c136bce
.addthis.com/	1970-01-20 08:40:31	Name: ouid Value: 61ab4f1800013b4a68b17463ad467dbf3b29e0ec43478d53759a
.dlx.addthis.com/	1970-01-19 23:53:28	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-19 23:53:28	Name: na_sr Value: 20211204
.dlx.addthis.com/	1970-01-19 23:10:16	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-19 23:53:28	Name: na_sc_e Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YatPGHlk5uB8pqDGUy47eQAABKAAAAAB&google_push=AYg5qPLTc1wjUUmv57yFhdDaHWRIosZzguIELomuEKcI2DmiyfkmpAwW7hJuUkN3A8GHO0mjQU392kAKHYMxyz6j6l1UkYMsmO8&google_cver=1&google_gid=CAESENNPr2MmqXzPJNRdEqOq5KI Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
cms.quantserve.com
e.dlx.addthis.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
image6.pubmatic.com
p4-dawf26bqvaemo-v525sa2vpnx35wwc-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
rtb.openx.net
static.cloudflareinsights.com
static01.nyt.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.qudach.com
cm.g.doubleclick.net
104.111.215.191
142.250.184.226
142.250.185.162
142.250.186.163
151.101.65.164
185.64.190.78
217.182.200.20
2606:4700:3035::6815:20f0
2606:4700::6810:5e41
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1450:4001:801::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
35.227.252.103
69.173.144.138
00d645dba8306a4c4566eeca187f39f06012c13ff1c5b30b9bb480131d48e491
0840e4e29129ab86cab48b8d00f170407504a087c34a8b28e77ae3ea0e7afcc4
0ab58f35d8f85fc8e72e2d5281a054842259120d123403a9de13d8644fd7d3c7
0ac9f99c170b5c85219aeb92b0f9fccf92c4ed71492226b947c7b401f4002b51
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
11c2d24e6b8c62b74b5e308645c3db48673600fb2129bc90795d3bb476103b3d
11c73cd1795cbb74af317b1c63dc9ffd0bac19fd766d10dfa6ee78277391901c
1597fa8b467fe5fc852c0d451b664650ac85788066bcdbb61827d29af7819e06
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
166fbbbfbb81e0b2aa1829dd5190caf1c1d5e3770ab0d82e8d420df4cfa6abe4
16923f9fcc118f6870a574a73697c19eb79210b2ce401e5e1b92a2a5fcda080a
17f0d815061a330cfcde41461340efd9ba7e4bc4b2000be65b5a5ce056ca8631
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
23db1d0f3ae5c60055b7ab4a975779cc3498d4d62b87242b7fdf5cd2365baaca
2ab09df309c25340424b9ba5e33f06de106b8bf1a441a2b0777b565d0edc4413
2c93cc6e3e306b43acd77b7658ba13560370b7513af5a20e7a7a0512287bf2e3
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
324f6d6790fc3aeae89be8998692fbb6c262fe63834f67420bcca257aea0dc92
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
37f62ef8693878e02f8d3910e2d7b3e4c55ce99d4eca6426562c1bc838167456
393a83f90f8d1ec9f96356fa0cb3d8509af3d564b6145f0386f9e7b18c672d63
3f2c144f45a057c6f944b1a0d58de8eeb55032e20b6a89a6803f7b813ebfa245
3f4230a7e8ce515ae80261cc9e3ab2938ec725377085647eaa264e8c9833029f
409048ab6bf8c53e0c2253b01d7af608c0a81f68e238676796c526c6b53a54a5
41bf0407f003ba093ecb26bb725507175c5d9906d899826afc0799f9a8bd0be3
4552b33c74fe552dc4c6934ac4c42d8f3e4ff44266c38de46b14aa9f54c22437
465f3a7af8b8519bb793bb3b515751ec06f6e724f4b9061729b67af05aa16fe0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fbd24a7c8276967da7830477ef8e02a1f6455a6f03de6dccd50a3454cb07faa
51a3384f28655d54ee3c773771d4efd67201819623e29f505838229182e006cd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a70c62060f63abcadb8fdd799e7eab903d6b18ae8c783cccc8c82c0450b4083
5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6
606b96d33d081306c5bd269573d45959bbe0253b661e368b694dc6999655401b
615050cfd7cd77d6941c6c0b4551d20c4d5ad825bc9fd7acc61a0bdca7783d26
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6257e792f9aef240d1954956a6ea7982c0268035f15a79931a110ed6344c8c4c
670591570ae55174ffbd62e283be10dfb84ba7a72cddb0ed1550593ad0e7d350
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d55419e228ae290f55da015f0f85f1688969f09bf2c6323082cba90f94cf76f
7009f04f5e5a747c862f9052fa450e2d07e7146f4d7c5306db6aedff7d4cc605
767dde1c4ba69b4408db8220339194c7a23d910653925baefc4ab4fc6704bfe7
7716a035ac1f8c0d498e43543341d05b5f518d17f6d37fe73452a1645f5372aa
77340e30ad686a7d5595890622e9c5d1718eda26fd0deeceda1bf751ba2f78d8
79bdef6bf54624bd1aa5405d78544f96c5d3e1e2fb610748e3e521f1d8aa4231
7c3ba340099e1d408fe652e4c81f2da87378d321912c6455c7052e81e185b1ae
851596196e9ac893121cdc4543df454c98e019b7d87ff25c6854d0cd800245cf
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88cec8f3de1ea9c2c8f2525cb3aceb4585427522ef3062795c59bf48ffc5037b
8999c33fbd24a03af5e1c8ccf9b9ebfed7e2a346b27ca90b1b26259baeba77cc
8a3a32981aaffc5eee6e7b4363b2874b3731b834a684bcf2b5c46c1c37be34d8
8cb83dbef5c416d85148d0aaf717e1099052544bcc9946fc7fefc3f56304c88c
8d3411c961b332008c61452f483ada3da4cd0fd06cc264c7f2facfb01bc4b1d5
91481c7913fdda095a6b3ee46de1732291452e704e0fcfdf8c61dbd038b906c8
94b00e5de4b6e85cd7baa3385a9d84b6e71533cc1433be5d09389517b71fbe59
951a3b8ec1c6a0ae2767a3bb90ba6995397c5d13bd7ff79ea0bc87529b8024ea
98e0c95960ff9d657a94a987c741b7b9fcfe925a2c3343f43b0ecafc8e1a5981
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e80cecde94e949338b581c600baded9fb2e1399f18e47aa2cd7ed9fd6317232
9f7a74b2ee8d20463675e1a8d62796a366b0987f1ccb63522726286e621c45e0
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cc18efea85afe3c48d25cb1fb87e19bcecd962e585eeb23512cca4abf566fa
a616ecab96a7e000215ea42344c7ddea35402e9ab3253d55f2ebc6de45e4ad54
a6219b5ab4e361370c81fbf2d3427dd96ad949016ea3dcd4e34683e472b62648
a75c75179d9dbec0883fbe6a9310f5e1dd6bf73247de9fc62b7840596183e68c
a798639d7c9086ecefc74cec52f8d259bd73b8cf1e871894c19d24c59e8a7f7e
ab84191c2539a79688fabd97e98dbb0390ebaeccee528eeac61178c806960d5a
ace334b45aed93b9e046e19adc6803ddfea56ed0e34f73961b3d940cc3605d81
ad2845cf9db3c8b7897d293e61f0f7334c782b34f997a26c519151121d9da562
ada9ef56d6f268e9dfc11d8a21caa7b1facd18ad87337a7bc148a86c1d79f76b
adc0243f7a45a023b613786a76b2578c45300334625d013e9353ac036e3a374b
b1ca39caeffc18432d3459844918984e6b34300c4d2ea73ed5bf808da09d330a
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b6427e45b4f9f900bb66eae08ace0eeb3b60fda38ee940426b799c0d1dc3b34c
ba5814cda001a4edf2bb8217e9e93f83ba48e5d0eb2cca4784796df95f3c04c1
baad4ea1c89986d16b38a7b13dafe5e4ac4115ee6e116557d833a2f0ebe035f1
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd0cfc43cf7f4dc5d9c0d765c43c9218c741ecb351a1a8791a0c247d48f09ec4
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc85e9b9de1299eb04ba6bb96bcbb75971f82ecbfffd22541b34660c4dbc9d27
cece1097f127c3259563e9936c64b658830b75f606b503a191e52d39ac0a6556
d5d61689fed57c6399922d3d7397ca3a84eaf27215ac4dd5ddc7abf9246848ec
da9fcd0bec0cacdb7b3e47f1d0e04fafcb710f1008ccc2cc85d632f90803507e
dc2cf77fb61c8cb15c78ce4c2367a76dd52ce8bfbb7934a61f2c429c78efbdc2
de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096
e11652e7b04cdcc9c0bc7948055c05aaf8f7c066e6059d52f9b186c55368cb9e
e127dce391c5b30b9f8027fc7d0097db662ce9c6af8eef63207ffe4a1432b55d
e2890adb9bd41a5801dbd2ba5a6d904c9f804e828d1b53f6c3d008f8eef1d868
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57be86d662c2e4800a3ef6c3f6625e2023c1f14e8aae3b590ccf2471d0e3104
e94ad217ce6b1f780f906cb6caf804196acee0ea9d85016db975b8abe5963071
ec1639109547554eadcc3bb66bad01bd8b1cf079bdb7b16262050d38cbdc4ea6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef88f528a5d1c110782f7d8cfbaa2acb6311adebc512bac7a2ed4243ff6918d0
f9005990a6d64f892508afa8f1d5c98c667e6a7c276527a081d09924d0227faa
fab345a737c6306b5f6baac4b4d8a361013a692273cea73e0f1c98ecf1c5b4f8
fc0fd14a939f79b7f287e4688f62fa264f3bae2579e14a3e8c4c33387818a3d8
fc1c82b4c10ec83401c439337d78e58a8001cd6350998dc2900ba72eb4fdfa24

www.qudach.com Open in urlscan Pro 2606:4700:3035::6815:20f0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

139 Requests

96 %HTTPS

67 %IPv6

19 Domains

27 Subdomains

24 IPs

4 Countries

2221 kBTransfer

4214 kBSize

26 Cookies

24 Outgoing links

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 18 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.qudach.com Open in urlscan Pro
2606:4700:3035::6815:20f0 Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

96 %
HTTPS

67 %
IPv6

19
Domains

27
Subdomains

24
IPs

4
Countries

2221 kB
Transfer

4214 kB
Size

26
Cookies

139 HTTP transactions
18 data transactions