www.ibtimes.co.uk Open in urlscan Pro
3.226.19.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Effective URL:
https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Submission: On December 08 via api (December 8th 2021, 2:58:11 pm UTC) from US — Scanned from DE

Summary HTTP 220 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 80 IPs in 10 countries across 65 domains to perform 220 HTTP transactions. The main IP is 3.226.19.100, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.ibtimes.co.uk.
TLS certificate: Issued by Amazon on March 25th 2021. Valid for: a year.

This is the only time www.ibtimes.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	3.226.19.100 3.226.19.100	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:225... 2600:9000:2251:3000:11:2a6a:9480:93a1	16509 (AMAZON-02) (AMAZON-02)
27	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	18.211.226.152 18.211.226.152	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:225... 2600:9000:2250:8000:16:f82a:8600:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.200.203.34 34.200.203.34	14618 (AMAZON-AES) (AMAZON-AES)
1	35.186.195.222 35.186.195.222	15169 (GOOGLE) (GOOGLE)
4	18.66.109.174 18.66.109.174	16509 (AMAZON-02) (AMAZON-02)
5	35.190.48.184 35.190.48.184	15169 (GOOGLE) (GOOGLE)
1 7	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
14	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:3ca8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2	35.190.72.161 35.190.72.161	15169 (GOOGLE) (GOOGLE)
2	13.32.99.59 13.32.99.59	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
1	18.157.129.217 18.157.129.217	16509 (AMAZON-02) (AMAZON-02)
1	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
4	13.32.99.54 13.32.99.54	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223c:b200:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.190.36.172 35.190.36.172	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::ac43:1695	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
13	18.66.112.122 18.66.112.122	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
1	3.209.18.29 3.209.18.29	14618 (AMAZON-AES) (AMAZON-AES)
1	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	63.33.224.140 63.33.224.140	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.10 18.66.97.10	16509 (AMAZON-02) (AMAZON-02)
1 2	13.32.99.23 13.32.99.23	16509 (AMAZON-02) (AMAZON-02)
2	52.22.45.124 52.22.45.124	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	54.234.151.247 54.234.151.247	14618 (AMAZON-AES) (AMAZON-AES)
1	184.30.24.198 184.30.24.198	16625 (AKAMAI-AS) (AKAMAI-AS)
4	23.20.158.212 23.20.158.212	14618 (AMAZON-AES) (AMAZON-AES)
6	18.116.178.106 18.116.178.106	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:fe00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.126 18.66.112.126	16509 (AMAZON-02) (AMAZON-02)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
5	52.19.63.112 52.19.63.112	16509 (AMAZON-02) (AMAZON-02)
1	18.66.139.84 18.66.139.84	16509 (AMAZON-02) (AMAZON-02)
2	18.66.139.78 18.66.139.78	16509 (AMAZON-02) (AMAZON-02)
2	151.101.193.194 151.101.193.194	54113 (FASTLY) (FASTLY)
1	13.250.177.93 13.250.177.93	16509 (AMAZON-02) (AMAZON-02)
1	54.187.56.166 54.187.56.166	16509 (AMAZON-02) (AMAZON-02)
3	2600:1901:0:2... 2600:1901:0:298e::	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
4 5	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
3 3	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
1	18.197.204.221 18.197.204.221	16509 (AMAZON-02) (AMAZON-02)
1	63.32.233.146 63.32.233.146	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.79 18.66.112.79	16509 (AMAZON-02) (AMAZON-02)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	52.38.226.208 52.38.226.208	16509 (AMAZON-02) (AMAZON-02)
1	52.35.106.12 52.35.106.12	16509 (AMAZON-02) (AMAZON-02)
2 9	44.240.108.244 44.240.108.244	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.134.174 52.49.134.174	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
6	104.19.135.78 104.19.135.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	146.20.132.204 146.20.132.204	27357 (RACKSPACE) (RACKSPACE)
1 1	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.79.143.124 23.79.143.124	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a0c:5c81:513... 2a0c:5c81:5139::2	55081 (24SHELLS) (24SHELLS)
4 4	3.127.120.47 3.127.120.47	16509 (AMAZON-02) (AMAZON-02)
1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1	104.19.217.61 104.19.217.61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	35.212.212.222 35.212.212.222	15169 (GOOGLE) (GOOGLE)
1	104.16.221.74 104.16.221.74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	18.66.112.123 18.66.112.123	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	109.206.161.21 109.206.161.21	50245 (SERVEREL-AS) (SERVEREL-AS)
1 1	199.187.193.177 199.187.193.177	47043 (SMARTADSE...) (SMARTADSERVER)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	34.255.158.248 34.255.158.248	16509 (AMAZON-02) (AMAZON-02)
1	44.224.58.246 44.224.58.246	16509 (AMAZON-02) (AMAZON-02)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
220	80

2 3.226.19.100 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-19-100.compute-1.amazonaws.com

www.ibtimes.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2251:3000:11:2a6a:9480:93a1 (United States)

ASN16509 (AMAZON-02, US)

gdpr-wrapper.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

g.ibtimes.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gc.newsweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.ibtimes.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ibt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.211.226.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-226-152.compute-1.amazonaws.com

powerad.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:8000:16:f82a:8600:93a1 (United States)

ASN16509 (AMAZON-02, US)

gdpr.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.203.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-203-34.compute-1.amazonaws.com

k.intellitxt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.195.222 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 222.195.186.35.bc.googleusercontent.com

query.fqtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.109.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-109-174.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.190.48.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.48.190.35.bc.googleusercontent.com

stalesummer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.194.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.19.133.78 (None, )

ASN13335 (CLOUDFLARENET, US)

jsc.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:3ca8 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.vuukle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.vuukle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.72.161 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 161.72.190.35.bc.googleusercontent.com

fqtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-59.fra60.r.cloudfront.net

geo.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.157.129.217 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-129-217.eu-central-1.compute.amazonaws.com

www.sc.pages06.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.99.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-54.fra60.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:b200:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.36.172 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 172.36.190.35.bc.googleusercontent.com

cdn.fqtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:1695 (United States)

ASN13335 (CLOUDFLARENET, US)

vuukle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
publish.vuukle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 18.66.112.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-122.fra56.r.cloudfront.net

cmp-consent-tool.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.209.18.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-18-29.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

a1.vdna-assets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.224.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-224-140.eu-west-1.compute.amazonaws.com

p.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-10.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.23 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-23.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.22.45.124 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-45-124.compute-1.amazonaws.com

trc.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.234.151.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-151-247.compute-1.amazonaws.com

reporting.powerad.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.24.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-198.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.20.158.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-158-212.compute-1.amazonaws.com

hb.brainlyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.116.178.106 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-116-178-106.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:fe00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-126.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

vdna.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.19.63.112 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-63-112.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.139.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-84.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.139.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-78.fra60.r.cloudfront.net

s.flocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.250.177.93 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-250-177-93.ap-southeast-1.compute.amazonaws.com

pixel.zprk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.187.56.166 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-187-56-166.us-west-2.compute.amazonaws.com

a.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:298e:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

aux.fqtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.110 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.58.212.130 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.110 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.91 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.204.221 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-204-221.eu-central-1.compute.amazonaws.com

pool.grid-data.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.233.146 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-233-146.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.38.226.208 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-226-208.us-west-2.compute.amazonaws.com

aufp.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.106.12 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-106-12.us-west-2.compute.amazonaws.com

p.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 44.240.108.244 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-108-244.us-west-2.compute.amazonaws.com

ids.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.134.174 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-134-174.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.135.78 (None, )

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.20.132.204 (United States)

ASN27357 (RACKSPACE, US)

ssp.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.42.132 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.79.143.124 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-143-124.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0c:5c81:5139::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.127.120.47 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-120-47.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.217.61 (None, )

ASN13335 (CLOUDFLARENET, US)

cm.lentainform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.212.212.222 (The Dalles, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 222.212.212.35.bc.googleusercontent.com

rtb-usw.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.221.74 (None, )

ASN13335 (CLOUDFLARENET, US)

cm.idealmedia.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.123 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-123.fra56.r.cloudfront.net

cm.smadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 109.206.161.21 (Netherlands) 2 redirects

ASN50245 (SERVEREL-AS, NL)
PTR: 109.206.161.21.serverel.net

sync.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.177 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.255.158.248 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-158-248.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.224.58.246 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-224-58-246.us-west-2.compute.amazonaws.com

pixels.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	ibtimes.co.uk 1 redirects www.ibtimes.co.uk g.ibtimes.co.uk d.ibtimes.co.uk	464 KB
20	mgid.com jsc.mgid.com c.mgid.com cdn.mgid.com servicer.mgid.com s-img.mgid.com cm.mgid.com	226 KB
19	privacymanager.io gdpr-wrapper.privacymanager.io gdpr.privacymanager.io geo.privacymanager.io cmp-consent-tool.privacymanager.io	378 KB
14	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com vid.connatix.com img.connatix.com	347 KB
12	ad.gt 2 redirects a.ad.gt p.ad.gt ids.ad.gt pixels.ad.gt	17 KB
10	doubleclick.net 4 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	172 KB
7	rubiconproject.com 1 redirects token.rubiconproject.com secure-assets.rubiconproject.com eus.rubiconproject.com pixel.rubiconproject.com	12 KB
7	vuukle.com cdn.vuukle.com vuukle.com api.vuukle.com publish.vuukle.com	186 KB
7	fqtag.com query.fqtag.com fqtag.com cdn.fqtag.com aux.fqtag.com	91 KB
6	cpx.to p.cpx.to s.cpx.to	8 KB
6	pushnami.com api.pushnami.com trc.pushnami.com	85 KB
6	google-analytics.com www.google-analytics.com	23 KB
5	bidswitch.net 4 redirects pool.grid-data.bidswitch.net x.bidswitch.net	2 KB
5	googleapis.com imasdk.googleapis.com	827 KB
5	gstatic.com fonts.gstatic.com	92 KB
5	stalesummer.com stalesummer.com	168 KB
5	powerad.ai powerad.ai reporting.powerad.ai	44 KB
4	lkqd.net ssp.lkqd.net	1 KB
4	adsrvr.org 4 redirects match.adsrvr.org	2 KB
4	facebook.com www.facebook.com	415 B
4	brainlyads.com hb.brainlyads.com	182 KB
4	pubmatic.com 3 redirects ads.pubmatic.com image2.pubmatic.com	58 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	64 KB
4	google.com fundingchoicesmessages.google.com www.google.com	83 KB
4	amazon-adsystem.com c.amazon-adsystem.com	40 KB
3	googlesyndication.com pagead2.googlesyndication.com	38 KB
3	adnxs.com 3 redirects secure.adnxs.com	3 KB
3	smartadserver.com 2 redirects sync.smartadserver.com ssbsync.smartadserver.com	1 KB
3	facebook.net connect.facebook.net	202 KB
2	360yield.com 2 redirects ad.360yield.com	614 B
2	e-volution.ai 2 redirects sync.e-volution.ai	918 B
2	mfadsrvr.com 2 redirects rtb-usw.mfadsrvr.com	760 B
2	creativecdn.com 2 redirects creativecdn.com	687 B
2	bidr.io 2 redirects match.prod.bidr.io	1 KB
2	fastly.net confiant-integrations.global.ssl.fastly.net	73 KB
2	flocdn.com s.flocdn.com	49 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	792 B
2	googletagmanager.com www.googletagmanager.com	115 KB
2	intellitxt.com k.intellitxt.com	5 KB
1	openx.net u.openx.net	306 B
1	zeotap.com mwzeom.zeotap.com	457 B
1	smadex.com 1 redirects cm.smadex.com	526 B
1	idealmedia.io cm.idealmedia.io	412 B
1	lentainform.com cm.lentainform.com	495 B
1	onetag-sys.com onetag-sys.com	151 B
1	adtelligent.com s.adtelligent.com sync.adtelligent.com Failed	885 B
1	mathtag.com 1 redirects sync.mathtag.com	683 B
1	aufp.io aufp.io	3 KB
1	2mdn.net s0.2mdn.net	17 KB
1	hotjar.io vc.hotjar.io	255 B
1	zprk.io pixel.zprk.io	3 KB
1	exelator.com vdna.exelator.com	481 B
1	quantcount.com rules.quantcount.com	2 KB
1	google.de www.google.de	501 B
1	vdna-assets.com a1.vdna-assets.com	3 KB
1	quantserve.com secure.quantserve.com	10 KB
1	chartbeat.net ping.chartbeat.net	201 B
1	adsafeprotected.com static.adsafeprotected.com	482 B
1	chartbeat.com static.chartbeat.com	14 KB
1	cloudflare.com cdnjs.cloudflare.com	76 KB
1	stickyadstv.com ads.stickyadstv.com	600 B
1	ibt.com g.ibt.com
1	pages06.net www.sc.pages06.net	14 KB
1	newsweek.com gc.newsweek.com	775 B
1	googletagservices.com www.googletagservices.com	27 KB
220	65

	Domain	Requested by
15	d.ibtimes.co.uk	www.ibtimes.co.uk g.ibtimes.co.uk
13	cmp-consent-tool.privacymanager.io	gdpr.privacymanager.io cmp-consent-tool.privacymanager.io
10	g.ibtimes.co.uk	www.ibtimes.co.uk
9	ids.ad.gt	2 redirects www.ibtimes.co.uk
8	cm.mgid.com	jsc.mgid.com www.ibtimes.co.uk
6	s-img.mgid.com	www.ibtimes.co.uk
6	capi.connatix.com	cd.connatix.com
6	www.google-analytics.com	www.ibtimes.co.uk www.googletagmanager.com www.google-analytics.com
5	cm.g.doubleclick.net	4 redirects www.ibtimes.co.uk
5	s.cpx.to	p.cpx.to www.ibtimes.co.uk
5	imasdk.googleapis.com	g.ibtimes.co.uk cd.connatix.com imasdk.googleapis.com
5	fonts.gstatic.com	www.ibtimes.co.uk
5	stalesummer.com	www.ibtimes.co.uk stalesummer.com
4	x.bidswitch.net	4 redirects
4	ssp.lkqd.net	cd.connatix.com
4	img.connatix.com	www.ibtimes.co.uk
4	match.adsrvr.org	4 redirects
4	www.facebook.com	www.ibtimes.co.uk
4	hb.brainlyads.com	powerad.ai www.ibtimes.co.uk
4	api.pushnami.com	www.ibtimes.co.uk api.pushnami.com
4	securepubads.g.doubleclick.net	www.googletagservices.com cdn.vuukle.com cd.connatix.com
4	cdn.vuukle.com	www.ibtimes.co.uk cdn.vuukle.com
4	c.amazon-adsystem.com	www.ibtimes.co.uk c.amazon-adsystem.com
3	pagead2.googlesyndication.com	srcdoc
3	secure.adnxs.com	3 redirects
3	image2.pubmatic.com	3 redirects
3	token.rubiconproject.com	www.ibtimes.co.uk
3	aux.fqtag.com	cdn.fqtag.com
3	connect.facebook.net	www.ibtimes.co.uk connect.facebook.net
3	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
3	powerad.ai	www.ibtimes.co.uk powerad.ai
3	gdpr-wrapper.privacymanager.io	www.ibtimes.co.uk gdpr.privacymanager.io
2	ad.360yield.com	2 redirects
2	sync.e-volution.ai	2 redirects
2	rtb-usw.mfadsrvr.com	2 redirects
2	creativecdn.com	2 redirects
2	eus.rubiconproject.com	cm.mgid.com eus.rubiconproject.com
2	cdn.mgid.com	www.ibtimes.co.uk
2	match.prod.bidr.io	2 redirects
2	sync.smartadserver.com	1 redirects www.ibtimes.co.uk
2	confiant-integrations.global.ssl.fastly.net	cdn.vuukle.com confiant-integrations.global.ssl.fastly.net
2	s.flocdn.com	cdn.vuukle.com
2	reporting.powerad.ai	powerad.ai
2	trc.pushnami.com	api.pushnami.com
2	sb.scorecardresearch.com	1 redirects www.ibtimes.co.uk
2	www.googletagmanager.com	www.ibtimes.co.uk powerad.ai
2	geo.privacymanager.io	gdpr.privacymanager.io
2	fqtag.com	www.ibtimes.co.uk cdn.fqtag.com
2	jsc.mgid.com	www.ibtimes.co.uk jsc.mgid.com
2	cds.connatix.com	www.ibtimes.co.uk cd.connatix.com
2	k.intellitxt.com	www.ibtimes.co.uk
2	www.ibtimes.co.uk	1 redirects
1	u.openx.net	www.ibtimes.co.uk
1	pixels.ad.gt	p.ad.gt
1	pixel.rubiconproject.com	www.ibtimes.co.uk
1	ssbsync.smartadserver.com	1 redirects
1	mwzeom.zeotap.com	www.ibtimes.co.uk
1	cm.smadex.com	1 redirects
1	cm.idealmedia.io	www.ibtimes.co.uk
1	cm.lentainform.com	www.ibtimes.co.uk
1	onetag-sys.com	www.ibtimes.co.uk
1	s.adtelligent.com	cm.mgid.com
1	secure-assets.rubiconproject.com	1 redirects
1	servicer.mgid.com	jsc.mgid.com
1	c.mgid.com	jsc.mgid.com
1	sync.mathtag.com	1 redirects
1	p.ad.gt	a.ad.gt
1	aufp.io	a.ad.gt
1	s0.2mdn.net	imasdk.googleapis.com
1	vid.connatix.com	cd.connatix.com
1	vc.hotjar.io	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	pool.grid-data.bidswitch.net	www.ibtimes.co.uk
1	a.ad.gt	www.ibtimes.co.uk
1	pixel.zprk.io	powerad.ai
1	vars.hotjar.com	static.hotjar.com
1	vdna.exelator.com	www.ibtimes.co.uk
1	script.hotjar.com	static.hotjar.com
1	rules.quantcount.com	secure.quantserve.com
1	publish.vuukle.com	cdn.vuukle.com
1	ads.pubmatic.com	www.ibtimes.co.uk
1	www.google.de	www.ibtimes.co.uk
1	www.google.com	www.ibtimes.co.uk
1	static.hotjar.com	www.ibtimes.co.uk
1	p.cpx.to	www.ibtimes.co.uk
1	a1.vdna-assets.com	www.ibtimes.co.uk
1	secure.quantserve.com	www.ibtimes.co.uk
1	ping.chartbeat.net	www.ibtimes.co.uk
1	stats.g.doubleclick.net	www.google-analytics.com
1	api.vuukle.com	cdn.vuukle.com
1	vuukle.com	cdn.vuukle.com
1	cdn.fqtag.com	fqtag.com
1	static.adsafeprotected.com	www.ibtimes.co.uk
1	static.chartbeat.com	www.ibtimes.co.uk
1	cdnjs.cloudflare.com	www.ibtimes.co.uk
1	ads.stickyadstv.com	www.ibtimes.co.uk
1	g.ibt.com	www.ibtimes.co.uk
1	www.sc.pages06.net	www.ibtimes.co.uk
1	cd.connatix.com	1 redirects
1	query.fqtag.com	www.ibtimes.co.uk
1	gc.newsweek.com	www.ibtimes.co.uk
1	gdpr.privacymanager.io	gdpr-wrapper.privacymanager.io
1	www.googletagservices.com	www.ibtimes.co.uk
0	sync.adtelligent.com Failed	s.adtelligent.com
220	104

This site contains links to these domains. Also see Links.

Domain
accounts.newsweekgroup.com
www.facebook.com
twitter.com
plus.google.com
www.reddit.com
www.linkedin.com
www.pinterest.com
www.tumblr.com
widgets.mgid.com
www.mgid.com
herbeauty.co
brainberries.co
vuukle.com
www.ibtimes.com.au
www.ibtimes.com.cn
www.ibtimes.co.in
www.ibtimes.com

Subject Issuer	Validity	Valid
ibtimes.co.uk Amazon	`2021-03-25` - `2022-04-23`	a year	crt.sh
*.privacymanager.io Amazon	`2021-09-25` - `2022-10-24`	a year	crt.sh
g.ibtimes.co.uk R3	`2021-11-11` - `2022-02-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.powerad.ai Go Daddy Secure Certificate Authority - G2	`2021-08-13` - `2022-09-14`	a year	crt.sh
gc.newsweek.com R3	`2021-11-12` - `2022-02-10`	3 months	crt.sh
k.intellitxt.com Amazon	`2021-04-12` - `2022-05-11`	a year	crt.sh
*.fqtag.com R3	`2021-11-24` - `2022-02-22`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
stalesummer.com R3	`2021-11-14` - `2022-02-12`	3 months	crt.sh
d.ibtimes.co.uk R3	`2021-11-12` - `2022-02-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.silverpop.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-25` - `2022-07-26`	a year	crt.sh
*.ssl.hwcdn.net Sectigo RSA Domain Validation Secure Server CA	`2020-01-02` - `2022-01-19`	2 years	crt.sh
ads.stickyadstv.com DigiCert SHA2 Secure Server CA	`2021-09-19` - `2022-09-20`	a year	crt.sh
*.pushnami.com Amazon	`2021-04-18` - `2022-05-17`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
1294454897.rsc.cdn77.org R3	`2021-09-30` - `2021-12-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-16` - `2021-12-15`	3 months	crt.sh
p.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
hb.brainlyads.com Go Daddy Secure Certificate Authority - G2	`2020-11-23` - `2021-12-25`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-02-09`	a year	crt.sh
*.flocdn.com Amazon	`2021-03-06` - `2022-04-04`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.zprk.io Amazon	`2021-11-18` - `2022-12-17`	a year	crt.sh
*.ad.gt Amazon	`2021-06-09` - `2022-07-08`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
pool.grid-data.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-06` - `2022-03-06`	2 years	crt.sh
*.hotjar.io Amazon	`2021-08-17` - `2022-09-15`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
aufp.io Amazon	`2021-11-26` - `2022-12-24`	a year	crt.sh
*.lkqd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-09` - `2022-07-14`	a year	crt.sh
s.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-12-03` - `2022-03-03`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh

This page contains 19 frames:

Primary Page: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Frame ID: E1F23190DB8C30FAAC48E3273631E80D
Requests: 171 HTTP requests in this frame

Frame: https://cds.connatix.com/p/141716/connatix.playspace.dc.js
Frame ID: 8855F948239E9D481DABB2C36AD25CD0
Requests: 14 HTTP requests in this frame

Frame: https://cmp-consent-tool.privacymanager.io/latest/index.html
Frame ID: 94AECE31F01C2F25BCDFB65DBDCE42F6
Requests: 13 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js
Frame ID: 74E9BE7C9BB2F001460F00C804E33F1E
Requests: 2 HTTP requests in this frame

Frame: https://hb.brainlyads.com/pbjs_wrapper.v1.0.js
Frame ID: 38130268D4DC255D7171E93C2FB307AC
Requests: 1 HTTP requests in this frame

Frame: https://hb.brainlyads.com/pbjs_wrapper.v1.1.js
Frame ID: 901359B83264700CD7D93EE041E96A78
Requests: 1 HTTP requests in this frame

Frame: https://hb.brainlyads.com/pbjs_wrapper.v2.0.js
Frame ID: 5B1F8F4B67B23A13906031410C049357
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: D37AF698CDAD232AE0F777DA9760B27C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.490.0_en.html
Frame ID: 635AB8781875C00921F103EBA7677015
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.490.0_en.html
Frame ID: E2CC0E4F0CC47F050B62F10F500FDF2A
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.490.0_en.html
Frame ID: 5B87DAE7F3F23F187B05C70E2DD49FCD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 41EE98D8E2E55E43EFBC5FCA45C747BC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 774449D82C29D7B37114EB238A66AD1C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D755AFE7D0C909B8EFEBFB942856F7BC
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 9173A2F9CE5590AEA598659F40EE0A43
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1638975486589772711903
Frame ID: 8CE410ACD447DBDFDB86CD97385FEBC3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east
Frame ID: C2688D177EBB9A13827DDE3251E94057
Requests: 3 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=658327
Frame ID: 5F974FAC57A007CE1ED3E8BE31D33363
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: FB32C2D9EA74D8DF6B6582A3BBE186F0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Researcher Creates Malware to Captures Every Tap on Your Smartphone or Tablet

Page URL History Show full URLs

http://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673 HTTP 301
https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673 Page URL

Page Statistics

220
Requests

88 %
HTTPS

28 %
IPv6

65
Domains

104
Subdomains

80
IPs

10
Countries

4227 kB
Transfer

13455 kB
Size

91
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://accounts.newsweekgroup.com/auth/log_out
Title: Log out

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=133405490194030&href=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673%3Futm_source%3Dsocial%26utm_medium%3Dfacebook%26utm_campaign%3D%252Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Researcher+Creates+Malware+to+Captures+Every+Tap+on+Your+Smartphone+or+Tablet&url=https%3A%2F%2Fibt.uk%2FA0061Dt%3Futm_source%3Dsocial%26utm_medium%3Dtwitter%26utm_campaign%3D%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673%3Futm_source%3Dsocial%26utm_medium%3Dplus%26utm_campaign%3D%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&t=Researcher+Creates+Malware+to+Captures+Every+Tap+on+Your+Smartphone+or+Tablet

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&title=Researcher+Creates+Malware+to+Captures+Every+Tap+on+Your+Smartphone+or+Tablet

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&title=Researcher+Creates+Malware+to+Captures+Every+Tap+on+Your+Smartphone+or+Tablet&summary=As+touchscreens+become+ubiquitous%2C+one+researcher+has+shown+it+is+possible+to+capture+every+single+tap+on+your+smartphone+or+tablet.&source=ibtimes.co.uk&utm_source=social&utm_medium=linkedin&utm_campaign=%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&name=Researcher+Creates+Malware+to+Captures+Every+Tap+on+Your+Smartphone+or+Tablet

Search URL Search Domain Scan URL

URL: https://widgets.mgid.com/?utm_source=www.ibtimes.co.uk&utm_medium=referral&utm_campaign=widgets&utm_content=713739

Search URL Search Domain Scan URL

URL: https://www.mgid.com/services/privacy-policy

Search URL Search Domain Scan URL

URL: https://herbeauty.co/entertainment/8-once-loved-celebs-who-are-now-hated/

Search URL Search Domain Scan URL

URL: https://brainberries.co/culturearts/10-hyper-realistic-3d-street-art-by-odeith/

Search URL Search Domain Scan URL

URL: https://brainberries.co/people/10-stunning-asian-actresses-no-man-can-resist/

Search URL Search Domain Scan URL

URL: https://brainberries.co/interesting/greatest-countries-in-the-history-of-mankind/

Search URL Search Domain Scan URL

URL: https://brainberries.co/design/6-most-picturesque-bridges-in-the-world/

Search URL Search Domain Scan URL

URL: https://brainberries.co/movietv/top-10-enemies-turned-friends-in-tv/

Search URL Search Domain Scan URL

URL: https://vuukle.com/

Search URL Search Domain Scan URL

URL: http://www.ibtimes.com.au/
Title: Australia

Search URL Search Domain Scan URL

URL: http://www.ibtimes.com.cn/
Title: China

Search URL Search Domain Scan URL

URL: http://www.ibtimes.co.in/
Title: India

Search URL Search Domain Scan URL

URL: http://www.ibtimes.com/
Title: U.S.

Search URL Search Domain Scan URL

URL: https://www.facebook.com/IBTimesUK
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/IBTimesUK
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/international-business-times-uk
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://plus.google.com/+IBTimesUK
Title: Google Plus

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673 HTTP 301
https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://cd.connatix.com/connatix.playspace.js HTTP 302
https://cds.connatix.com/p/141716/connatix.playspace.dc.js

Request Chain 84

https://sb.scorecardresearch.com/b?c1=2&c2=7922264&ns__t=1638975485287&ns_c=UTF-8&c8=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&c7=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1638975485287&ns_c=UTF-8&c8=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&c7=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&c9=

Request Chain 133

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03&gdpr=0 HTTP 302
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&gdpr=0&cklb=1

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&google_tc= HTTP 302
https://s.cpx.to/ca.png?dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&google_gid=CAESEIKpBviHa0dbVXaR9Fd5-V0&google_cver=1

Request Chain 136

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03 HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03 HTTP 302
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=22C6DDF4-68D8-4EF1-9894-B1D277175829&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

Request Chain 137

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
https://s.cpx.to/sync?dsp_uid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&dsp=TTD

Request Chain 138

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11316%26ref%3D%26hn_ver%3D20%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11316%2526ref%253D%2526hn_ver%253D20%2526fid%253Dad45249e-cf6e-4597-8f51-298e54a3ff03 HTTP 302
https://s.cpx.to/an_fire?app_nexus_uid=3441701907916292348&pid=11316&ref=&hn_ver=20&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

Request Chain 165

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&adnxs_id=$UID HTTP 302
https://ids.ad.gt/api/v1/match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&adnxs_id=3441701907916292348

Request Chain 166

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 302
https://ids.ad.gt/api/v1/t_match?tdid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

Request Chain 167

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 302
https://ids.ad.gt/api/v1/pbm_match?pbm=22C6DDF4-68D8-4EF1-9894-B1D277175829&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 302
https://ids.ad.gt/api/v1/g_match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&google_gid=CAESEHWqQhYxkuCWxSVmOIU_8fA&google_cver=1&google_ula=450542624,0

Request Chain 169

https://ids.ad.gt/api/v1/g_hosted?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=OWVlNzY2YjktNGVlMy00MjBlLTkwZDctN2E0M2JkMzM0MGQ0

Request Chain 170

https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 303
https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&_bee_ppp=1 HTTP 303
https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AAF5Ek7DYZAAAD1XK7739A&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

Request Chain 171

https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3D9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 302
https://ids.ad.gt/api/v1/mediamath_match?user_id=a5f361b0-c7fd-4300-bc35-9de8b5b52f94&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

Request Chain 172

https://ids.ad.gt/api/v1/rub?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4 HTTP 302
https://token.rubiconproject.com/token?pid=50242&puid=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&gdpr=0

Request Chain 187

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east

Request Chain 189

https://x.bidswitch.net/sync?dsp_id=303&user_id=lb86YqeN6SW6 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=lb86YqeN6SW6 HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=

Request Chain 191

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
https://cm.mgid.com/m?cdsp=371158&c=cbc639e1-b1ea-44d0-9a34-21fab61776a9&ttl=1641567486

Request Chain 192

https://creativecdn.com/cm-notify?pi=mgid HTTP 302
https://creativecdn.com/cm-notify?pi=mgid&tc=1 HTTP 302
https://cm.mgid.com/m?cdsp=501037&c=rFcnwJz7dluUI8PjX02Z&pi=mgid&tc=1

Request Chain 193

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bGI4NllxZU42U1c2&muidn=lb86YqeN6SW6 HTTP 302
https://cm.mgid.com/google?muidn=lb86YqeN6SW6&google_ula={guid},5&google_gid=CAESEIqfVm_kWt8nQDtfkgNEgCY&google_cver=1

Request Chain 194

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid HTTP 302
https://cm.mgid.com/m?cdsp=287839&c=88486a73-7903-4541-9871-e47d7773bff2

Request Chain 196

https://x.bidswitch.net/sync?ssp=mgid HTTP 302
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=mgid&bds_param=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab HTTP 302
https://x.bidswitch.net/sync?dsp_id=340&user_id=87b0cf65-7edd-4207-a2ba-8198f121d49e&expires=10&ssp=mgid&bsw_param=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab HTTP 302
https://cm.mgid.com/m?cdsp=433145&c=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=

Request Chain 198

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=lb86YqeN6SW6 HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerId=24&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.e-volution.ai/a02d62607dea0c97e41ff36ebd422945.gif?puid=3390230850515526241&gdpr=0&gdpr_consent= HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 199

https://ad.360yield.com/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
https://cm.mgid.com/m?cdsp=665953&c=5aff0644-c568-4241-9683-82e2d17b741c

220 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673 Show response
www.ibtimes.co.uk/
Redirect Chain

http://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

149 KB
37 KB

402ms
197ms

Document
text/html

3.226.19.100
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.226.19.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-226-19-100.compute-1.amazonaws.com

Software

Apache /

Resource Hash

84f80d3bc526123294f1c949c0a349a4511116695adbe0c6ca025ef3a977a382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-type: text/html; charset=utf-8
content-length: 37336
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: public, max-age=3600
vary: Accept-Encoding
content-encoding: gzip
x-varnish: 37535203 35280143
age: 83408
via: 1.1 varnish-v4
x-forwarded-for: 194.36.108.20
x-ua-device: desktop
x-geoip: OTHER
x-geoip-state: OTHER
x-geoip-city: OTHER
x-tracker: 0
x-debug
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
accept-ranges: bytes

Redirect headers

Date: Wed, 08 Dec 2021 14:58:04 GMT
Content-Length: 0
Connection: keep-alive
Server: Varnish
X-Varnish: 37271598
Location: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

GET
H2 200 gdpr-liveramp.js Show response
gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/ 17 KB
6 KB 35ms
7ms Script
text/javascript 2600:9000:2251:3000:11:2a6a:9480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/gdpr-liveramp.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3000:11:2a6a:9480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d2fa923c0c762184976e9ac0de7e4ac46d39ea00b70d3a900d84b1f42ef71e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 17:12:48 GMT
content-encoding: gzip
age: 78317
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-disposition: attachment; filename="gdpr-liveramp.js"
last-modified: Thu, 29 Jul 2021 20:03:09 GMT
server: AmazonS3
etag: W/"a78632dcb25d21a845613d3e95518c3b"
vary: Accept-Encoding
x-amz-version-id: OvzaWQIP6J2DqVSS1WdOdCh9uQSq4uSn
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-type: text/javascript
x-amz-cf-id: paxge17TARLS0_vxEDtjNhoFRN4SMJ0C9Uw7IKnXJn2RyeOnRbyf8g==

GET
H2 200 prebid.js Show response
g.ibtimes.co.uk/front/js/ 347 KB
104 KB 59ms
15ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/front/js/prebid.js?v=5.18
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: e3ecd4311b3bc650a24b5488675d91818363c31d88856f1eed1259878f6ce56e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Tue, 16 Nov 2021 17:34:31 GMT
server: Apache
etag: "1637084071"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds015.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 106530

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 41ms
16ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c62f88c98d216e8148c1edeafbfa5db5a15b1fe72d2935202db67c1ed9f6554

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1066 / 199 of 1000 / last-modified: 1638965393"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27084
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Dec 2021 14:58:04 GMT

GET
H2 200 jquery.js Show response
g.ibtimes.co.uk/front/js/ 91 KB
33 KB 51ms
9ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/front/js/jquery.js?ver=1.8.3
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: a283c159c936cb63d4cb23df490b58cb50b12638da7ca7bddcbd9c3fa6b37cae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Thu, 30 Sep 2021 10:58:21 GMT
server: Apache
etag: "1632999501"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds056.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 33448

GET
H2 200 ibtimes-logo-scroll.png
g.ibtimes.co.uk/www/img/home/ 533 B
647 B 15ms
10ms Image
image/png 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.ibtimes.co.uk/www/img/home/ibtimes-logo-scroll.png
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: c2ab80281572a2bd9b2732d2e1c6e81174c6651138d79d4c1445fc7d6d2d8cc2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
last-modified: Mon, 15 Nov 2021 10:26:25 GMT
server: Apache
etag: "1636971985"
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds001.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 533

GET
H2 200 jquery_once2020.min.js Show response
g.ibtimes.co.uk/front/js/ 7 KB
3 KB 15ms
10ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/front/js/jquery_once2020.min.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 3c1619981fd89704039ed401b071b2e82e347db0a8b9111e564c3405b8f2ce5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Tue, 09 Nov 2021 18:57:15 GMT
server: Apache
etag: "1636484235"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds003.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 2525

GET
H2 200 drupal_behavior2020.js Show response
g.ibtimes.co.uk/front/js/ 125 B
233 B 21ms
17ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/front/js/drupal_behavior2020.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 9abf8d1ba2e3b1ab6e7a20c35b1c016c41ad8a612a4594edef72b405a8c4c9b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 21:30:03 GMT
server: Apache
etag: "1628803803"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds258.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 126

GET
H/1.1 200
OK script.js Show response
powerad.ai/ 191 KB
41 KB 424ms
192ms Script
application/javascript 18.211.226.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://powerad.ai/script.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-226-152.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) / Express
Resource Hash: 88551e81777283d882e2b4ad08b2513cf80f09066fe67eec1f1c012b8b216638

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 17:44:29 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
X-Powered-By: Express
ETag: W/"2fac2-17d7c3f660d"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: *

GET
H2 200 gdpr.bundle.js Show response
gdpr.privacymanager.io/1/ 181 KB
53 KB 47ms
12ms Script
application/x-javascript 2600:9000:2250:8000:16:f82a:8600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Requested by: Host: gdpr-wrapper.privacymanager.io
URL: https://gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/gdpr-liveramp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:8000:16:f82a:8600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 998e1202c2e488520a53e1d57ca8727b4949a877a7859b792b2e09c24478d91e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: ZOn5lzVa88D6xGo6uwh.sONj_lPazARe
content-encoding: gzip
etag: W/"7876225da1c7c1879fbf776652cdff49"
age: 2329
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/TCFBuild-prod:10cfaec0-dd0a-45c4-ac4c-161af5b02cc4
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 3945ca10219c92efed6eff2746a37c10
last-modified: Tue, 16 Nov 2021 19:18:17 GMT
server: AmazonS3
date: Wed, 08 Dec 2021 14:19:16 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: af7b73c159ae71ac239ac31e99583133cdb561e8c3d41bf9b0e6bf814353568b
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=3600
x-amz-cf-pop: FRA60-P2
content-type: application/x-javascript
x-amz-cf-id: GrKWuCLvYjSGicz53ZhVA9rOPj1PwH4bDGHrP9p9dCn3UojKEbm6cw==

GET
H2 200 194.js Show response
gc.newsweek.com/front/js/datacentre/ 2 KB
775 B 48ms
12ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://gc.newsweek.com/front/js/datacentre/194.js

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Apache /

Resource Hash

75d20815e51810799c549e1e7b621848d69ed31f8954620921c26e17daa0e87b

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 09:51:12 GMT
server: Apache
etag: "1634205072"
strict-transport-security: max-age=86400; includeSubDomains
x-hw: 1638975484.cds155.fr8.hn,1638975484.cds122.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 559

GET
H2 200 front.asp Show response
k.intellitxt.com/intellitxt/ 2 KB
3 KB 322ms
102ms Script
application/javascript 34.200.203.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://k.intellitxt.com/intellitxt/front.asp?ipid=93919
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.203.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-203-34.compute-1.amazonaws.com
Software: / Kormorant
Resource Hash: 0806f685fb8981e630f8f64a5b6c1d0efd2a4240440d0c78ec826d5acb2affca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
x-powered-by: Kormorant
vary: *
content-type: application/javascript; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0
content-length: 1961
expires: Fri, 08 Jan 2016 00:00:00 GMT

GET
H2 200 b Show response
query.fqtag.com/ 82 B
163 B 50ms
16ms Script
text/plain 35.186.195.222
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.fqtag.com/b?org=8adasewre3atrefrejuj&sk=Pd8JDmKG8eZNvkNzvGBX&callback=fq_callback&p=www.ibtimes.co.uk_article&a=article&cmp=none&cb=1638975484698&url=none&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.195.222 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 222.195.186.35.bc.googleusercontent.com
Software: /
Resource Hash: b896263dd16c4f5f4009a72b04489499dcd90ce9658086dcb3eb4b01409f088b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
via: 1.1 google
alt-svc: clear
content-length: 82

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 44ms
9ms Script
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: KuXuY5mbG6yln5YsEdf9JaPJtFF6aIqm
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 37
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0YDPYMGJ5GWF0WRJRVEC
date: Wed, 08 Dec 2021 14:57:28 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: DWQ4GpxFWloCln_C1Bm7OYOvniHmWaXGcFvymrspsTzt8PzJ-cpV1Q==

GET
H2 200 v2lltpnTPocNp2Ts0hMfC6Vd3vrcXZfHmw6e7muaIJeDRJS-ejeDuhllwm9m0nKc8 Show response
stalesummer.com/ 646 KB
115 KB 85ms
34ms Script
text/javascript 35.190.48.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stalesummer.com/v2lltpnTPocNp2Ts0hMfC6Vd3vrcXZfHmw6e7muaIJeDRJS-ejeDuhllwm9m0nKc8

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.48.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.48.190.35.bc.googleusercontent.com

Software

Resource Hash

cc272a4facaba096b3aa8380a4d39b67ad3920a052c1c026e01a461b4d98c96d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "31f277260473380d4da83d5a5fcbdaff26d19d92fba72e5a4ab39e41bc48c6f5"
vary: Accept-Encoding, Accept-Language
x-hostname: a26589ac
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Wed, 08 Dec 2021 14:58:04 GMT
timing-allow-origin: *

GET
H2 200 v2xueNk85ti6mUaxwCc0V_WO8BirJYWregl-gQDzch1gSZ8w2BIowJ1CF__wXdeC2sC4z0G4Y3L0zBn-kIg Show response
stalesummer.com/ 16 KB
6 KB 71ms
20ms Script
text/javascript 35.190.48.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stalesummer.com/v2xueNk85ti6mUaxwCc0V_WO8BirJYWregl-gQDzch1gSZ8w2BIowJ1CF__wXdeC2sC4z0G4Y3L0zBn-kIg

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.48.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.48.190.35.bc.googleusercontent.com

Software

Resource Hash

353335bebb8bd293c4c15c9f93804f65aaa41ae5eeabea7a8c64c8ad91c4930b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
etag: "b58f08bcc45b02b71db8594a39516114c89737fc1341393f1d479dde04e973e5"
vary: Accept-Encoding, Accept-Language
x-hostname: a26589ac
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Wed, 08 Dec 2021 14:58:04 GMT
timing-allow-origin: *

GET
H2 200 7c276f4e8b4f336ce18e4ac917e7dbe1.js Show response
g.ibtimes.co.uk/sys/js/ 706 KB
200 KB 20ms
17ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/sys/js/7c276f4e8b4f336ce18e4ac917e7dbe1.js?v=1635279333
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: fa1560f5bb6bd9c2ab63298a350482986102b4962940c4498e855ec16f0e377b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Tue, 26 Oct 2021 20:15:40 GMT
server: Apache
etag: "1635279340"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds132.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 204171

GET
H2 200 graphic Show response
d.ibtimes.co.uk/widget/ 63 KB
15 KB 97ms
27ms XHR
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://d.ibtimes.co.uk/widget/graphic?path=video/css/video-js.min.css&mime=text/css&v=1635279333
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: cda5cb3f4dac47d9f6312279b4e82d5a27f812ae88a22caea39e00dd7d7163d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
x-cacheable: YES
access-control-allow-methods: GET, POST
content-length: 15433
last-modified: Wed, 01 Dec 2021 16:51:34 GMT
server: Apache
etag: "1638377494"
vary: Accept-Encoding
x-hw: 1638975484.cds042.lo4.hn,1638975484.cds067.lo4.c
content-type: text/css;charset=utf-8
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000, public
accept-ranges: bytes
access-control-allow-headers: X-Requested-With

GET
H2 200 awesome.json Show response
g.ibtimes.co.uk/sys/js/ 33 KB
7 KB 29ms
26ms Script
application/json 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/sys/js/awesome.json
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 38cec8f50a59efb2c364cb80ccec6f7c6bc50be14de635f19f65358d0b69b046

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Thu, 30 Sep 2021 10:58:21 GMT
server: Apache
etag: "1632999501"
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds056.fr8.c
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 7163

GET
H2 200 front.asp Show response
k.intellitxt.com/intellitxt/ 2 KB
3 KB 298ms
106ms Script
application/javascript 34.200.203.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://k.intellitxt.com/intellitxt/front.asp?ipid=93921
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.203.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-203-34.compute-1.amazonaws.com
Software: / Kormorant
Resource Hash: 4678fe248a305c2cac2cfcd8553119b01cf43e0d68125b668aec4971540e2018

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
x-powered-by: Kormorant
vary: *
content-type: application/javascript; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0
content-length: 1961
expires: Fri, 08 Jan 2016 00:00:00 GMT

GET
H2 200 lazysizes.min.js Show response
g.ibtimes.co.uk/www/js/ 6 KB
3 KB 29ms
26ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibtimes.co.uk/www/js/lazysizes.min.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: cf494a2e88cbf68d229e91f9042c0cae9b221b10c4ebf413dc74d930bd537d94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 07:49:26 GMT
server: Apache
etag: "1634888966"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds107.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 2649

GET
H2

200

connatix.playspace.dc.js Show response
cds.connatix.com/p/141716/ Frame 8855
Redirect Chain

https://cd.connatix.com/connatix.playspace.js
https://cds.connatix.com/p/141716/connatix.playspace.dc.js

1 MB
242 KB

15ms
7ms

Script
application/javascript

151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/141716/connatix.playspace.dc.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ff2eddce0657f02de657dc3167b9453b9e81850fee55948d22beb8e0acf89cd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
last-modified: Wed, 08 Dec 2021 11:19:53 GMT
age: 12567
etag: "34ba64c90e6e0c8101fffed458d13117"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 247459

Redirect headers

location: https://cds.connatix.com/p/141716/connatix.playspace.dc.js
date: Wed, 08 Dec 2021 14:58:04 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
server: Kestrel
accept-ranges: bytes
content-length: 0

GET
H2 200 header-logo.svg
g.ibtimes.co.uk/www/img/home/ 7 KB
2 KB 29ms
27ms Image
image/svg+xml 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.ibtimes.co.uk/www/img/home/header-logo.svg
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 784a8fabaaf06f69a98c9a16a46f62ac8aa1e68eef09cbd6d2fb442d7ebb9a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Sun, 16 May 2021 20:59:00 GMT
server: Apache
etag: "1621198740"
vary: Accept-Encoding
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds253.fr8.c
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 2333

GET
H2 200 MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2
fonts.gstatic.com/s/lato/v11/ 16 KB
16 KB 40ms
9ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v11/MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3c414806e659b347c31f9205558d257b959cb5a465ba7c83943a3a8ca6aa59f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 17:01:23 GMT
x-content-type-options: nosniff
age: 79001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16436
x-xss-protection: 0
last-modified: Mon, 06 Oct 2014 20:38:14 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 17:01:23 GMT

GET
H2 200 MgNNr5y1C_tIEuLEmicLmwLUuEpTyoUstqEm5AMlJo4.woff2
fonts.gstatic.com/s/lato/v11/ 16 KB
17 KB 38ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v11/MgNNr5y1C_tIEuLEmicLmwLUuEpTyoUstqEm5AMlJo4.woff2

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5427138d42e612a6be63f8fc1eb7173c0141db146bafc9d22378a53947797032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 04:10:25 GMT
x-content-type-options: nosniff
age: 470859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16392
x-xss-protection: 0
last-modified: Mon, 06 Oct 2014 20:38:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 04:10:25 GMT

GET
H2 200 HkF_qI1x_noxlxhrhMQYEJBw1xU1rKptJj_0jans920.woff2
fonts.gstatic.com/s/lato/v11/ 17 KB
17 KB 38ms
14ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v11/HkF_qI1x_noxlxhrhMQYEJBw1xU1rKptJj_0jans920.woff2

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a293aaf862adcd1c0a81c98f17d848c5b2d628c1982d30ff1204bcf5d05e420

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 18:24:59 GMT
x-content-type-options: nosniff
age: 160385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
x-xss-protection: 0
last-modified: Mon, 06 Oct 2014 20:37:39 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 06 Dec 2022 18:24:59 GMT

GET
H2 200 icons_sns1.png
g.ibtimes.co.uk/www/img/home/ 5 KB
5 KB 14ms
9ms Image
image/png 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.ibtimes.co.uk/www/img/home/icons_sns1.png
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: c0c94e93c0e65a88c4ac8cdd3bcc9746296bd7b6b726a3ec16cbf3db5b99a23e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
last-modified: Sat, 08 May 2021 13:34:48 GMT
server: Apache
etag: "1620480888"
x-hw: 1638975484.cds004.fr8.hn,1638975484.cds233.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=25920000
accept-ranges: bytes
content-length: 4923

GET
H2 200 UC3ZEjagJi85gF9qFaBgIIsv7neNnoQYDmljOSnH1QE.woff2
fonts.gstatic.com/s/playfairdisplay/v10/ 25 KB
25 KB 18ms
15ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v10/UC3ZEjagJi85gF9qFaBgIIsv7neNnoQYDmljOSnH1QE.woff2

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2501a068c893e19c8a443c814ed5ec68bfd31018463c31bb7aef1d4b891b8767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 02:47:29 GMT
x-content-type-options: nosniff
age: 43835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25932
x-xss-protection: 0
last-modified: Mon, 06 Oct 2014 20:38:48 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 02:47:29 GMT

GET
H2 200 1KWMyx7m-L0fkQGwYhWwuuvvDin1pK8aKteLpeZ5c0A.woff2
fonts.gstatic.com/s/lato/v11/ 17 KB
17 KB 19ms
17ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v11/1KWMyx7m-L0fkQGwYhWwuuvvDin1pK8aKteLpeZ5c0A.woff2

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0620647c7e8e7ff7097b3919ed985e28c5f7145e82184bdbe68f79658e63f0c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 09:40:53 GMT
x-content-type-options: nosniff
age: 19031
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16896
x-xss-protection: 0
last-modified: Mon, 06 Oct 2014 20:35:35 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 09:40:53 GMT

GET
H2 200 ibtimes.co.uk.713739.js Show response
jsc.mgid.com/i/b/ 2 KB
1 KB 51ms
21ms Script
text/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.js?t=202111814
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac902a8bb54ca7821f70b8f701c0427d3ff5b3f777c5d015f317b6490568166e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 2630
last-modified: Thu, 25 Nov 2021 12:41:17 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: NS9Y5FQ6Y7JZRC2C
x-amz-id-2: yDUpHWV7Jh4Z3RNlhnb5uPZS611noON+PaP/I6e8ixBgvB2B3JodEkuRR3xaBAyW6BlagyF8xxw=
cf-bgj: minify
server: cloudflare
etag: W/"d800f7677df0571899afb731e0b57f19"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 6ba6d98c7ec17028-FRA
expires: Wed, 08 Dec 2021 17:58:04 GMT

GET
H2 200 platform.js Show response
cdn.vuukle.com/ 136 KB
38 KB 82ms
36ms Script
application/javascript 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vuukle.com/platform.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7de22ad86b9c8fc8740250df7169d1792dedce2ee677b7f828b98c16ab53a5b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 16445
cf-polished: origSize=138967
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 08 Dec 2021 10:22:20 GMT
server: cloudflare
etag: W/"61b0875c-21ed7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-ray: 6ba6d98c9d410f6e-MXP
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cf-bgj: minify

GET
H2 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 52ms
29ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js?31063909

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Dec 2021 14:58:04 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 307 B
795 B 39ms
16ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.ibtimes.co.uk

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

13e3e82d9e0610e83d8f2cddbf0264a8503a543988a18f2e88d1008e5ff09b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
expires: Wed, 08 Dec 2021 14:58:04 GMT

GET
H2 200 implement-r.js Show response
fqtag.com/tag/ 3 KB
3 KB 38ms
16ms Script
application/javascript 35.190.72.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fqtag.com/tag/implement-r.js?org=8adasewre3atrefrejuj&p=www.ibtimes.co.uk_article_risk_Y&a=article&cmp=none&rd=none&rt=display&sl=1&fq=1

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.72.161 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

161.72.190.35.bc.googleusercontent.com

Software

Resource Hash

91527b0ebde761583acc70f7a1741af1936be26826da17d4961bc4dcc913fc6f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:04 GMT
via: 1.1 google
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2659
x-xss-protection: 0
expires: 0

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
313 B 7ms
7ms XHR
text/plain 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3794&u=https%3A%2F%2Fwww.ibtimes.co.uk
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 11:26:02 GMT
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
server: Server
age: 12721
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: gBZDD9IyrWtXxG9LtMyK4N0k1b6OlCVX3WGPcaCPybyVXjPrh2R8KQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 21ms
7ms XHR
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 28172
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Tue, 09 Nov 2021 22:55:20 GMT
server: AmazonS3
date: Wed, 08 Dec 2021 13:56:10 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 fb49d852ca52c03c834ce98098b51517.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 2mPuLmKkoiEEeYlKyTfHC-J2fqC-RvapfM4ZE47OSiH2NgFCn6kIGg==

OPTIONS
H2 200 vendor-list.json
gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/ Frame 0
0 23ms
7ms Preflight 2600:9000:2251:3000:11:2a6a:9480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/vendor-list.json
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3000:11:2a6a:9480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.ibtimes.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Tue, 07 Dec 2021 17:12:54 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: jVepdRmdlgvcylztM7bOKgeag27p42fJMZSBmBZxJJLMjqcaOS6FMg==
age: 78311

OPTIONS
H2 200 /
geo.privacymanager.io/ Frame 0
0 115ms
84ms Preflight
application/json 13.32.99.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-59.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.ibtimes.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: application/json
content-length: 0
date: Wed, 08 Dec 2021 14:58:04 GMT
x-amzn-requestid: 10348594-7627-4289-8957-8ac5fa92aea4
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: KCQvjGu-joEF6Kw=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront), 1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1 FRA60-P3
x-cache: Miss from cloudfront
x-amz-cf-id: vL_Nn55Hu54izqigoRfSgZlJOK_O1-P0QOXqBYE6mDvOxbBufLQ4sw==

GET
H2 200 vendor-list.json Show response
gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/ 23 KB
6 KB 9ms
9ms Fetch
application/json 2600:9000:2251:3000:11:2a6a:9480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gdpr-wrapper.privacymanager.io/gdpr/d0a4f271-334d-4a72-9f0c-41e0e35ed4a7/vendor-list.json
Requested by: Host: gdpr.privacymanager.io
URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:3000:11:2a6a:9480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e30158b3215490f302dd3424b989d72fc69e7306a6f6cc907d9bae0d71f01ed

Request headers

Accept: application/json
Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

x-amz-version-id: BUn5nqMbFUiJOQFAmbbwkE8eBsMjJVad
content-encoding: gzip
etag: W/"e18210a3c71beac8ff51dc73363d451e"
age: 2554
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Tue, 07 Dec 2021 17:10:10 GMT
server: AmazonS3
date: Wed, 08 Dec 2021 14:15:37 GMT
access-control-allow-methods: GET
content-type: application/json
via: 1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=3600
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: FZT7Zl5bjSw7vyhQgE_5E2zHBQ3eVrBPHOaXXhj-nxhZ5ppka9WSqA==

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
594 B 8ms
7ms Fetch
application/json 13.32.99.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: gdpr.privacymanager.io
URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-59.fra60.r.cloudfront.net
Software: /
Resource Hash: 55033882e1bc61cac58471a0ce5372606abd57a9663921dbd6f9a4a926c601b0

Request headers

Accept: application/json
Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 08 Dec 2021 07:28:19 GMT
via: 1.1 102d8cf947b68167e34dd1299c206242.cloudfront.net (CloudFront), 1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
age: 26986
x-amzn-requestid: d57d0563-c36a-4ef0-8099-e26d29876dc8
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-61b05e92-03353f563de05cf916243276;Sampled=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P3, FRA60-P3
x-amz-apigw-id: KBO3AFQYDoEFzyQ=
content-length: 30
x-amz-cf-id: GeP6ob1Ezrw7zxO7X0PxNntsRKDxulc-LsTAEJO10FAO8b2CqptJoA==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 35ms
6ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4985
date: Wed, 08 Dec 2021 13:34:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 08 Dec 2021 15:34:59 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 151 KB
55 KB 51ms
22ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N6T7SD

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

836fb0ab22f83a719b0114a49f35d844226e1898473225b9e4bfdd44a4fd204d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55389
x-xss-protection: 0
last-modified: Wed, 08 Dec 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 08 Dec 2021 14:58:04 GMT

GET
H/1.1 200
OK iMAWebCookie.js Show response
www.sc.pages06.net/lp/static/js/ 14 KB
14 KB 44ms
10ms Script
application/javascript 18.157.129.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sc.pages06.net/lp/static/js/iMAWebCookie.js?8d52568-15439653d0e-b292eee3e12767e0c1a23a3c31e9c522&h=www.pages06.net

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.157.129.217 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-157-129-217.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

27a1e80167055f562f0ddda38620ec1f5a354c5ab795c75da16874f4095520f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:04 GMT
Last-Modified: Wed, 08 Dec 2021 03:11:06 GMT
Server: Apache
ETag: "3772-5d299d73ab155"
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 14194

GET
H/1.1 403
Forbidden counter.js
g.ibt.com/front/js/ 0
0 52ms
7ms Script
text/plain 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ibt.com/front/js/counter.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:04 GMT
Cache-Control: max-age=10
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-HW: 1638975484.cds139.fr8.hn,1638975484.cds139.fr8.h2c

GET
H/1.1 200
OK auto-user-sync
ads.stickyadstv.com/ 43 B
600 B 171ms
55ms Image
image/gif 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/auto-user-sync
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Dec 2021 14:58:05 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1638975485337038-346
Expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H2 200 5f0770bc2693b8001227970c Show response
api.pushnami.com/scripts/v1/pushnami-adv/ 249 KB
61 KB 42ms
13ms Script
application/javascript 13.32.99.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5f0770bc2693b8001227970c
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-54.fra60.r.cloudfront.net
Software: /
Resource Hash: 964508b64905fb65179786df987e74be47ee1b44a832c2f19bbc8b1d300ed8e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:50:29 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
age: 455
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-pop: FRA60-P3
content-encoding: gzip
x-amz-cf-id: HyFvLvp8FdCsfE9j9VMQV1iXrj0V2jUc1monzFKGe6PvwW-GUBlZqA==

GET
H2 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 41ms
17ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 495860
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwekhdNap1jAa2E%2BGNrG6g%2F9hSFbDqr6Py315HhZev4uVRXQkHEfhDH5WZZN8BAXJ3wP5DpR1wXSxdie8eMY75bHgVzc1Kxm5YgCPldRRrR8oxe9QXMVNTsNH5dTk4O9OowbkyvpQ77GRhbq1ha%2FtqtV"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ba6d98ccb3f68fe-FRA
expires: Mon, 28 Nov 2022 14:58:04 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 46ms
9ms Script
application/x-javascript 2600:9000:223c:b200:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:b200:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:52:26 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 338
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: Ums4XcHO3bq1KVF4vbTL1i5ubinVrsivR4XT7XqPb0kd3geO3sW7SQ==
expires: Wed, 08 Dec 2021 16:52:26 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 374 KB
124 KB 64ms
24ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: g.ibtimes.co.uk
URL: https://g.ibtimes.co.uk/sys/js/7c276f4e8b4f336ce18e4ac917e7dbe1.js?v=1635279333

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15a3efce4e527795167d6fb4bb107345067176ddfc514a85cf0ee9a031b07e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126291
x-xss-protection: 0
expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H2 200 get-it Show response
d.ibtimes.co.uk/widget/ 1 KB
598 B 22ms
22ms XHR
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://d.ibtimes.co.uk/widget/get-it?pg_name=14art&ly_label=h_opinion&view=www/application/views/tpl/opinion_art&time=1638890877&preview=0
Requested by: Host: g.ibtimes.co.uk
URL: https://g.ibtimes.co.uk/sys/js/7c276f4e8b4f336ce18e4ac917e7dbe1.js?v=1635279333
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: bd4d57c1bbc49062d2b03ac7599e10b805aab82c4bef4759b66ff109582aa291

Request headers

Accept: */*
Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 15:33:10 GMT
server: Apache
x-cacheable: YES
etag: "1638891190"
vary: Accept-Encoding
x-hw: 1638975484.cds042.lo4.hn,1638975484.cds072.lo4.c
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000, public
accept-ranges: bytes
content-length: 469

GET
H2 200 get-it Show response
d.ibtimes.co.uk/widget/ 8 KB
2 KB 24ms
24ms XHR
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://d.ibtimes.co.uk/widget/get-it?pg_name=14art_technology&ly_label=a_1&view=www/application/views/tpl/readmore&time=16383009681638890877&preview=0
Requested by: Host: g.ibtimes.co.uk
URL: https://g.ibtimes.co.uk/sys/js/7c276f4e8b4f336ce18e4ac917e7dbe1.js?v=1635279333
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 296991b3dc34755a19b2bdfecac909935febc60e2aedc796b8a1087a32fd7aa2

Request headers

Accept: */*
Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 15:50:38 GMT
server: Apache
x-cacheable: YES
etag: "1638892238"
vary: Accept-Encoding
x-hw: 1638975484.cds042.lo4.hn,1638975484.cds223.lo4.c
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000, public
accept-ranges: bytes
content-length: 1939

GET
H2 200 breaking-news Show response
d.ibtimes.co.uk/widget/ 694 B
550 B 25ms
24ms XHR
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://d.ibtimes.co.uk/widget/breaking-news?time=1638892021
Requested by: Host: g.ibtimes.co.uk
URL: https://g.ibtimes.co.uk/sys/js/7c276f4e8b4f336ce18e4ac917e7dbe1.js?v=1635279333
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 2153ccd42e86954f8d2a7432968ad1592e128f837e1a9d721e44d9c477d652e5

Request headers

Accept: */*
Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 15:47:22 GMT
server: Apache
x-cacheable: YES
etag: "1638892042"
vary: Accept-Encoding
x-hw: 1638975484.cds042.lo4.hn,1638975484.cds090.lo4.c
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000, public
accept-ranges: bytes
content-length: 440

GET
BLOB 200
OK aca439d1-083f-4416-af14-ae1eef55049a
https://www.ibtimes.co.uk/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.ibtimes.co.uk/aca439d1-083f-4416-af14-ae1eef55049a
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 200 acv.json Show response
stalesummer.com/ 210 KB
46 KB 48ms
23ms Fetch
application/json 35.190.48.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stalesummer.com/acv.json

Requested by

Host: stalesummer.com
URL: https://stalesummer.com/v2lltpnTPocNp2Ts0hMfC6Vd3vrcXZfHmw6e7muaIJeDRJS-ejeDuhllwm9m0nKc8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.48.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.48.190.35.bc.googleusercontent.com

Software

Resource Hash

6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
last-modified: Wed, 25 Aug 2021 16:19:25 GMT
x-datacenter: gce-europe-west1
date: Wed, 08 Dec 2021 14:58:05 GMT
vary: Accept-Encoding, Origin
x-hostname: a26589ac
content-type: application/json
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 48ms
7ms Image
image/gif 2600:9000:223f:600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
age: 10709011
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: T_NpZ-NbUdQSqUe4iGEqiyEIquBfeVKCstbpwXvKxtTCcg1QjjoIbA==

GET
H2 200 daniel-de-la-fuente-vp-data-ai.jpg
d.ibtimes.co.uk/en/full/1692827/ 2 KB
2 KB 37ms
21ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1692827/daniel-de-la-fuente-vp-data-ai.jpg?w=82&h=82&l=56&t=52&f=1a5a82c4f40a2015c107fde14f8831b3
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 6ae7af46904f84c2d51886566d848c93c9f44209eed5922c074720b6731218d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Tue, 31 Aug 2021 07:36:51 GMT
server: Apache
etag: "1630395411"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds266.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 2133

GET
H2 200 future-remote-gambling.jpg
d.ibtimes.co.uk/en/full/1694586/ 5 KB
5 KB 63ms
48ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694586/future-remote-gambling.jpg?w=166&h=112&f=85d4bac8dc6f2a0fecdffc041ccb0c9a
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 85a79e8d5d9f11df8dac5dc3d646949a37b612db0324bb671ae612cc3deba488

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Tue, 07 Dec 2021 15:29:26 GMT
server: Apache
x-cacheable: YES
etag: "1638890966"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds278.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 5202

GET
H2 200 rohingya-refugees.jpg
d.ibtimes.co.uk/en/full/1694576/ 8 KB
8 KB 39ms
26ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694576/rohingya-refugees.jpg?w=166&h=112&f=4873531dde172ffe14ab3c7953db0b40
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 2cce5da0c3fe8f478cdc9d3af774d3391464728aff6206745564ddd918803e33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Tue, 07 Dec 2021 04:29:18 GMT
server: Apache
x-cacheable: YES
etag: "1638851358"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds124.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 7758

GET
H2 200 pegasus-spyware.jpg
d.ibtimes.co.uk/en/full/1694575/ 5 KB
6 KB 64ms
50ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694575/pegasus-spyware.jpg?w=166&h=112&f=1e2ebf341f209a74b0c32432f7a16a2a
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 917fe90bace9498f255a5c91d492adf2dcc95a26f3fd6c81cfe76ac7ca217057

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Tue, 07 Dec 2021 03:19:11 GMT
server: Apache
x-cacheable: YES
etag: "1638847151"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds148.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 5628

GET
H2 200 donald-trump.jpg
d.ibtimes.co.uk/en/full/1694567/ 3 KB
4 KB 55ms
42ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694567/donald-trump.jpg?w=166&h=112&f=cdabdbc14e939bb9cf45f3757671ea72
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 71afd4f84f2006b55a0b0d8b62a8f0750141adbc8e48313c98789274e84a4b84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Sun, 05 Dec 2021 16:30:49 GMT
server: Apache
x-cacheable: YES
etag: "1638721849"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds144.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 3581

GET
H2 200 shanghai.jpg
d.ibtimes.co.uk/en/full/1694555/ 5 KB
5 KB 52ms
39ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694555/shanghai.jpg?w=166&h=112&f=9d82b968f2b68ff80c6a523aa63be7c2
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: adefd99362310ce857055caa7ef65de93959ff049609124d085a765b225806bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Sun, 05 Dec 2021 10:41:27 GMT
server: Apache
x-cacheable: YES
etag: "1638700887"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds054.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 5240

GET
H2 200 sofa.jpg
d.ibtimes.co.uk/en/full/1694542/ 7 KB
7 KB 34ms
21ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694542/sofa.jpg?w=166&h=112&f=d7475b4324fe5af47a84424bd12ab890
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 1c65f75f4e8074aea8c953d0687997fff2594965a64fb3468964935a48164416

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Fri, 03 Dec 2021 04:16:12 GMT
server: Apache
x-cacheable: YES
etag: "1638504972"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds108.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 7444

GET
H2 200 alibaba.jpg
d.ibtimes.co.uk/en/full/1694539/ 5 KB
5 KB 61ms
48ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694539/alibaba.jpg?w=166&h=112&f=bcd941acfba44f7e85787583ece9c1bc
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: 68830c83e088bafc7365a58c8df8cb3ada52255d4cf847199a4d926fd414a01c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Fri, 03 Dec 2021 04:42:58 GMT
server: Apache
x-cacheable: YES
etag: "1638506578"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds015.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 5371

GET
H2 200 twitter.jpg
d.ibtimes.co.uk/en/full/1694537/ 3 KB
3 KB 51ms
39ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694537/twitter.jpg?w=166&h=112&f=cc114dcd86654c887609f6ca4e1dc257
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: aeea52d9d8ebb3abb2d7fccf4eadf7ac7be32700a2a46fffc89b6093336352e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Fri, 03 Dec 2021 03:27:20 GMT
server: Apache
x-cacheable: YES
etag: "1638502040"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds053.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 3067

GET
H2 200 drowning.jpg
d.ibtimes.co.uk/en/full/1694507/ 3 KB
3 KB 44ms
32ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694507/drowning.jpg?w=166&h=112&f=9dc680403c02fbff13b7c1188fddc350
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: bd09bfc1b6b79ff7985d7f8216a95346533354d01282265cb1df32bb8a41b734

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Wed, 01 Dec 2021 04:14:18 GMT
server: Apache
x-cacheable: YES
etag: "1638332058"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds213.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 2647

GET
H2 200 twitter.jpg
d.ibtimes.co.uk/en/full/1694501/ 3 KB
3 KB 51ms
38ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.ibtimes.co.uk/en/full/1694501/twitter.jpg?w=166&h=112&f=13abfbc47e48f6d2abe62b515ece5846
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: Apache /
Resource Hash: aeea52d9d8ebb3abb2d7fccf4eadf7ac7be32700a2a46fffc89b6093336352e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Wed, 01 Dec 2021 03:58:38 GMT
server: Apache
x-cacheable: YES
etag: "1638331118"
x-hw: 1638975485.cds125.fr8.hn,1638975485.cds261.fr8.c
content-type: image/jpeg
access-control-allow-origin: *
x-cahce: HIT
cache-control: max-age=25920000
accept-ranges: bytes
content-length: 3067

GET
H2 200 ibtimes.co.uk.713739.es6.js Show response
jsc.mgid.com/i/b/ 241 KB
71 KB 28ms
27ms Script
text/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.js?t=202111814
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05d881e6853969e9af445694b748a15cee3debe93354b1bbc06ee9343fcb72c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 4739
last-modified: Thu, 02 Dec 2021 14:13:45 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: ZHPN3YQ0R1JMHEDT
x-amz-id-2: uFgFytVyWyxu0y8L510avBqOuwvzvW3n9YVkadMZB0Rph2b9Tma80dHptwbPQMcqW3nWugyS+Eo=
cf-bgj: minify
server: cloudflare
etag: W/"99c011f37be10977c3e79a250c3559d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-ray: 6ba6d98db9da7028-FRA
expires: Wed, 08 Dec 2021 17:58:05 GMT

GET
H2 200 pixel.js Show response
cdn.fqtag.com/1.27.339-ccfb11a/ 88 KB
88 KB 38ms
8ms Script
application/javascript 35.190.36.172
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Requested by: Host: fqtag.com
URL: https://fqtag.com/tag/implement-r.js?org=8adasewre3atrefrejuj&p=www.ibtimes.co.uk_article_risk_Y&a=article&cmp=none&rd=none&rt=display&sl=1&fq=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.36.172 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 172.36.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:15:19 GMT
age: 2566
x-guploader-uploadid: ADPycdsUcBrNbFC207A7Rq06YIJXVH7orNOo82hpDz4K1xUbhk_Etd5IjFglIT_i-PmXDvWMG8FhQNL_3NJbN4n_6jWWOG4Mrg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89647
last-modified: Wed, 27 Jan 2021 19:48:44 GMT
server: UploadServer
etag: "e0eff30579598f76147c9ea12f490d21"
x-goog-hash: crc32c=YwE4YA==, md5=4O/zBXlZj3YUfJ6hL0kNIQ==
content-language: en
x-goog-generation: 1611776924905378
x-goog-expiration: Sun, 11 Nov 2294 19:48:44 GMT
cache-control: public, max-age=3600
x-goog-stored-content-length: 89647
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 08 Dec 2021 15:15:19 GMT

GET
H2 200 getGeo Show response
vuukle.com/ 90 B
443 B 95ms
39ms XHR
application/json 2606:4700:10::ac43:1695
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vuukle.com/getGeo
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53f98bb0b288d162a288ce2caf8406c00c1fd474f0c73a58b5893098271621a9

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,POST,OPTIONS
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-max-age: 86400
cf-ray: 6ba6d98e2cfb839c-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 loadVuukle Show response
api.vuukle.com/api/v1/Comments/ 5 KB
2 KB 523ms
467ms XHR
application/json 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.vuukle.com/api/v1/Comments/loadVuukle?apiKey=7cecf616-b9b1-4fc2-9f8e-7d16ef1f7494&articleId=1434673&globalRecommendation=false&host=ibtimes.co.uk&start=0&uri=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Requested by

Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f689eddc3feff0de7dd029c3b6256520d74fb609885efcb2a01c21efbe714a99

Security Headers

Name	Value
X-Xss-Protection	1

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 varnish (Varnish/6.2)
cf-cache-status: DYNAMIC
age: 0
access-control-allow-credentiails: true
content-type: application/json; charset=utf-8
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
x-varnish: 208995099
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: no-store,no-cache
access-control-allow-credentials: true
cf-ray: 6ba6d98e2b75375c-MXP
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3 200 ibtimes.co.uk.json Show response
cdn.vuukle.com/ads/ 6 KB
1 KB 313ms
280ms XHR
application/json 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vuukle.com/ads/ibtimes.co.uk.json
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfc5710c3ca7e9aa4c6828f5098ac93dbc375ad990b890c17f72b74e5d2f3e90

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 08 Dec 2021 11:00:51 GMT
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
etag: W/"61b09063-181c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cf-ray: 6ba6d98e2e363763-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 gpt.js
securepubads.g.doubleclick.net/tag/js/ 0
26 KB 38ms
24ms Other
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1066 / 490 of 1000 / last-modified: 1638965328"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27037
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H2 200 213794966 Show response
fundingchoicesmessages.google.com/i/ 80 KB
28 KB 61ms
38ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/213794966?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js?31063909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

759c7c4655708a697cdba60647d20e743deb1b4cc1f4612a8261192000a97e4d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-9ur6RMqQYlwz/bFr+1ptpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-9ur6RMqQYlwz/bFr+1ptpg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-9ur6RMqQYlwz/bFr+1ptpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-9ur6RMqQYlwz/bFr+1ptpg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
cross-origin-opener-policy: same-origin
date: Wed, 08 Dec 2021 14:58:05 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
492 B 47ms
47ms XHR
text/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3794&u=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&pid=cbuFcsSQOtvKG&cb=0&ws=1600x1200&v=7.71.1&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-top%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x50%22%2C%22300x50%22%2C%22320x100%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-bottom%22%2C%22s%22%3A%5B%22300x250%22%2C%22320x50%22%2C%22300x50%22%2C%22320x100%22%2C%22300x600%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right2%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right3%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right4%22%2C%22s%22%3A%5B%22300x250%22%5D%7D%2C%7B%22id%22%3A%22IBT_videoSlot%22%2C%22mt%22%3A%22v%22%7D%5D&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%2C%22cmpTimeout%22%3A200%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.109.174 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-109-174.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P5
x-amz-rid: 0F69RC91EHTDMD1J83HP
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: yeHVxd_0s8H8ZtEVkNGK6H7g_mMdmod_odB-9uiH4ocwrGuWFBtHzA==

GET
H2 200 index.html Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 1 KB
1 KB 34ms
6ms Document
text/html 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Requested by: Host: gdpr.privacymanager.io
URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fecf08d48dbc946b3487abedf98eda2cc270626b457f350347e67729bb4c007c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

content-type: text/html
last-modified: Tue, 16 Nov 2021 19:22:17 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
x-amz-version-id: YEJRm2FIYNuFFPTzkp9brtndF.K0xHXc
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
server: AmazonS3
content-encoding: gzip
date: Fri, 03 Dec 2021 02:52:48 GMT
cache-control: must-revalidate,public,max-age=604800
etag: W/"b8061b8850e21ea20dba03d10b1747ea"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 7l37hi4b8a75Aa0wV9vnyrWAudktBDhRk_binlcAX_AJ1GoC42DntA==
age: 475518

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-30332278-1&cid=30433582.1638975485&jid=751060421&gjid=2030813345&_gid=1127800278.1638975485&_u=IGBAgEABAAAAAE~&z=694192121

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 08 Dec 2021 14:58:05 GMT
content-type: text/plain
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
8ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=85674384&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&ul=en-us&de=UTF-8&dt=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAB~&jid=751060421&gjid=2030813345&cid=30433582.1638975485&tid=UA-30332278-1&_gid=1127800278.1638975485&cd1=Technology&cd2=Article%20Page&cd3=David%20Gilbert&cd5=N&cd6=london&cd7=1434673-researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&cd8=News&cd9=Undefined&cd10=Technology%2CAndroid%2CiOS&z=1097227246

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Dec 2021 21:05:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 64342
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 312ms
102ms Image
image/gif 3.209.18.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=ibtimes.co.uk&p=%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&u=2Q91Xbj4xEC8-yMC&d=ibtimes.co.uk&g=23870&g0=Technology&g1=David%20Gilbert&n=1&f=00001&c=0&x=0&m=0&y=3056&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1182&t=DnD-L9YoOR1DNoow_BrFQadv1Pwm&V=129&i=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&tz=0&sn=1&sv=aSI-gC8mJk5Db_DHDkGBWdoBsf9&sd=1&im=067b2ff0&_
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.209.18.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-209-18-29.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 connatix.playspace.css
cds.connatix.com/p/141716/ 96 KB
13 KB 7ms
7ms Stylesheet
text/css 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/141716/connatix.playspace.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 51ae4c5642051d85bcfb8ed5d7ce619a0fd7cd201723c823f7495a829eefaa72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
last-modified: Wed, 08 Dec 2021 11:19:53 GMT
age: 12567
etag: "8080ed2619ce4713545db8f29021c7e4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 13367

GET
H3 200 cnsnt.platform.js Show response
cdn.vuukle.com/ 4 KB
2 KB 59ms
35ms Script
application/javascript 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vuukle.com/cnsnt.platform.js
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62c3a4f78334221a29592245d0d3cda9fb3a850afc658bc7010682c0b723cb72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 2038
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 08 Dec 2021 10:22:28 GMT
server: cloudflare
etag: W/"61b08764-edd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=3600
cf-ray: 6ba6d98f3ca65a19-MXP
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cf-bgj: minify

GET
H2 200 aquant.js Show response
secure.quantserve.com/ 24 KB
10 KB 55ms
8ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/aquant.js?a=p-2dmAXlpkDJWYc
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 15 Dec 2021 14:58:05 GMT

GET
H2 200 analytics.js Show response
a1.vdna-assets.com/ 6 KB
3 KB 71ms
13ms Script
application/javascript 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a1.vdna-assets.com/analytics.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a3ff15aac9f8d4499190932e78f89dc69b64ec1b82616f8c4fba0ba2f4aca8cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-77-nzt: Abk73BAxy8P/gKQKAA==
x-accel-expires: @1639314813
date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
etag: W/"5ba25f9b-1812"
last-modified: Wed, 19 Sep 2018 14:39:23 GMT
server: CDN77-Turbo
x-77-nzt-ray: erdEEeAQPWU=
x-77-cache: HIT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache: HIT
x-age: 697472
x-77-pop: frankfurtDE

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: cvf4SldoOp/3KaLFLz0JfDVYtXcEGxZciKbrshyjTFNRC/ySI803AlDpxci36kUBsYPHYZAn/Dwpf7M05cQgug==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 08 Dec 2021 14:58:05 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK px.js Show response
p.cpx.to/p/11316/ 3 KB
4 KB 139ms
33ms Script
application/javascript 63.33.224.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/11316/px.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.224.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-224-140.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 585b0c78c77e74d938f9f13dd33070cf8d262f99c0ef125ae1f020eeeb9381cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Cache-Control: max-age=2419200, public
Connection: keep-alive
Content-Length: 3479
Content-Type: application/javascript; charset=UTF-8

GET
H2 200 hotjar-398338.js Show response
static.hotjar.com/c/ 4 KB
2 KB 70ms
43ms Script
application/javascript 18.66.97.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-398338.js?sv=5

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-10.fra56.r.cloudfront.net

Software

Resource Hash

ad46f8be77d0ae452545ffabf8ec6e0dd9ea775c2456e344964576801f813ab7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-P2
etag: W/8a0170f5d35dcbd2d82096252c4992cb
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
content-length: 1912
via: 1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
x-amz-cf-id: dwXrxVxRxExWqUo4RFaiRFuacfcFEM6xAuqhBrCIf7TeRnpohOTdxw==

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=7922264&ns__t=1638975485287&ns_c=UTF-8&c8=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&c7=https%3A%...
https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1638975485287&ns_c=UTF-8&c8=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&c7=https%3A...

0
225 B

12ms
12ms

Image
text/plain

13.32.99.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1638975485287&ns_c=UTF-8&c8=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&c7=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&c9=
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 13.32.99.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-23.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: eLukIQayHZ5yA-H9V-iicvOJq4vuaFLzwFDxNPmXU9U9LkbVWdWA7g==
x-cache: Miss from cloudfront

Redirect headers

date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1638975485287&ns_c=UTF-8&c8=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&c7=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&c9=
content-length: 328
x-amz-cf-id: fSqHgOVxpJzLprv4jI9-rt4F_lO3XATSVXT5EqtO76jO17KHStRYPA==

GET
H2 200 5f0770bc2693b8001227970c
api.pushnami.com/scripts/v1/pushnami-two-step-styles/ 76 KB
6 KB 9ms
9ms Stylesheet
text/css 13.32.99.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/pushnami-two-step-styles/5f0770bc2693b8001227970c?style=standard-v4
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5f0770bc2693b8001227970c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-54.fra60.r.cloudfront.net
Software: /
Resource Hash: b3919e97b7d950fa432c4b43b5b5b8651dc8872aa1d34b523d912b4c885a083f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:55:04 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
age: 181
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
cache-control: no-cache
x-amz-cf-pop: FRA60-P3
content-encoding: gzip
x-amz-cf-id: nGrYojRyvXt-mQj64_G4mLqx_LmqN0tuMC-ecC7gJbUZr6Ib-go4FQ==

GET
H2 200 5f0770bc2693b8001227970c Show response
api.pushnami.com/scripts/v1/pushnami-two-step/ 24 KB
13 KB 10ms
10ms Script
application/javascript 13.32.99.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/pushnami-two-step/5f0770bc2693b8001227970c?style=standard-v4
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5f0770bc2693b8001227970c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-54.fra60.r.cloudfront.net
Software: /
Resource Hash: 8d32af14398d35b9b354363faf6b1d6fae20f81da601481c71335277b38f9e8c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:50:30 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
age: 455
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-pop: FRA60-P3
content-encoding: gzip
x-amz-cf-id: CEA6oYVWNmfPda3ejKL3g3rHAm80CzZ4YtPN9hn1mMHNhOhCoq8BlQ==

POST
H2 200 track Show response
trc.pushnami.com/api/push/ 2 B
168 B 122ms
121ms Fetch
text/html 52.22.45.124
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Requested by: Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5f0770bc2693b8001227970c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.45.124 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-45-124.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept: application/json, text/plain, */*
Referer: https://www.ibtimes.co.uk/
key: 5f0770bc2693b8001227970c
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 08 Dec 2021 14:58:05 GMT
cache-control: no-cache
content-type: text/html; charset=utf-8
content-length: 2
access-control-expose-headers: WWW-Authenticate,Server-Authorization

OPTIONS
H2 204 track
trc.pushnami.com/api/push/ Frame 0
0 321ms
107ms Preflight 52.22.45.124
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.45.124 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-45-124.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Origin: https://www.ibtimes.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-max-age: 86400
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 53ms
31ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-30332278-1&cid=30433582.1638975485&jid=751060421&_u=IGBAgEABAAAAAE~&z=1253324341

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 52ms
31ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-30332278-1&cid=30433582.1638975485&jid=751060421&_u=IGBAgEABAAAAAE~&z=1253324341

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK /
reporting.powerad.ai/ 2 B
412 B 313ms
101ms Ping
text/plain 54.234.151.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://reporting.powerad.ai/
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-151-247.compute-1.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 2

GET
H/1.1 200
OK detect-aau Show response
powerad.ai/ 2 B
337 B 305ms
101ms Fetch
text/plain 18.211.226.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://powerad.ai/detect-aau?ch=2
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-226-152.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Server: nginx/1.10.3 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: *
Content-Length: 2

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/157577/2378// Frame 74E9 178 KB
58 KB 39ms
8ms Script
text/javascript 184.30.24.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 66ea91a01b97feca3757a3ff16e3782973b559b2d4cbe79f7704e91607f9aa47

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
last-modified: Tue, 02 Nov 2021 19:14:10 GMT
server: Apache/2.2.15 (CentOS)
etag: "10a1110-2c888-5cfd3192c4545"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=31558
accept-ranges: bytes
content-type: text/javascript
content-length: 58379
expires: Wed, 08 Dec 2021 23:44:03 GMT

GET
H2 200 pbjs_wrapper.v1.0.js Show response
hb.brainlyads.com/ Frame 3813 33 KB
10 KB 303ms
98ms Script
application/javascript 23.20.158.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.brainlyads.com/pbjs_wrapper.v1.0.js

Requested by

Host: powerad.ai
URL: https://powerad.ai/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-158-212.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

0ac009e30707462862989abe6e0ca0f8d4a1b10b4b29b287f512c3d883d03bde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 12:21:02 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"61af51ae-8408"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
expires: Thu, 09 Dec 2021 14:58:05 GMT

GET
H2 200 pbjs_wrapper.v1.1.js Show response
hb.brainlyads.com/ Frame 9013 34 KB
11 KB 389ms
188ms Script
application/javascript 23.20.158.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.brainlyads.com/pbjs_wrapper.v1.1.js

Requested by

Host: powerad.ai
URL: https://powerad.ai/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-158-212.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

7c8997cdc0684a2e807d952d6c2be8f4733f3b29266a4c61d68d1608adeb5fec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 12:21:03 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"61af51af-8668"
vary: Accept-Encoding
content-type: application/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H2 200 pbjs_wrapper.v2.0.js Show response
hb.brainlyads.com/ Frame 5B1F 34 KB
11 KB 387ms
190ms Script
application/javascript 23.20.158.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.brainlyads.com/pbjs_wrapper.v2.0.js

Requested by

Host: powerad.ai
URL: https://powerad.ai/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-158-212.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

54cd0b9c7f0aca6e83ec8f9eba3bfaef66bd09767101dd9355a7182a1c19f275

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
last-modified: Mon, 29 Nov 2021 18:03:28 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"61a515f0-86da"
vary: Accept-Encoding
content-type: application/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H/1.1 200
OK / Show response
powerad.ai/pubPls/ 9 KB
2 KB 299ms
104ms XHR
text/html 18.211.226.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://powerad.ai/pubPls/?width=1600&url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.211.226.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-226-152.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) / Express
Resource Hash: efb80e9c5c04010f8f01fe1617265efb5a68ca1c13c986c2332385b4c10fe420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
X-Powered-By: Express
ETag: W/"22e7-rimHDdezw2yCZ7P4qGjpouHPgug"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://www.ibtimes.co.uk
Access-Control-Allow-Credentials: true
Connection: close
Access-Control-Allow-Headers: *

GET
H2 200 styles.css
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 95 KB
13 KB 8ms
7ms Stylesheet
text/css 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/styles.css
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d96359b975ea60541c0a2af5c5de0197241e5e769841ac87cdb8dbb636dac16f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: XbrS.uBWfe2SXeZNFmUYuQ_WTJ3B7rau
content-encoding: gzip
etag: W/"fc91ee31cf2e2dbba65546e19b425c59"
age: 484914
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:14 GMT
server: AmazonS3
date: Fri, 03 Dec 2021 00:16:12 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: text/css
x-amz-cf-id: QNqNVpIRjx2i0LiMCTP_u4w70bULamF2v9SLN_qYSjMZPwSsIjlS_Q==

GET
H2 200 openSans.css
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 26 KB
3 KB 9ms
8ms Stylesheet
text/css 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c631d3bebb168e8549f41a8137a8681fc6d87da3b1b4c2cd6377b7d79b236caf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: MFRTkMfgM2enkb3XqRfFcHp7r1bVlLEs
content-encoding: gzip
etag: W/"e0df7919fa5e82dca894ac73371effed"
age: 475517
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:29 GMT
server: AmazonS3
date: Fri, 03 Dec 2021 02:52:49 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: text/css
x-amz-cf-id: O6BRUS7YgOvMn4rEb3fNZAOrcYHTU1JuZz2J6A6FUHMMlVGfYUFBZg==

GET
H2 200 runtime.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 2 KB
2 KB 9ms
9ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 250a0280938365d9f83769f776b3834a605a6560ca3df785029ba97b6ddd5c4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: CNAebroXpzKrRgi_20kG3khVJ07FORas
content-encoding: gzip
etag: W/"5fe48064a68c5e51f208fb444eb5a84a"
age: 475517
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:30 GMT
server: AmazonS3
date: Fri, 03 Dec 2021 02:52:49 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: 8fidPHdm49qxGehga-RKJrZYnnWD8symvCN2o7Y4sjFXulUgaAnmBQ==

GET
H2 200 polyfills.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 44 KB
15 KB 13ms
12ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/polyfills.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c04106baf1333a6d9411aff493577c67786b171cfa91501c8eb3e31405b3059

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: GI0UyzHaAbGLNUk4maM1WyAIsokfnHY4
content-encoding: gzip
etag: W/"d40fc0a76f5b7cbdbb3f7a15f1038a44"
age: 484914
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:05 GMT
server: AmazonS3
date: Fri, 03 Dec 2021 00:16:12 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: wHzzdxQK51RjDtv-nGgCXLJpa_pbpEn0rOvrCWkhKFIDt4U-m457Qg==

GET
H2 200 vendor.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 783 KB
200 KB 15ms
14ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/vendor.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8d49b3070550d94e487ca7bb67ff0b7b7413fb13805385cf9ddb9b5fb32a97d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: kFDQyVez.s4mYG6wajVOuEO4H8F52OCp
content-encoding: gzip
etag: W/"83497fb39f19b4dfaaa958cf6d4558b1"
age: 202907
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:08 GMT
server: AmazonS3
date: Wed, 08 Dec 2021 03:30:31 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: Sl0YWutFFiTnKUOqFiJf5-MVek0lIZYZZMdxD_sXVoDmlYqPLsivRA==

GET
H2 200 main.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 42 KB
10 KB 27ms
27ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/main.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 167982fa128d47a62bd03befe22b8adb08f6d0a1590601b325d3d1a14f7c309d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 23:08:32 GMT
content-encoding: gzip
age: 488974
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:22 GMT
server: AmazonS3
etag: W/"27781014aa851cefcddd28da172ef69d"
vary: Accept-Encoding
x-amz-version-id: 12IJjpJy0Z6eSH_draNrErCdz9gNzYU4
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: MqUxOuKCvkHivFnd1SGdDG_MsqgeriiQNF7Kt10Za23oTuvPiBDYDw==

POST
H3 204 AGSKWxUzbZHZgjVL2mpiZ3lJNH6tA3dwkAudAAE3EDHk40IltM5At7oGLeH1y6wtXSB4r_tCY6gCT-JpR4XhQBgYk4c= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 39ms
24ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUzbZHZgjVL2mpiZ3lJNH6tA3dwkAudAAE3EDHk40IltM5At7oGLeH1y6wtXSB4r_tCY6gCT-JpR4XhQBgYk4c=?pvid=4C08EC3D-2758-4046-9336-6709A8F5D288&anonid=6922F9CD-B2BB-4F5F-80CF-33A9DE0D666D

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.GuktzxZjCEc.es5.O/d=1/rs=AJlcJMzOj4BT7ffHb2LzABKk7JVKUqQBvw/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-solycrr7AyMuqWe51fV2AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-solycrr7AyMuqWe51fV2AA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-solycrr7AyMuqWe51fV2AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-solycrr7AyMuqWe51fV2AA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUQw3cUUADH3NsIZ9FmJGsDXlZjDal0MBMz6cKab4aajDm_5bCzXnzbcAP7-ENmmZr88vHf4CHZAk8cNSLbUf8= Show response
fundingchoicesmessages.google.com/f/ 299 KB
54 KB 93ms
74ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUQw3cUUADH3NsIZ9FmJGsDXlZjDal0MBMz6cKab4aajDm_5bCzXnzbcAP7-ENmmZr88vHf4CHZAk8cNSLbUf8=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjM4OTc1NDg1LDQxMDAwMDAwMF0sIjRDMDhFQzNELTI3NTgtNDA0Ni05MzM2LTY3MDlBOEY1RDI4OCIsIjY5MjJGOUNELUIyQkItNEY1Ri04MENGLTMzQTlERTBENjY2RCIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3d3dy5pYnRpbWVzLmNvLnVrL3Jlc2VhcmNoZXItY3JlYXRlcy1tYWx3YXJlLWNhcHR1cmVzLWV2ZXJ5LXRhcC15b3VyLXNtYXJ0cGhvbmUtb3ItdGFibGV0LTE0MzQ2NzMiLG51bGwsW11d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13e9dea76c225cf26f86cd52e1387cfd938cc875bd55c534225769286f9bccb3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-64xzQ/nagtbgS5AC15SWSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-64xzQ/nagtbgS5AC15SWSw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-64xzQ/nagtbgS5AC15SWSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-64xzQ/nagtbgS5AC15SWSw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK story Show response
capi.connatix.com/core/ Frame 8855 4 KB
2 KB 464ms
121ms XHR
application/x-protobuf 18.116.178.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/story?v=141716
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.116.178.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-178-106.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e8f1723c3adf33a75dfb9a9b451f301923cd619a90b6e6dfab686f9c7139ba23

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Dec 2021 14:58:04 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 1983

GET
H2 200 defaultTheme.css
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 0
6 KB 7ms
7ms Other
text/css 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/defaultTheme.css
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: M_kufDB_gCa4G0EOBVG7i7EYQ2pCdgLJ
content-encoding: gzip
etag: W/"ddb5e6d71b353c98624b1784c506f1ee"
age: 475518
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:10 GMT
server: AmazonS3
date: Fri, 03 Dec 2021 02:52:48 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: text/css
x-amz-cf-id: ldOKZL5QxVzq0sKGK7gZNgJw3kc2DKAFUXxWEMrezikzF7hr28DFlg==

GET
H3 200 prebid3.js Show response
cdn.vuukle.com/static/ 506 KB
142 KB 48ms
47ms Script
application/javascript 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vuukle.com/static/prebid3.js
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d9a3e653145b400c444f8716ded794614478de162ebb7d4acbe17d2e26a0537

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 20491
cf-polished: origSize=685341
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 08 Dec 2021 08:29:01 GMT
server: cloudflare
etag: W/"61b06ccd-a751d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-ray: 6ba6d9900f4f5a19-MXP
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cf-bgj: minify

GET
H2 200 bq-publish Show response
publish.vuukle.com/ 0
259 B 260ms
250ms XHR
text/plain 2606:4700:10::ac43:1695
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://publish.vuukle.com/bq-publish?callback=&{%22action%22:%22view_page%22,%22hashed_email%22:%22$c0ede4-8642-469b-a1e7-7c49c936dc67%22,%22hostname%22:%227cecf616-b9b1-4fc2-9f8e-7d16ef1f7494%22,%22pubdomain%22:%22ibtimes.co.uk%22,%22refDomain%22:%22%22,%22sessionId%22:%22c488142d-7955-4004-b46a-727285141fa6%22,%22version%22:%224.20%22,%22articleImg%22:%22%22,%22articleTitle%22:%22Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet%22,%22article_id%22:%221434673%22,%22hashed_article_url%22:%22https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673%22,%22referrer%22:%22%22,%22tags%22:%22%22,%22browser%22:%22Chrome%22,%22device%22:%22Desktop%22,%22os%22:%22Windows%22}&_=1489139930741

Requested by

Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1695 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
cf-ray: 6ba6d9901add839c-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-xss-protection: 1

POST
H3 204 pixel Show response
fqtag.com/ 0
10 B 25ms
16ms XHR
text/plain 35.190.72.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fqtag.com/pixel
Requested by: Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.72.161 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 161.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 prebid.js Show response
hb.brainlyads.com/ Frame 74E9 494 KB
150 KB 296ms
193ms Script
application/javascript 23.20.158.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.brainlyads.com/prebid.js

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-158-212.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

247aee0b717314c2c113cde9c0c5b01520b040b4b142e25ad63d41054cf3b8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
last-modified: Wed, 08 Dec 2021 04:47:32 GMT
server: nginx/1.10.3 (Ubuntu)
etag: W/"61b038e4-7b6e1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
expires: Thu, 09 Dec 2021 14:58:05 GMT

GET
H2 200 rules-p-2dmAXlpkDJWYc.js Show response
rules.quantcount.com/ 7 KB
2 KB 34ms
7ms Script
application/javascript 2600:9000:223f:fe00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-2dmAXlpkDJWYc.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/aquant.js?a=p-2dmAXlpkDJWYc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:fe00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 10df2caa73d5330e7f0457bd4953ee3daeeba0508bad79e6a70e473d4caffaa9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:07:39 GMT
content-encoding: gzip
age: 3026
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Mon, 19 Mar 2018 22:22:26 GMT
server: AmazonS3
etag: W/"59b659233a78e7d607d789043bc6aa32"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 8QJL9Iy0Qo5Y58UEf1fypkFegD2On70fo3ly3JRFaowxqauta7y-xg==

GET
H2 200 modules.d67e1c27eed343da1bad.js Show response
script.hotjar.com/ 227 KB
60 KB 36ms
10ms Script
application/javascript 18.66.112.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.d67e1c27eed343da1bad.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-398338.js?sv=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-126.fra56.r.cloudfront.net

Software

Resource Hash

906ca586685d9b4f321449eaaeeddc7f6a9ea9cdf83df6f82592c643d04a7e2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 13:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4560
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 60890
access-control-allow-origin: *
last-modified: Wed, 08 Dec 2021 13:41:31 GMT
etag: "15b4cdf9d934e5206a8c1dc11b691737"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: _udtGenH0ZtpVSjvn_Inaa_evalZ5j6s4UVknI6Y-9oFwb-ypwHDRQ==

GET
H2 204 VdnaRequestServlet
vdna.exelator.com/ 0
481 B 115ms
29ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vdna.exelator.com/VdnaRequestServlet?j=0&lb=ibtmedia1454689592852&api_key=ibtmedia1454689592852&e=%7B%22esVDNAAppUserActionEvent%22%3A%5B%7B%22Ba4%22%3A%22tracking%22%2C%22Ba5%22%3A%22https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673%22%2C%22Ba6%22%3A%22%22%2C%22Ba18%22%3A%22PAGE_VIEW%22%2C%22Ba20%22%3A%22ibtmedia1454689592852%22%2C%22Ba26%22%3A%22VDNASITETRACKING%22%7D%5D%7D&url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&rurl=&bust=72563887
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 200 5f247c7caaa18100122e6c08
api.pushnami.com/api/push/icon/id/ 3 KB
3 KB 8ms
8ms Image
image/png 13.32.99.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.pushnami.com/api/push/icon/id/5f247c7caaa18100122e6c08?size=sm
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-54.fra60.r.cloudfront.net
Software: /
Resource Hash: cae2fee0a61b87b871a61fe80e3f58dde1e15fcda781ed63c894968651ab8d91

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:14:51 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
age: 2594
x-cache: Hit from cloudfront
content-type: image/png
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 3085
x-amz-cf-id: PzPHZep4rQDjk4j5wRu706F8xElmDeiypujgF71VK0La-MMyAh1WOw==

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c72659bec2957fe7d11d64fd336a9a0afdcc65e7e7d6c2fab8bd0cf0f8176fd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 841040082696081 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 16ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/841040082696081?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

32f57836b1b68340162c2d6b59e7bd066206eeba024f519d46d885a4a1565c35

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89062
x-xss-protection: 0
pragma: public
x-fb-debug: knGqgZA9IIsGe3LNzd0tnu+c4nl1Dobz7/Guvg3T4i8g9jS+8E9SASQSSxGDPadzJFz0ywWIGjDAvfDavzgvog==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 08 Dec 2021 14:58:05 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK fire.js Show response
s.cpx.to/ 957 B
2 KB 129ms
30ms Script
application/javascript 52.19.63.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cpx.to/fire.js?pid=11316&ref=&hn_ver=20&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

Requested by

Host: p.cpx.to
URL: https://p.cpx.to/p/11316/px.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-63-112.eu-west-1.compute.amazonaws.com

Software

Resource Hash

4b742b1c31052c8bb9eaa70653ae188a165ca707437b33d51f5134dfb6a95e33

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Wed, 08 Dec 2021 14:58:05 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=UTF-8
Content-Length: 957
Expires: Mon, 06 Dec 2021 16:27:45 UTC

GET
H2 200 1.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 59 KB
12 KB 7ms
7ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/1.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a19209483cd31f0227408730c75f1f372ea1218f347a7fe97db8a480d16081e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 23:08:32 GMT
content-encoding: gzip
age: 488974
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:15 GMT
server: AmazonS3
etag: W/"691cd2dc367f8dac19dff3b597dcae50"
vary: Accept-Encoding
x-amz-version-id: 6V1IsBAIKM.YuSJ33BnGXHKkUkmoHcK3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: 3ngi-dI-zmhZIOI8gUkYmsPCxMTn00RzqnfE0eQkQ0e4CQVkjsKiNA==

GET
H2 200 18.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 23 KB
6 KB 8ms
8ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/18.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bd47e11f786a55e1999e5ad7ced555a79c2f1de7b39dac2d20a74d66c495b156

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 23:08:32 GMT
content-encoding: gzip
age: 488974
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:24 GMT
server: AmazonS3
etag: W/"e20412686af89b1b72195fc74ade66b4"
vary: Accept-Encoding
x-amz-version-id: 5bFIl2mUA5PfXk7iZHCBfkCZSAtuUaVE
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: NVYGzer5ihwS1e4VDVmzzRRPHZvE7TtYiaKwFbkgBlc9aFR0Tiwx1w==

GET
H2 200 box-a1ae2079824d1c48aa9ce06efb256f18.html Show response
vars.hotjar.com/ Frame D37A 2 KB
1 KB 37ms
7ms Document
text/html 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-a1ae2079824d1c48aa9ce06efb256f18.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-398338.js?sv=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: /
Resource Hash: d39c7ff4103007338040282460b2eb0e5adadd9fb80f986fb4c8a3d41785a6ca

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 02 Dec 2021 15:53:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6215abf691a11c2f451680e635d30daa"
last-modified: Thu, 02 Dec 2021 15:52:57 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: -341ovINd3kMz5u9YbvM3777HaTzCOdfflk4xjsI3rNeP8yR3Lkagg==
age: 515099

GET
H2 200 tcf-2.0-loader.js Show response
s.flocdn.com/cmp/2.1.5/ 2 KB
1 KB 34ms
7ms Script
application/javascript 18.66.139.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.flocdn.com/cmp/2.1.5/tcf-2.0-loader.js
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/static/prebid3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-78.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8548d22e0fe82f9ac98dd5148510c0bb6885aad92f661876a8078b9be620ea2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: wQvfArGm4NUbysSJrtVS3ZpC3nVy3TQX
content-encoding: gzip
last-modified: Fri, 26 Feb 2021 18:56:38 GMT
server: AmazonS3
age: 540939
etag: "76a73c81315c9027897fe77eaf004971"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
cache-control: max-age=604800
date: Tue, 07 Dec 2021 17:01:40 GMT
x-amz-cf-pop: FRA60-P4
content-length: 731
x-amz-cf-id: yOz2jbC49ebcO1Sx8mT4iwHFYkDDrS3WUFNIb1sggEjcTcsrButy1A==

GET
H2 200 tcf-2.0-cmp.js Show response
s.flocdn.com/cmp/2.1.5/ 196 KB
48 KB 36ms
9ms Script
application/javascript 18.66.139.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.flocdn.com/cmp/2.1.5/tcf-2.0-cmp.js
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/static/prebid3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-78.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2b697ae3266afd70d1108fda9eea78b90db518003f1049e6913ad0e0368723fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 48ARPSLZlw2ZZQ6p5TwVOlBq9Em.2oPT
content-encoding: gzip
last-modified: Fri, 26 Feb 2021 18:56:39 GMT
server: AmazonS3
age: 542322
etag: "35e7e72756bed474488f67103c1a4b70"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
cache-control: max-age=604800
date: Thu, 02 Dec 2021 08:19:25 GMT
x-amz-cf-pop: FRA60-P4
content-length: 48610
x-amz-cf-id: PM2J7D3K6dwDqk0sfLLNfwq0Bt-OoYeDxj2IS5Ws2RrlPrCMGn1_Ow==

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/RNw7xiqRu-6_97G1pl1Hr7_2fbE/gpt_and_prebid/ 51 KB
13 KB 30ms
6ms Script
text/javascript 151.101.193.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/RNw7xiqRu-6_97G1pl1Hr7_2fbE/gpt_and_prebid/config.js
Requested by: Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/static/prebid3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7a4a929aa7bd93362df0f605dc0aaca43b3d56b9d723ef8d65a757c80d7aff6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Content-Encoding: gzip
Age: 3561
X-Cache: HIT
Connection: keep-alive
Content-Length: 12386
x-amz-id-2: oPC44aiSUXQXDOkYyszRl6fqStCbgyzEea8Ka/rf3A+ZI60ROnB3xZg/hSxbr0V8TsUAG/szZZ4=
X-Served-By: cache-hhn4042-HHN
Last-Modified: Wed, 08 Dec 2021 13:47:35 GMT
Server: AmazonS3
X-Timer: S1638975486.668317,VS0,VE0
ETag: "a8f404b83c122c4bc655947b235db27e"
x-amz-request-id: VP9V77TJ3V734YM7
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 43

GET
H2 200 Hc6PdfQeAi.js Show response
pixel.zprk.io/v5/pixeljs/ 3 KB
3 KB 515ms
168ms Script
text/plain 13.250.177.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.zprk.io/v5/pixeljs/Hc6PdfQeAi.js?dne=1
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.250.177.93 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-250-177-93.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 8e521ebeb6ce59914c54f532b1577efd671f4b02bb3c331e01b4a7e79a02cfea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 2753
access-control-max-age: 3600
access-control-allow-methods: POST, GET, DELETE, PUT
content-type: text/plain;charset=UTF-8

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 163 KB
60 KB 43ms
28ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3WPPJWVBP8

Requested by

Host: powerad.ai
URL: https://powerad.ai/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

40877bd61244df363dd2147a7ea28a398ac8f6c3e42f194ae06449603a5a574b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61861
x-xss-protection: 0
expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H2 200 251 Show response
a.ad.gt/api/v1/u/matches/ 3 KB
4 KB 542ms
193ms Script
application/javascript 54.187.56.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&ref=
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.187.56.166 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-187-56-166.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 63b36a51bf5497e4aabb2552047d33213ed0a67768281ddd85003f9e8ecf80ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
server: nginx/1.18.0
content-length: 3205
content-type: application/javascript

POST
H2 204 d Show response
aux.fqtag.com/aux/ 0
62 B 42ms
15ms XHR
text/plain 2600:1901:0:298e::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aux.fqtag.com/aux/d
Requested by: Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:298e:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 26ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=841040082696081&ev=PageView&dl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&rl=&if=false&ts=1638975485696&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.2.1638975485695.1614872696&it=1638975485459&coo=false&rqm=GET

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H2 200 defaultTheme.css
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 34 KB
6 KB 6ms
6ms Stylesheet
text/css 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/defaultTheme.css
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 36dc8627546125c2446359d123c1d11a8afbe6a5100862e2319217e335d985d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: M_kufDB_gCa4G0EOBVG7i7EYQ2pCdgLJ
content-encoding: gzip
etag: W/"ddb5e6d71b353c98624b1784c506f1ee"
age: 475518
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:22:10 GMT
server: AmazonS3
date: Fri, 03 Dec 2021 02:52:48 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: text/css
x-amz-cf-id: OoeOF6HirntIAzpMAMzBGYJUwniDbLQiDK8ZSKtqLjUpMb1HNcu0EQ==

GET
H2 200 17.js Show response
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 123 KB
24 KB 7ms
7ms Script
application/x-javascript 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/17.js
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 67b08c185967e7dbda1aecb9e42a11c61f24a20c0ccefe9ebfea250a4d67990c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cmp-consent-tool.privacymanager.io/latest/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 23:08:33 GMT
content-encoding: gzip
age: 488973
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
last-modified: Tue, 16 Nov 2021 19:21:58 GMT
server: AmazonS3
etag: W/"ab5247f9ceb22da2bab708700b3ce763"
vary: Accept-Encoding
x-amz-version-id: yr3TzHEUcdWJ3ieeuC09P39V7w.ICSsV
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=604800
x-amz-cf-pop: FRA56-P5
content-type: application/x-javascript
x-amz-cf-id: nt_Gy68Y_3Tmp_Z6vXciPHG6E_SXY3IQ_y9jMK4byfKkBaerbTVZrg==

GET
H2 200 open-sans-latin-400-normal.woff2
cmp-consent-tool.privacymanager.io/latest/ Frame 94AE 14 KB
15 KB 7ms
7ms Font
application/octet-stream 18.66.112.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp-consent-tool.privacymanager.io/latest/open-sans-latin-400-normal.woff2
Requested by: Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Request headers

Referer: https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Origin: https://cmp-consent-tool.privacymanager.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 10:08:45 GMT
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
age: 535761
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:a6204679-acaf-4a30-aa21-a81c6b75ed59
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 7c6533d014f4376c94bb336ca55f9b4a
content-length: 14440
last-modified: Tue, 16 Nov 2021 19:22:26 GMT
server: AmazonS3
etag: "ff9d619b59f5cb3529b100448f398ac5"
access-control-allow-methods: GET
x-amz-meta-codebuild-content-sha256: 3c10260b65df3b9b693f2ccf28333ff73e11c2ac40654e26c412963c094f1aa3
access-control-allow-origin: *
cache-control: must-revalidate,public,max-age=604800
x-amz-version-id: uHGNDPJwC60WbyGOtkvgjSccYSXYnHpo
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: application/octet-stream
x-amz-cf-id: KKqJjXlpJmpAkuTveWh2MJh0huxf2Gy06byTR7agoGSHN8FJszb76w==

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03&gdpr=0
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&gdpr=0&cklb=1

0
436 B

17ms
16ms

Image
text/plain

185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&gdpr=0&cklb=1
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&gdpr=0&cklb=1
pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1

200
OK

ca.png
s.cpx.to/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03
https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&google_tc=
https://s.cpx.to/ca.png?dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&google_gid=CAESEIKpBviHa0dbVXaR9Fd5-V0&google_cver=1

95 B
804 B

40ms
30ms

Image
image/png

52.19.63.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&google_gid=CAESEIKpBviHa0dbVXaR9Fd5-V0&google_cver=1

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

HTTP/1.1

Server

52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-63-112.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Wed, 08 Dec 2021 14:58:05 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95

Redirect headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.cpx.to/ca.png?dsp=dbm&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03&google_gid=CAESEIKpBviHa0dbVXaR9Fd5-V0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ 0
214 B 35ms
9ms Image
text/plain 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=34010&puid=762213676dc33fa2&gdpr=0
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=22C6DDF4-68D8-4EF1-9894-B1D277175829&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

95 B
881 B

30ms
30ms

Image
image/png

52.19.63.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=22C6DDF4-68D8-4EF1-9894-B1D277175829&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

HTTP/1.1

Server

52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-63-112.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Wed, 08 Dec 2021 14:58:05 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Wed, 08 Dec 2021 14:58:05 UTC

Redirect headers

location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=22C6DDF4-68D8-4EF1-9894-B1D277175829&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03
date: Wed, 08 Dec 2021 14:58:04 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1
https://s.cpx.to/sync?dsp_uid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&dsp=TTD

95 B
876 B

30ms
29ms

Image
image/png

52.19.63.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp_uid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&dsp=TTD

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

HTTP/1.1

Server

52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-63-112.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Wed, 08 Dec 2021 14:58:05 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Wed, 08 Dec 2021 14:58:05 UTC

Redirect headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://s.cpx.to/sync?dsp_uid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&dsp=TTD
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 179

GET
H/1.1

200
OK

an_fire
s.cpx.to/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11316%26ref%3D%26hn_ver%3D20%26fid%3Dad45249e-cf6e-4597-8f51-298e54a3ff03
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11316%2526ref%253D%2526hn_ver%253D20%2526fid%253Dad45249e-cf6e-4597-8...
https://s.cpx.to/an_fire?app_nexus_uid=3441701907916292348&pid=11316&ref=&hn_ver=20&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

95 B
865 B

30ms
30ms

Image
image/png

52.19.63.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/an_fire?app_nexus_uid=3441701907916292348&pid=11316&ref=&hn_ver=20&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

HTTP/1.1

Server

52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-63-112.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Wed, 08 Dec 2021 14:58:05 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Wed, 08 Dec 2021 14:58:05 UTC

Redirect headers

Pragma: no-cache
Date: Wed, 08 Dec 2021 14:58:05 GMT
X-Proxy-Origin: 194.36.108.20; 194.36.108.20; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 771fc970-6f30-499b-974a-4f146e937327
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/an_fire?app_nexus_uid=3441701907916292348&pid=11316&ref=&hn_ver=20&fid=ad45249e-cf6e-4597-8f51-298e54a3ff03
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
pool.grid-data.bidswitch.net/ 43 B
220 B 354ms
8ms Image
image/gif 18.197.204.221
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pool.grid-data.bidswitch.net/sync?pid=42
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.204.221 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-204-221.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:06 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/ 189 KB
61 KB 7ms
7ms Script
application/javascript 151.101.193.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/RNw7xiqRu-6_97G1pl1Hr7_2fbE/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:05 GMT
Content-Encoding: gzip
Age: 56
X-Cache: HIT
Connection: keep-alive
Content-Length: 61460
x-amz-id-2: Qbtex6193Up3lMwzHo04Fwgck9vy3DOT/L3qAIRItzCePSPd6PFiDKR2gqxoMZwOpgZJANHWIis=
X-Served-By: cache-hhn4042-HHN
Last-Modified: Thu, 02 Dec 2021 17:00:39 GMT
Server: AmazonS3
X-Timer: S1638975486.775176,VS0,VE0
ETag: "0bad6e8b774e2623401e436c2a44f48e"
x-amz-request-id: 0398HQD3BP27JXN0
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 87

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/398338/ 146 B
323 B 104ms
35ms XHR
application/json 63.32.233.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/398338/visit-data?sv=5
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.d67e1c27eed343da1bad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.233.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-233-146.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 43c15c5e339cca85186d462b5951209ac3825b7677341e3d95f5e704b5057c87

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 398338 Show response
vc.hotjar.io/sessions/ 0
255 B 70ms
35ms XHR
text/plain 18.66.112.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/398338?s=0.25&r=0.05201737822075514
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.d67e1c27eed343da1bad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-79.fra56.r.cloudfront.net
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
server: Python/3.7 aiohttp/3.5.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: JO0lcFkDWF0ALiFhVVTZguoUA5_6FQ-gmIew7x27g0QkGgn6pwU2aQ==

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-3WPPJWVBP8&gtm=2oec10&_p=85674384&sr=1600x1200&ul=en-us&cid=30433582.1638975485&_s=1&dl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&dt=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&sid=1638975485&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3WPPJWVBP8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame 8855 0
318 B 112ms
112ms XHR
application/x-protobuf 18.116.178.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=141716
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.116.178.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-178-106.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
26 KB 19ms
19ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

3f29550b363950a26ec1b1c7faab15c15736d233b0fc1b404c9cc443c120beec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1066 / 406 of 1000 / last-modified: 1638965328"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27037
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H2 200 f88fd139-d922-4042-9cfa-a7c6e0ac1f1c.bin Show response
vid.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ Frame 8855 1 KB
704 B 57ms
31ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/f88fd139-d922-4042-9cfa-a7c6e0ac1f1c.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae29212c90bc8ebc71990b47c6bf6bf94135ba1c16349906dcd2c2619a27d850

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
last-modified: Sun, 05 Dec 2021 19:50:15 GMT
age: 241516
etag: "5118f7a995f8284017742e0e45ceb9fc"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 467

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 8855 374 KB
123 KB 36ms
20ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15a3efce4e527795167d6fb4bb107345067176ddfc514a85cf0ee9a031b07e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126291
x-xss-protection: 0
expires: Wed, 08 Dec 2021 14:58:05 GMT

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame 8855 0
318 B 113ms
113ms XHR
application/x-protobuf 18.116.178.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=141716
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.116.178.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-178-106.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 8855 190 B
478 B 521ms
185ms XHR
application/x-protobuf 18.116.178.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=141716
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.116.178.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-178-106.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 59533c24d689c5ee1d8806863591cae5b950dd4c58cc20e7ccf37d0abc8e52f6

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 179

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame 8855 0
318 B 220ms
112ms XHR
application/x-protobuf 18.116.178.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=141716
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.116.178.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-178-106.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Dec 2021 14:58:05 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 ec36634e-35f6-4571-83b0-beba21ab4b4a.jpg
img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ 16 KB
16 KB 15ms
9ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ec36634e-35f6-4571-83b0-beba21ab4b4a.jpg?crop=590:404,smart&width=590&height=404&format=jpeg&quality=60&fit=crop
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b52d8e39b87927711e68e5b98ba16bd561f6f9bd90f36dffa32de8128388a561

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
age: 241559
etag: "ptGCOrPLcYNus8dAiaOQpiVM8/YlJuqAp/xTBFXzkyY"
access-control-max-age: 86400
fastly-io-info: ifsz=42688 idim=768x512 ifmt=jpeg ofsz=16359 odim=590x404 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 15948

GET
H2 200 ec36634e-35f6-4571-83b0-beba21ab4b4a.jpg
img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ 14 KB
14 KB 11ms
8ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ec36634e-35f6-4571-83b0-beba21ab4b4a.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4ce58351b9751bc94a12f1a52de4b098c6483509ace41a8b2135d8638cfec3e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
age: 241559
etag: "vf8gM4IjuzQu3s0sfFMKt6/lsKUEnDVvWQaWruuWUig"
access-control-max-age: 86400
fastly-io-info: ifsz=42688 idim=768x512 ifmt=jpeg ofsz=14208 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 13795

GET
H2 200 fe0e55c8-596c-4da9-8e9d-f3d383780279.jpg
img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ 45 KB
45 KB 9ms
9ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/fe0e55c8-596c-4da9-8e9d-f3d383780279.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 33aadd5d0b0ee366e74ef684e03c1ea234c2d555ef1229e30362af3791f0b140

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
age: 241558
etag: "oK3ypdCk4vWZdwilErdwSWpITUvHWGWY9U6OxA2zhLY"
access-control-max-age: 86400
fastly-io-info: ifsz=118726 idim=768x511 ifmt=jpeg ofsz=46234 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 45766

GET
H2 200 77719bab-9fe5-428f-8e79-8c74c58f8eea.jpg
img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/ 14 KB
13 KB 8ms
7ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/dc48baec-7292-402f-b669-5299b6a3af37/77719bab-9fe5-428f-8e79-8c74c58f8eea.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: af22215ea6f5fd288ae6ff44214041321c844b24729e386413fdade0da0d1c38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
age: 241558
etag: "sGyNjwS1Xp9Yif3sknFsrO9D2HebbuZu+56oELm4JQ4"
access-control-max-age: 86400
fastly-io-info: ifsz=27216 idim=768x435 ifmt=jpeg ofsz=13980 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 13576

GET
H3 200 bridge3.490.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 635A 595 KB
193 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.490.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

448a333dfdb98768c6308de7aeb073d319ec34bef67636b30fdf97abba0683b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 197951
date: Fri, 03 Dec 2021 15:45:53 GMT
expires: Sat, 03 Dec 2022 15:45:53 GMT
last-modified: Tue, 30 Nov 2021 18:00:51 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 429133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 8855 44 KB
17 KB 69ms
18ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Dec 2021 14:58:06 GMT

GET
H3 200 bridge3.490.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E2CC 595 KB
193 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.490.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

448a333dfdb98768c6308de7aeb073d319ec34bef67636b30fdf97abba0683b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 197951
date: Fri, 03 Dec 2021 15:45:53 GMT
expires: Sat, 03 Dec 2022 15:45:53 GMT
last-modified: Tue, 30 Nov 2021 18:00:51 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 429133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bridge3.490.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 5B87 595 KB
193 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.490.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

448a333dfdb98768c6308de7aeb073d319ec34bef67636b30fdf97abba0683b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 197951
date: Fri, 03 Dec 2021 15:45:53 GMT
expires: Sat, 03 Dec 2022 15:45:53 GMT
last-modified: Tue, 30 Nov 2021 18:00:51 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 429133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 41EE 37 KB
13 KB 48ms
8ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:35:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 08 Dec 2021 15:35:06 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 7744 37 KB
13 KB 48ms
9ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:35:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 08 Dec 2021 15:35:06 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D755 37 KB
13 KB 51ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:35:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 08 Dec 2021 15:35:06 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 9173 0
17 B 18ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.ibtimes.co.uk
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Wed, 08 Dec 2021 14:58:06 GMT

GET
H2 200 haloid Show response
aufp.io/api/v1/ 6 KB
3 KB 525ms
173ms Script
application/javascript 52.38.226.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aufp.io/api/v1/haloid
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.38.226.208 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-226-208.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 85e50082d7ce113bfa87dbade18dbf747d1bacfcffdbd628296dcffa98a08f94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 21:04:04 GMT
server: nginx/1.18.0
etag: W/"1638911044.0-6132-2958560116"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *, *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: public, max-age=43200
origin-trial: A/KTxPuSXtwcggydvUxw5B4dXspsb2iweedc7KDi2xv9M89MtnOpULTs7DQJVHBxGDV5wj5a3LW9S4ev3WfQkwIAAAB+eyJvcmlnaW4iOiJodHRwczovL2hhbG9mbG9jLmNvbTo0NDMiLCJmZWF0dXJlIjoiSW50ZXJlc3RDb2hvcnRBUEkiLCJleHBpcnkiOjE2MjYyMjA3OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires: Thu, 09 Dec 2021 02:58:06 GMT

GET
H2 200 251 Show response
p.ad.gt/api/v1/p/ 25 KB
8 KB 540ms
178ms Script
application/javascript 52.35.106.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.ad.gt/api/v1/p/251
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.106.12 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-106-12.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 80bf8d6552f807a6e883a432c0b50833936bbaacb6a2ec2696429a28986f2be6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 21:02:30 GMT
server: nginx/1.18.0
etag: W/"1638910950.0-26104-2710964840"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: public, max-age=43200
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires: Thu, 09 Dec 2021 02:58:06 GMT

GET
H2

200

match
ids.ad.gt/api/v1/
Redirect Chain

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&adnxs_id=$UID
https://ids.ad.gt/api/v1/match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&adnxs_id=3441701907916292348

43 B
566 B

663ms
328ms

Image
image/gif

44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&adnxs_id=3441701907916292348
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 08 Dec 2021 14:58:06 GMT
X-Proxy-Origin: 194.36.108.20; 194.36.108.20; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: ba507226-5be5-4385-99ab-8be50004acca
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ids.ad.gt/api/v1/match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&adnxs_id=3441701907916292348
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

t_match
ids.ad.gt/api/v1/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://ids.ad.gt/api/v1/t_match?tdid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

43 B
570 B

642ms
328ms

Image
image/gif

44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/t_match?tdid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ids.ad.gt/api/v1/t_match?tdid=cbc639e1-b1ea-44d0-9a34-21fab61776a9&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H2

200

pbm_match
ids.ad.gt/api/v1/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://ids.ad.gt/api/v1/pbm_match?pbm=22C6DDF4-68D8-4EF1-9894-B1D277175829&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

43 B
572 B

661ms
327ms

Image
image/gif

44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/pbm_match?pbm=22C6DDF4-68D8-4EF1-9894-B1D277175829&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

Redirect headers

location: https://ids.ad.gt/api/v1/pbm_match?pbm=22C6DDF4-68D8-4EF1-9894-B1D277175829&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
date: Wed, 08 Dec 2021 14:58:05 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

g_match
ids.ad.gt/api/v1/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://ids.ad.gt/api/v1/g_match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&google_gid=CAESEHWqQhYxkuCWxSVmOIU_8fA&google_cver=1&google_ula=450542624,0

43 B
572 B

515ms
185ms

Image
image/gif

44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/g_match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&google_gid=CAESEHWqQhYxkuCWxSVmOIU_8fA&google_cver=1&google_ula=450542624,0
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ids.ad.gt/api/v1/g_match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&google_gid=CAESEHWqQhYxkuCWxSVmOIU_8fA&google_cver=1&google_ula=450542624,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/
Redirect Chain

https://ids.ad.gt/api/v1/g_hosted?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=OWVlNzY2YjktNGVlMy00MjBlLTkwZDctN2E0M2JkMzM0MGQ0

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=OWVlNzY2YjktNGVlMy00MjBlLTkwZDctN2E0M2JkMzM0MGQ0

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=OWVlNzY2YjktNGVlMy00MjBlLTkwZDctN2E0M2JkMzM0MGQ0
date: Wed, 08 Dec 2021 14:58:06 GMT
server: nginx/1.18.0
content-length: 473
content-type: text/html; charset=utf-8

GET
H2

200

beeswax_match
ids.ad.gt/api/v1/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&_bee_ppp=1
https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AAF5Ek7DYZAAAD1XK7739A&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

43 B
478 B

302ms
184ms

Image
image/gif

44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AAF5Ek7DYZAAAD1XK7739A&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

Redirect headers

location: https://ids.ad.gt/api/v1/beeswax_match?beeswax_id=AAF5Ek7DYZAAAD1XK7739A&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Date: Wed, 08 Dec 2021 14:58:06 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

mediamath_match
ids.ad.gt/api/v1/
Redirect Chain

https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3D9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://ids.ad.gt/api/v1/mediamath_match?user_id=a5f361b0-c7fd-4300-bc35-9de8b5b52f94&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4

43 B
484 B

621ms
327ms

Image
image/gif

44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/mediamath_match?user_id=a5f361b0-c7fd-4300-bc35-9de8b5b52f94&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

Redirect headers

Date: Wed, 08 Dec 2021 14:58:06 GMT
Server: MT3 4133 baa842e master zrh-pixel-x3 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ids.ad.gt/api/v1/mediamath_match?user_id=a5f361b0-c7fd-4300-bc35-9de8b5b52f94&id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 08 Dec 2021 14:58:05 GMT

GET
H/1.1

204
No Content

token
token.rubiconproject.com/
Redirect Chain

https://ids.ad.gt/api/v1/rub?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4
https://token.rubiconproject.com/token?pid=50242&puid=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&gdpr=0

0
214 B

9ms
9ms

Image
text/plain

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=50242&puid=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&gdpr=0
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://token.rubiconproject.com/token?pid=50242&puid=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&gdpr=0
date: Wed, 08 Dec 2021 14:58:06 GMT
server: nginx/1.18.0
content-length: 417
content-type: text/html; charset=utf-8

GET
H2 200 / Show response
c.mgid.com/pv/ 0
280 B 120ms
110ms Script
text/plain 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?tcfV2=1&tcfV1=1&pv=5&cbuster=1638975486392684099802&uniqId=1240d&consentData=&gdprApplies=true&uspString=1---&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&lu=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&sessionId=61b0c7fe-082cb&pageView=1&pvid=17d9a8d39b8ae1d5f64&site=430010&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ba6d99608b37028-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 204 p Show response
aux.fqtag.com/aux/ 0
38 B 18ms
18ms XHR
text/plain 2600:1901:0:298e::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aux.fqtag.com/aux/p
Requested by: Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:298e:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 08 Dec 2021 14:58:06 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 MGID_plus.svg
cdn.mgid.com/images/logos/ 2 KB
1 KB 24ms
16ms Image
image/svg+xml 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/MGID_plus.svg
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 4876
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: TV9EGYWE00S199ZT
x-amz-id-2: PNtXkU1glOZAxPzbk+hlX7OVIWvv4OOWBZOa90rbxDtDjftx3mN+VuI8Xcy/kOUSata9Gcz4dSw=
last-modified: Tue, 23 Feb 2021 16:22:15 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1614097325/ctime:1614097325/gid:0/gname:root/md5:f7525f3a5f32c6f4a8e9867e9f57ab45/mode:33206/mtime:1614097325/uid:0/uname:root
etag: W/"f7525f3a5f32c6f4a8e9867e9f57ab45"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 6ba6d99628f27028-FRA
expires: Thu, 09 Dec 2021 14:58:06 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
813 B 30ms
22ms Image
image/svg+xml 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 4875
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 50VWJQBT5W4QYKJG
x-amz-id-2: xhXkWrQ90G/ebA55GK4VP5V6mncDrGDeipe5cahYa8kJ+JMUWbxTCzXMUo5ci9AAJm/Ct0tTCXE=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 6ba6d99628ee7028-FRA
expires: Thu, 09 Dec 2021 14:58:06 GMT

GET
H2 200 1 Show response
servicer.mgid.com/713739/ 5 KB
2 KB 52ms
42ms Script
application/x-javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/713739/1?tcfV2=1&tcfV1=1&pv=5&cbuster=1638975486467971602967&uniqId=1240d&consentData=&gdprApplies=true&uspString=1---&niet=4g&nisd=false&jsv=es6&w=737&h=528&p4_w=238&p4_h=224&maxw_4=238&maxh_4=224&cols=3&ref=&cxurl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&lu=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&sessionId=61b0c7fe-082cb&pageView=1&pvid=17d9a8d39b8ae1d5f64&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f5c4b3243f4c28073afcaefe33a08ee8a0620747099020244a70ed1229ef868

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ba6d99689f37028-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDQvMTAxOTI0L2NjNjc3NmQ2NThiOWNlOTdlODVmYzljMjAxZGEwYjMwLmpwZWc.webp
s-img.mgid.com/g/8193522/492x328/55x0x584x389/ 17 KB
17 KB 52ms
23ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8193522/492x328/55x0x584x389/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDQvMTAxOTI0L2NjNjc3NmQ2NThiOWNlOTdlODVmYzljMjAxZGEwYjMwLmpwZWc.webp?v=1638975486-XxbhbihrMwiQko6JlzVK9mHHzOJmz2GmCdyDEEz6lkE
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e83df01b855659a03124fe4faaa9426971c2341d42ee0e5ef9d0a8242f81acab

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:52:54 GMT
x-mg-request-uuid: 08be69d0-e451-498b-9223-0fa1233f5ebd
age: 660408
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6ba6d9970c4d4e25-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 17118
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzZkMTExMmMxNDU2YzNlMTJjNmNmOThkNTBiOTkzYWU0LmpwZWc.webp
s-img.mgid.com/g/4039678/492x328/0x83x640x426/ 35 KB
35 KB 56ms
28ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/4039678/492x328/0x83x640x426/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzZkMTExMmMxNDU2YzNlMTJjNmNmOThkNTBiOTkzYWU0LmpwZWc.webp?v=1638975486-m2YvdVsU5x81suksZNaB5sijrJbfS_6aTHbk82IYoq8
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c9209d48b4a8d865429efe3b68bc26eb71b47b22f06caa91aedce506dc4725a

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:56:10 GMT
x-mg-request-uuid: 2d82b71f-b758-4618-a2f0-fef5736b54c1
age: 272338
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6ba6d9970c4f4e25-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35542
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp
s-img.mgid.com/g/3805428/492x328/0x0x492x328/ 7 KB
7 KB 49ms
20ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/3805428/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZz90PTE0OTE5OTE2NzgwMDI.webp?v=1638975486-GtZpAP28-s4Zt-an6ubLIe_KLUdfEsXgUxjxFCLg0iM
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 082acab6074d30aeca7a1850b34f2bfc06fbd08cccad58096a6f8109c444f39f

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 16:02:41 GMT
x-mg-request-uuid: 2e3d6230-8e20-4895-aa82-a824540a2872
age: 458396
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6ba6d9970c504e25-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6734
server: cloudflare

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC9iOGE4NTNiMzc3NzMzMGI4NjA5MTBiZTMyMmE2NmRjYi5qcGVn.webp
s-img.mgid.com/g/3805658/492x328/0x0x902x601/ 33 KB
34 KB 36ms
23ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/3805658/492x328/0x0x902x601/aHR0cDovL2ltZ2hvc3RzLmNvbS90Yy8yMDE5LTA2LzEwMTkyNC9iOGE4NTNiMzc3NzMzMGI4NjA5MTBiZTMyMmE2NmRjYi5qcGVn.webp?v=1638975486-cYJY8WcJiVJ5vp0j4J9u6VVe4SZmoUzHLhYAntHhX5Q
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 810973996140f08f00ea7dee7772f3d2c957538c27319f25e045d8afcb49e1f7

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:56:06 GMT
x-mg-request-uuid: b82c7bf9-50bb-4a7c-a1bc-d81a4a0729b6
age: 383499
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6ba6d9973b214a8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 34246
server: cloudflare

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzE0MzA1Y2NmZGYxNjAxOGU1MjAzNTAxYzc0ZDJiZTJjLmpwZWc.webp
s-img.mgid.com/g/4023139/492x328/0x430x1080x720/ 38 KB
39 KB 49ms
36ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/4023139/492x328/0x430x1080x720/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0LzE0MzA1Y2NmZGYxNjAxOGU1MjAzNTAxYzc0ZDJiZTJjLmpwZWc.webp?v=1638975486-iDcKxT36Hmcme5X9tSuX7O12XYXJZNNGJj67UFP0BpA
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b752a637f15d6b100d20b041fae502758635cba9bdd69a14af15818853027617

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:56:39 GMT
x-mg-request-uuid: cc84de4c-b232-4590-a302-bdfca8b737ae
age: 277371
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6ba6d9973b1c4a8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 39064
server: cloudflare

GET
H3 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2Y2MDliMTliNzY4ZmQ2YzcwNzBjNmM0NDAzMzBkNGM3LmpwZWc.webp
s-img.mgid.com/g/3973211/492x328/0x251x1804x1202/ 13 KB
13 KB 47ms
35ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/3973211/492x328/0x251x1804x1202/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2Y2MDliMTliNzY4ZmQ2YzcwNzBjNmM0NDAzMzBkNGM3LmpwZWc.webp?v=1638975486-SmSGgcZJYFiu_xk_b3AdY2_GADJ5ZefsBlJkHOvXsC0
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d12f6172d8aa85d6475c28b56f66d34ccf48e833493181279b22f9eb23eb820

Request headers

Referer: https://www.ibtimes.co.uk/
Origin: https://www.ibtimes.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:57:21 GMT
x-mg-request-uuid: fce93166-df63-437c-bc0c-b5cb007572f7
age: 853980
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6ba6d9973b1a4a8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12900
server: cloudflare

GET
H2 200 ad Show response
ssp.lkqd.net/ Frame 8855 168 B
358 B 420ms
215ms XHR
application/xml 146.20.132.204
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.lkqd.net/ad?pid=593&sid=1081150&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=590&height=332&dnt=%5Bdo_not_track%5D&gdpr=1&gdprcs=undefined&ip=194.36.108.20&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&contentid=%5Bcontent_id%5D&contenttitle=%5Bvideo_title%5D&contentlength=%5Bvideo_duration%5D&contenturl=%5Bcontent_url%5D&rnd=6f5fd4e8-b148-4243-ad87-b02add4cc87c
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.204 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: https://www.ibtimes.co.uk
date: Wed, 08 Dec 2021 14:58:06 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 168
content-type: application/xml; charset=UTF-8

GET
H2 200 i.js Show response
cm.mgid.com/ 2 KB
947 B 159ms
151ms Script
application/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?consentData=&gdprApplies=1&cbuster=163897548657112216359
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c22a7234cc60c7fedf695397c0adf74ca9c49f4015518ecc4c58f360b3bbd40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d9973bb27028-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 i-noref.js Show response
cm.mgid.com/ Frame 8CE4 19 B
267 B 150ms
148ms Script
application/javascript 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1638975486589772711903
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.co.uk.713739.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d9973bb67028-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame C268
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east

281 B
554 B

32ms
8ms

Document
text/html

23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?consentData=&gdprApplies=1&cbuster=163897548657112216359
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40019-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 Dec 2021 14:58:06 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east
Date: Wed, 08 Dec 2021 14:58:06 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 5F97 1 KB
885 B 253ms
19ms Document
text/html 2a0c:5c81:5139::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=658327
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?consentData=&gdprApplies=1&cbuster=163897548657112216359
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5139::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 16e04bdf6c116d4ad9220245c02b90483beaee2275b489e27d687f3b519d382e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

Server: VertaMedia 1.0
Date: Wed, 08 Dec 2021 14:58:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 600
Access-Control-Allow-Origin: https://www.ibtimes.co.uk
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H2

200

/
onetag-sys.com/match/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=303&user_id=lb86YqeN6SW6
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=lb86YqeN6SW6
https://onetag-sys.com/match/?int_id=30&uid=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=

0
151 B

31ms
8ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Location: //onetag-sys.com/match/?int_id=30&uid=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=
Date: Wed, 08 Dec 2021 14:58:06 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 /
cm.lentainform.com/setmuidn/ 0
495 B 155ms
87ms Image
image/gif 104.19.217.61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lentainform.com/setmuidn/?muidf=lb86YqeN6SW6
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.217.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ba6d998aa6f5494-MAN
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1
https://cm.mgid.com/m?cdsp=371158&c=cbc639e1-b1ea-44d0-9a34-21fab61776a9&ttl=1641567486

43 B
563 B

139ms
139ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=371158&c=cbc639e1-b1ea-44d0-9a34-21fab61776a9&ttl=1641567486
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d9987aff32b1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.mgid.com/m?cdsp=371158&c=cbc639e1-b1ea-44d0-9a34-21fab61776a9&ttl=1641567486
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 205

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=mgid
https://creativecdn.com/cm-notify?pi=mgid&tc=1
https://cm.mgid.com/m?cdsp=501037&c=rFcnwJz7dluUI8PjX02Z&pi=mgid&tc=1

43 B
562 B

139ms
139ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=501037&c=rFcnwJz7dluUI8PjX02Z&pi=mgid&tc=1
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d998ab4a32b1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

location: https://cm.mgid.com/m?cdsp=501037&c=rFcnwJz7dluUI8PjX02Z&pi=mgid&tc=1
pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT, Wed, 08 Dec 2021 14:58:06 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

google
cm.mgid.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bGI4NllxZU42U1c2&muidn=lb86YqeN6SW6
https://cm.mgid.com/google?muidn=lb86YqeN6SW6&google_ula={guid},5&google_gid=CAESEIqfVm_kWt8nQDtfkgNEgCY&google_cver=1

0
412 B

138ms
137ms

Image
text/plain

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/google?muidn=lb86YqeN6SW6&google_ula={guid},5&google_gid=CAESEIqfVm_kWt8nQDtfkgNEgCY&google_cver=1
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: text/plain
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ba6d9985ac632b1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.mgid.com/google?muidn=lb86YqeN6SW6&google_ula={guid},5&google_gid=CAESEIqfVm_kWt8nQDtfkgNEgCY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid
https://cm.mgid.com/m?cdsp=287839&c=88486a73-7903-4541-9871-e47d7773bff2

43 B
595 B

141ms
141ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=287839&c=88486a73-7903-4541-9871-e47d7773bff2
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:07 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d99cea1c32b1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

location: //cm.mgid.com/m?cdsp=287839&c=88486a73-7903-4541-9871-e47d7773bff2
date: Wed, 08 Dec 2021 14:58:07 GMT
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2 200 /
cm.idealmedia.io/setmuidn/ 0
412 B 185ms
133ms Image
image/gif 104.16.221.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.idealmedia.io/setmuidn/?muidf=lb86YqeN6SW6
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.221.74 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:07 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ba6d9996f5b3a41-CDG
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: image/gif

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://x.bidswitch.net/sync?ssp=mgid
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=mgid&bds_param=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab
https://x.bidswitch.net/sync?dsp_id=340&user_id=87b0cf65-7edd-4207-a2ba-8198f121d49e&expires=10&ssp=mgid&bsw_param=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab
https://cm.mgid.com/m?cdsp=433145&c=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=

43 B
579 B

138ms
137ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=433145&c=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:07 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d99a0d9832b1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Location: //cm.mgid.com/m?cdsp=433145&c=6785791b-c54e-4ceb-a99a-ec8fe87ab0ab&gdpr=&gdpr_consent=&us_privacy=
Date: Wed, 08 Dec 2021 14:58:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 mw
mwzeom.zeotap.com/ 95 B
457 B 89ms
45ms Image
image/png 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=lb86YqeN6SW6&zpartnerid=1532&zdid=1532
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
cf-ray: 6ba6d9996d2183a6-MXP
access-control-allow-headers: *
content-length: 95

GET
H/1.1

204
No Content

sync.php
pixel.rubiconproject.com/exchange/
Redirect Chain

https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=lb86YqeN6SW6
https://ssbsync.smartadserver.com/api/sync?callerId=24&gdpr=0&gdpr_consent=&us_privacy=
https://sync.e-volution.ai/a02d62607dea0c97e41ff36ebd422945.gif?puid=3390230850515526241&gdpr=0&gdpr_consent=
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=

0
239 B

40ms
8ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 08 Dec 2021 14:58:07 GMT
Server: nginx
Transfer-Encoding: chunked
Location: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
https://cm.mgid.com/m?cdsp=665953&c=5aff0644-c568-4241-9683-82e2d17b741c

43 B
579 B

141ms
140ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=665953&c=5aff0644-c568-4241-9683-82e2d17b741c
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:07 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6ba6d99a1dca32b1-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

location: https://cm.mgid.com/m?cdsp=665953&c=5aff0644-c568-4241-9683-82e2d17b741c
date: Wed, 08 Dec 2021 14:58:07 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C268 32 KB
10 KB 8ms
8ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 87eddedd2d5c528960a4851583fd6dd917c1893db2ee14ecbfd4809093ac6a71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 08 Dec 2021 14:58:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Dec 2021 17:06:27 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=25981
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9506
Expires: Wed, 08 Dec 2021 22:11:07 GMT

GET
H2 200 halo_match
ids.ad.gt/api/v1/ 43 B
652 B 180ms
180ms Image
image/gif 44.240.108.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/halo_match?id=9ee766b9-4ee3-420e-90d7-7a43bd3340d4&halo_id=0200kuhica07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.240.108.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-108-244.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:07 GMT
cache-control: public, max-age=43200
server: nginx/1.18.0
content-type: image/gif
expires: Thu, 09 Dec 2021 02:58:06 GMT

GET
H2 204 getpixels Show response
pixels.ad.gt/api/v1/ 0
344 B 519ms
172ms Script
text/plain 44.224.58.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.ad.gt/api/v1/getpixels?tagger_id=8c42ea227df7d2df471f8b67c84bdade&url=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&code=%27none%27
Requested by: Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/251
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.58.246 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-58-246.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 08 Dec 2021 14:58:07 GMT
server: nginx/1.18.0
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H3 200 1853083501571805 Show response
connect.facebook.net/signals/config/ 308 KB
89 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1853083501571805?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

75608011897ecc866f405947986ebb4e604f9b9791708a26ed936a93bbe764d0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 90711
x-xss-protection: 0
pragma: public
x-fb-debug: O4CbibyDQp1jxHMcD9NlxEZQ76M1b4dwZrj+kuPfhnHvf9V/cmpGPiGCrk37hoC3kzUe7Y4Bg8B0N8sCIOm3ZQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 08 Dec 2021 14:58:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 9ms
8ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1677
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 08 Dec 2021 15:30:09 GMT

GET
H3 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:51:40 GMT
x-content-type-options: nosniff
age: 386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2779
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 08 Dec 2021 15:51:40 GMT

GET
H2 200 cm
u.openx.net/w/1.0/ 43 B
306 B 43ms
21ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3D0200kuhica07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl%26auid%3D9ee766b9-4ee3-420e-90d7-7a43bd3340d4
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:06 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1853083501571805&ev=PageView&dl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&rl=&if=false&ts=1638975486930&cd[partner_id]=251&cd[tagger_id]=8c42ea227df7d2df471f8b67c84bdade&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.2.1638975485695.1614872696&it=1638975485459&coo=false&tm=1&rqm=GET

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 14:58:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Wed, 08 Dec 2021 14:58:06 GMT

GET
H2 200 ad Show response
ssp.lkqd.net/ Frame 8855 168 B
357 B 103ms
103ms XHR
application/xml 146.20.132.204
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.lkqd.net/ad?pid=593&sid=1081148&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=590&height=332&dnt=%5Bdo_not_track%5D&gdpr=1&gdprcs=undefined&ip=194.36.108.20&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&contentid=%5Bcontent_id%5D&contenttitle=%5Bvideo_title%5D&contentlength=%5Bvideo_duration%5D&contenturl=%5Bcontent_url%5D&rnd=4b94ce57-ed71-4f03-b745-088c7229817a
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.204 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: https://www.ibtimes.co.uk
date: Wed, 08 Dec 2021 14:58:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 168
content-type: application/xml; charset=UTF-8

GET csync
sync.adtelligent.com/ Frame 5F97 0
0

GET
H2 200 ad Show response
ssp.lkqd.net/ Frame 8855 168 B
357 B 135ms
135ms XHR
application/xml 146.20.132.204
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.lkqd.net/ad?pid=593&sid=1081146&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=590&height=332&dnt=%5Bdo_not_track%5D&gdpr=1&gdprcs=undefined&ip=194.36.108.20&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&contentid=%5Bcontent_id%5D&contenttitle=%5Bvideo_title%5D&contentlength=%5Bvideo_duration%5D&contenturl=%5Bcontent_url%5D&rnd=d3e6b5da-7f9e-4c50-9bbb-95b596f704d7
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.204 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: https://www.ibtimes.co.uk
date: Wed, 08 Dec 2021 14:58:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 168
content-type: application/xml; charset=UTF-8

POST
H/1.1 200
OK /
reporting.powerad.ai/ 2 B
412 B 102ms
102ms Ping
text/plain 54.234.151.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://reporting.powerad.ai/
Requested by: Host: powerad.ai
URL: https://powerad.ai/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-234-151-247.compute-1.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 08 Dec 2021 14:58:07 GMT
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 2

GET
H2 200 ad Show response
ssp.lkqd.net/ Frame 8855 168 B
357 B 95ms
95ms XHR
application/xml 146.20.132.204
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.lkqd.net/ad?pid=593&sid=1081151&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=590&height=332&dnt=%5Bdo_not_track%5D&gdpr=1&gdprcs=undefined&ip=194.36.108.20&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.45%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&contentid=%5Bcontent_id%5D&contenttitle=%5Bvideo_title%5D&contentlength=%5Bvideo_duration%5D&contenturl=%5Bcontent_url%5D&rnd=503cacdb-4326-46ed-a893-df99aeb9549c
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.204 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: https://www.ibtimes.co.uk
date: Wed, 08 Dec 2021 14:58:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 168
content-type: application/xml; charset=UTF-8

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame C268 284 B
536 B 9ms
9ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?us_privacy=1---
Requested by: Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

POST
H2 204 a Show response
aux.fqtag.com/aux/ 0
38 B 16ms
16ms XHR
text/plain 2600:1901:0:298e::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aux.fqtag.com/aux/a
Requested by: Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:298e:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 08 Dec 2021 14:58:07 GMT
via: 1.1 google
alt-svc: clear

POST
H3 200 / Show response
www.facebook.com/tr/ Frame FB32 0
15 B 7ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.ibtimes.co.uk
URL: https://www.ibtimes.co.uk/researcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.ibtimes.co.uk
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.ibtimes.co.uk/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Wed, 08 Dec 2021 14:58:07 GMT

POST
H2 200 v2bajxVtCoZkmGGxpHWfkCfNIu0GRC2lLiIZMCDzcqs97BdFreMyB1e5tHAM6NDDuvHvicm9jhnqHGR_Qgg Show response
stalesummer.com/ 216 B
347 B 18ms
17ms Fetch
application/json 35.190.48.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stalesummer.com/v2bajxVtCoZkmGGxpHWfkCfNIu0GRC2lLiIZMCDzcqs97BdFreMyB1e5tHAM6NDDuvHvicm9jhnqHGR_Qgg

Requested by

Host: stalesummer.com
URL: https://stalesummer.com/v2lltpnTPocNp2Ts0hMfC6Vd3vrcXZfHmw6e7muaIJeDRJS-ejeDuhllwm9m0nKc8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.48.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.48.190.35.bc.googleusercontent.com

Software

Resource Hash

45cdeb8f6769361c91719c0b4bba54c29c9be5124b22aea896f323d4466edac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Wed, 08 Dec 2021 14:58:10 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: a26589ac
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Wed, 08 Dec 2021 14:58:09 GMT

POST
H2 200 v2ftxQEQqZmg83uE1I6eixK6RJ83feqk5BSnKxy25BrovrsJTthZLF4Q96NJL2McD4ANJDQ-oyHRpJ9OYVA Show response
stalesummer.com/ 3 B
36 B 127ms
126ms Fetch
application/json 35.190.48.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stalesummer.com/v2ftxQEQqZmg83uE1I6eixK6RJ83feqk5BSnKxy25BrovrsJTthZLF4Q96NJL2McD4ANJDQ-oyHRpJ9OYVA

Requested by

Host: stalesummer.com
URL: https://stalesummer.com/v2lltpnTPocNp2Ts0hMfC6Vd3vrcXZfHmw6e7muaIJeDRJS-ejeDuhllwm9m0nKc8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.48.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.48.190.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Wed, 08 Dec 2021 14:58:10 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
x-hostname: a26589ac
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
14ms Ping
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-3WPPJWVBP8&gtm=2oec10&_p=85674384&sr=1600x1200&ul=en-us&cid=30433582.1638975485&_s=2&dl=https%3A%2F%2Fwww.ibtimes.co.uk%2Fresearcher-creates-malware-captures-every-tap-your-smartphone-or-tablet-1434673&dt=Researcher%20Creates%20Malware%20to%20Captures%20Every%20Tap%20on%20Your%20Smartphone%20or%20Tablet&sid=1638975485&sct=1&seg=0&en=optimize.callback&_et=2&ep.callback=function(e%2Ct%2Cn)%7Bhj.log.debug(%22Experiment%20with%20ID%3A%20%22.concat(t%2C%22%20is%20on%20variant%3A%20%22).concat(e)%2C%22integrations.google_optimize%22)%2Chj.event.signal(%22exp.go%22%2C%7BexperimentId%3At%2CvariantId%3Ae%2CcontainerId%3An%7D)%7D
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3WPPJWVBP8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ibtimes.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 08 Dec 2021 14:58:10 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ibtimes.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 8855 0
318 B 113ms
112ms XHR
application/x-protobuf 18.116.178.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=141716
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.116.178.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-178-106.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Dec 2021 14:58:10 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.ibtimes.co.uk
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adtelligent.com
URL: https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D617666%26c%3D%7Buid%7D

Verdicts & Comments Add Verdict or Comment

510 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

91 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ibtimes.co.uk/	1969-12-31 23:59:59	Name: X-UA-Info Value: country\|OTHER\|state\|OTHER\|city\|OTHER\|ip\|194.36.108.20\|device\|desktop\|time\|1638975484
www.ibtimes.co.uk/	1970-01-19 23:59:27	Name: dataCentre Value: 0
www.ibtimes.co.uk/	1970-01-19 23:59:27	Name: ip Value: 194.36.108.20
.mgid.com/	1970-01-19 23:16:17	Name: __cf_bm Value: H63Mfkkvqn675Cgkw5u8ldksiXDZo11Zm0WTuUn0Pro-1638975484-0-Ad7pKfC2bYcGC7JP3EOVlCzXHaf7KySITaaZgehRMwLw5gPLOR4PtMV3roWeJf+duG1eMpwOicGlBrIwe4qOv9s=
www.ibtimes.co.uk/	1969-12-31 23:59:59	Name: has_js Value: 1
www.sc.pages06.net/	1969-12-31 23:59:59	Name: Silverpop_cookie Value: 412083210.17439.0000
www.ibtimes.co.uk/	1970-01-20 08:01:51	Name: usprivacy Value: 1---
.intellitxt.com/	1970-01-19 23:17:41	Name: VM_CONSENT Value: %7B%7D
k.intellitxt.com/	1970-01-19 23:26:20	Name: AWSALBCORS Value: +STQT1LlwJN+bV8HRkTCFtsg7ZtS4JSBKM8KAIiiyW1sf5lJ1d+96XQOlDOGciOrpX3FWpH+PUMXX2YEF5OF0qTPZrYekjkqpOidrvJhPqAhdOx/Sq2dGM1cnjbR
ads.stickyadstv.com/	1970-01-19 23:59:27	Name: UID Value: 54f5966868dd33c84bc825160a657b5
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 13d070cc8af0aff42e6eda9b8cb987fe
.ibtimes.co.uk/	1970-01-19 23:17:41	Name: _gid Value: GA1.3.1127800278.1638975485
.ibtimes.co.uk/	1970-01-19 23:16:15	Name: _gat Value: 1
www.ibtimes.co.uk/	1970-01-20 08:45:03	Name: _cb_ls Value: 1
www.ibtimes.co.uk/	1970-01-20 08:45:03	Name: _cb Value: 2Q91Xbj4xEC8-yMC
www.ibtimes.co.uk/	1970-01-20 08:45:03	Name: _chartbeat2 Value: .1638975485157.1638975485157.1.aSI-gC8mJk5Db_DHDkGBWdoBsf9.1
www.ibtimes.co.uk/	1970-01-19 23:16:17	Name: _cb_svref Value: null
.scorecardresearch.com/	1970-01-20 16:33:03	Name: UID Value: 1FSQHGOVXPJZLPRV4JI9RTg1638975485
www.ibtimes.co.uk/	1970-01-19 23:59:27	Name: _pbjs_userid_consent_data Value: 3524755945110770
.cpx.to/	1970-01-20 08:01:51	Name: cpSess Value: 762213676dc33fa2
.ibtimes.co.uk/	1970-01-20 01:25:51	Name: _fbp Value: fb.2.1638975485695.1614872696
.ibtimes.co.uk/	1970-01-20 08:01:51	Name: _hjSessionUser_398338 Value: eyJpZCI6IjRlMzFjMmI3LWQ5MWEtNWVhYi04OThjLTY5MjQ3NmM1MWY0OCIsImNyZWF0ZWQiOjE2Mzg5NzU0ODU2ODIsImV4aXN0aW5nIjpmYWxzZX0=
.ibtimes.co.uk/	1970-01-19 23:16:17	Name: _hjFirstSeen Value: 1
.ibtimes.co.uk/	1970-01-19 23:16:17	Name: _hjSession_398338 Value: eyJpZCI6ImRiZjI0MzY2LTJkYTgtNDBhMC1hZGFmLTU3MzhiZTMxNTc4OSIsImNyZWF0ZWQiOjE2Mzg5NzU0ODU3ODh9
www.ibtimes.co.uk/	1970-01-19 23:16:15	Name: _hjIncludedInPageviewSample Value: 1
.ibtimes.co.uk/	1970-01-19 23:16:17	Name: _hjAbsoluteSessionInProgress Value: 1
.pubmatic.com/	1970-01-20 01:25:51	Name: KTPCACOOKIE Value: true
.ibtimes.co.uk/	1970-01-20 16:47:27	Name: _ga_3WPPJWVBP8 Value: GS1.1.1638975485.1.0.1638975485.0
.pubmatic.com/	1970-01-20 01:25:51	Name: KADUSERCOOKIE Value: 22C6DDF4-68D8-4EF1-9894-B1D277175829
.smartadserver.com/	1970-01-20 08:46:29	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 08:46:29	Name: pbw Value: %24b%3d16960%3b%24o%3d11100
.doubleclick.net/	1970-01-20 08:37:51	Name: IDE Value: AHWqTUmt7Q8s7MIhv_u7Gt1PGl-c4gz4HVaJSWd1RGkL_1DnILlWenggdfbDFXVg-pE
.adsrvr.org/	1970-01-20 08:01:51	Name: TDID Value: cbc639e1-b1ea-44d0-9a34-21fab61776a9
.cpx.to/	1970-01-20 08:01:51	Name: dsp_pubmatic Value: 22C6DDF4-68D8-4EF1-9894-B1D277175829#1638975485840
.smartadserver.com/	1970-01-20 08:46:29	Name: pid Value: 3390230850515526241
.smartadserver.com/	1970-01-20 08:46:29	Name: pdomid Value: 20
.adnxs.com/	1970-01-20 01:25:51	Name: uuid2 Value: 3441701907916292348
.cpx.to/	1970-01-20 08:01:51	Name: dsp_dbm Value: CAESEIKpBviHa0dbVXaR9Fd5-V0#1638975485870
.cpx.to/	1970-01-20 08:01:51	Name: dsp_TTD Value: cbc639e1-b1ea-44d0-9a34-21fab61776a9#1638975485945
.cpx.to/	1970-01-20 08:01:51	Name: dsp_app_nexus Value: 3441701907916292348#1638975485947
.ad.gt/	1970-01-20 16:47:27	Name: au_id Value: 9ee766b9-4ee3-420e-90d7-7a43bd3340d4
.ad.gt/	1970-01-19 23:17:41	Name: au_idmatch Value: {"apn": "2021-12-08", "ttd": "2021-12-08", "pub": "2021-12-08", "adx": "2021-12-08", "halo": "2021-12-08", "goo": "2021-12-08", "bees": "2021-12-08", "mediamath": "2021-12-08", "rub": "2021-12-08"}
.mathtag.com/	1970-01-20 08:42:10	Name: uuid Value: a5f361b0-c7fd-4300-bc35-9de8b5b52f94
servicer.mgid.com/	1970-01-19 23:16:16	Name: __mglb Value: 4aae4d8c393f422d100aefd60785b084
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: lb86YqeN6SW6
www.ibtimes.co.uk/	1969-12-31 23:59:59	Name: MarketGidStorage Value: %7B%220%22%3A%7B%7D%2C%22C713739%22%3A%7B%22page%22%3A1%2C%22time%22%3A1638975486533%7D%7D
.bidr.io/	1970-01-20 08:44:45	Name: bito Value: AAF5Ek7DYZAAAD1XK7739A
.bidr.io/	1970-01-20 08:44:45	Name: bitoIsSecure Value: ok
.adsrvr.org/	1970-01-20 08:01:51	Name: TDCPM Value: CAEYASABKAIyCwjmq7T6u5mdOhAFOAFaB29tbjY3aGxgAg..
.bidswitch.net/	1970-01-20 08:01:51	Name: tuuid Value: 6785791b-c54e-4ceb-a99a-ec8fe87ab0ab
.bidswitch.net/	1970-01-20 08:01:51	Name: c Value: 1638975486
.bidswitch.net/	1970-01-20 08:01:51	Name: tuuid_lu Value: 1638975486
.creativecdn.com/	1970-01-20 08:01:51	Name: u Value: rFcnwJz7dluUI8PjX02Z
.creativecdn.com/	1970-01-20 08:01:51	Name: ts Value: 1638975486
.ad.gt/	1970-01-20 16:47:27	Name: last_seeng_hosted Value: 1638975486791
.ad.gt/	1970-01-20 16:47:27	Name: g_hosted Value:
.ad.gt/	1970-01-20 16:47:27	Name: last_seenrub Value: 1638975486792
.ad.gt/	1970-01-20 16:47:27	Name: rub Value:
.ad.gt/	1970-01-20 16:47:27	Name: last_seenbeeswax Value: 1638975486806
.ad.gt/	1970-01-20 16:47:27	Name: beeswax_id Value: AAF5Ek7DYZAAAD1XK7739A
.ad.gt/	1970-01-20 16:47:27	Name: last_seenadx Value: 1638975486807
.ad.gt/	1970-01-20 16:47:27	Name: google_gid Value: CAESEHWqQhYxkuCWxSVmOIU_8fA
.ad.gt/	1970-01-20 16:47:27	Name: first_seenadx Value: 1638975486807
.lentainform.com/	1970-01-25 20:31:23	Name: muidn Value: lb86YqeN6SW6
.ibtimes.co.uk/	1970-01-20 16:47:27	Name: _ga Value: GA1.3.30433582.1638975485
.zeotap.com/	1970-01-20 08:01:51	Name: zc Value: 2eaf872b-6c79-44af-7178-07099cc80cce
.360yield.com/	1970-01-20 01:25:51	Name: tuuid Value: 5aff0644-c568-4241-9683-82e2d17b741c
.360yield.com/	1970-01-20 01:25:51	Name: tuuid_lu Value: 1638975486
.smadex.com/	1970-01-20 07:54:39	Name: smxtrack Value: 87b0cf65-7edd-4207-a2ba-8198f121d49e
.ad.gt/	1970-01-20 16:47:27	Name: last_seenpbm Value: 1638975486809
.ad.gt/	1970-01-20 16:47:27	Name: pbm Value: 22C6DDF4-68D8-4EF1-9894-B1D277175829
.ad.gt/	1970-01-20 16:47:27	Name: first_seenpbm Value: 1638975486809
.ad.gt/	1970-01-20 16:47:27	Name: last_seenmediamath Value: 1638975486811
.ad.gt/	1970-01-20 16:47:27	Name: user_id Value: a5f361b0-c7fd-4300-bc35-9de8b5b52f94
.ad.gt/	1970-01-20 16:47:27	Name: last_seentd Value: 1638975486817
.ad.gt/	1970-01-20 16:47:27	Name: tdid Value: cbc639e1-b1ea-44d0-9a34-21fab61776a9
.ad.gt/	1970-01-20 16:47:27	Name: first_seentd Value: 1638975486817
.ad.gt/	1970-01-20 16:47:27	Name: last_seenadnxs Value: 1638975486823
.ad.gt/	1970-01-20 16:47:27	Name: adnxs_id Value: 3441701907916292348
.ad.gt/	1970-01-20 16:47:27	Name: first_seenadnxs Value: 1638975486823
.idealmedia.io/	1970-01-25 20:31:23	Name: muidn Value: lb86YqeN6SW6
.ad.gt/	1970-01-20 16:47:27	Name: last_seenhaloid Value: 1638975487001
.ad.gt/	1970-01-20 16:47:27	Name: halo_id Value: 0200kuhica07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl
.ad.gt/	1970-01-20 16:47:27	Name: first_seenhaloid Value: 1638975487001
.e-volution.ai/	1970-01-19 23:36:25	Name: v_usr Value: 044a8b40-5c70-4c88-9b14-3212b79085a9
.mfadsrvr.com/	1970-01-20 16:47:27	Name: tuuid Value: 88486a73-7903-4541-9871-e47d7773bff2
.mfadsrvr.com/	1970-01-20 16:47:27	Name: c Value: 1638975487
.mfadsrvr.com/	1970-01-20 16:47:27	Name: tuuid_lu Value: 1638975487
.mfadsrvr.com/	1970-01-20 16:47:27	Name: ssh Value: !mgid,1638975487
cm.mgid.com/	1970-01-19 23:59:27	Name: mg_sync Value: {"265689":1638975486,"287839":1638975487,"341189":1638975486,"363887":1638975486,"433146":1638975486,"501037":1638975486,"516418":1638975486,"549534":1638975486,"665953":1638975487}
.ibtimes.co.uk/	1970-01-21 01:33:03	Name: _awl Value: 3.1638975490.0.4-763793ca-612f378f25876cfcd663e0075239947f-6763652d6575726f70652d7765737431-61b0c802-0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://g.ibt.com/front/js/counter.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ad.gt
a1.vdna-assets.com
ad.360yield.com
ads.pubmatic.com
ads.stickyadstv.com
api.pushnami.com
api.vuukle.com
aufp.io
aux.fqtag.com
c.amazon-adsystem.com
c.mgid.com
capi.connatix.com
cd.connatix.com
cdn.fqtag.com
cdn.mgid.com
cdn.vuukle.com
cdnjs.cloudflare.com
cds.connatix.com
cm.g.doubleclick.net
cm.idealmedia.io
cm.lentainform.com
cm.mgid.com
cm.smadex.com
cmp-consent-tool.privacymanager.io
confiant-integrations.global.ssl.fastly.net
connect.facebook.net
creativecdn.com
d.ibtimes.co.uk
eus.rubiconproject.com
fonts.gstatic.com
fqtag.com
fundingchoicesmessages.google.com
g.ibt.com
g.ibtimes.co.uk
gc.newsweek.com
gdpr-wrapper.privacymanager.io
gdpr.privacymanager.io
geo.privacymanager.io
hb.brainlyads.com
ids.ad.gt
image2.pubmatic.com
imasdk.googleapis.com
img.connatix.com
in.hotjar.com
jsc.mgid.com
k.intellitxt.com
match.adsrvr.org
match.prod.bidr.io
mwzeom.zeotap.com
onetag-sys.com
p.ad.gt
p.cpx.to
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.rubiconproject.com
pixel.zprk.io
pixels.ad.gt
pool.grid-data.bidswitch.net
powerad.ai
publish.vuukle.com
query.fqtag.com
reporting.powerad.ai
rtb-usw.mfadsrvr.com
rules.quantcount.com
s-img.mgid.com
s.adtelligent.com
s.cpx.to
s.flocdn.com
s0.2mdn.net
sb.scorecardresearch.com
script.hotjar.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
servicer.mgid.com
ssbsync.smartadserver.com
ssp.lkqd.net
stalesummer.com
static.adsafeprotected.com
static.chartbeat.com
static.hotjar.com
stats.g.doubleclick.net
sync.adtelligent.com
sync.e-volution.ai
sync.mathtag.com
sync.smartadserver.com
token.rubiconproject.com
trc.pushnami.com
u.openx.net
vars.hotjar.com
vc.hotjar.io
vdna.exelator.com
vid.connatix.com
vuukle.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.ibtimes.co.uk
www.sc.pages06.net
x.bidswitch.net
sync.adtelligent.com
104.16.221.74
104.19.133.78
104.19.135.78
104.19.217.61
109.206.161.21
13.250.177.93
13.32.99.23
13.32.99.54
13.32.99.59
142.250.185.98
146.20.132.204
151.101.193.194
151.101.194.137
151.101.2.137
151.139.128.11
18.116.178.106
18.157.129.217
18.197.204.221
18.211.226.152
18.66.109.174
18.66.112.122
18.66.112.123
18.66.112.126
18.66.112.79
18.66.139.78
18.66.139.84
18.66.97.10
184.30.24.198
185.184.8.65
185.29.132.245
185.33.221.91
185.64.189.110
185.86.137.110
199.187.193.177
2.18.234.233
216.58.212.130
23.20.158.212
23.37.42.132
23.79.143.124
2600:1901:0:298e::
2600:9000:223c:b200:18:1fcd:34f:cdc1
2600:9000:223f:600:8:48e:53c0:93a1
2600:9000:223f:fe00:6:44e3:f8c0:93a1
2600:9000:2250:8000:16:f82a:8600:93a1
2600:9000:2251:3000:11:2a6a:9480:93a1
2606:4700:10::6816:1957
2606:4700:10::6816:3ca8
2606:4700:10::ac43:1695
2606:4700::6810:135e
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1450:4001:801::2008
2a00:1450:4001:809::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2004
2a00:1450:4001:811::2006
2a00:1450:4001:812::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c0a::9a
2a02:6ea0:c700::10
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a0c:5c81:5139::2
3.127.120.47
3.209.18.29
3.226.19.100
34.200.203.34
34.254.143.3
34.255.158.248
35.186.195.222
35.190.36.172
35.190.48.184
35.190.72.161
35.212.212.222
35.244.159.8
44.224.58.246
44.240.108.244
51.89.9.252
52.19.63.112
52.22.45.124
52.223.40.198
52.35.106.12
52.38.226.208
52.49.134.174
54.187.56.166
54.234.151.247
63.32.233.146
63.33.224.140
69.173.144.138
69.173.144.165
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05d881e6853969e9af445694b748a15cee3debe93354b1bbc06ee9343fcb72c5
0620647c7e8e7ff7097b3919ed985e28c5f7145e82184bdbe68f79658e63f0c0
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0806f685fb8981e630f8f64a5b6c1d0efd2a4240440d0c78ec826d5acb2affca
082acab6074d30aeca7a1850b34f2bfc06fbd08cccad58096a6f8109c444f39f
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080
0ac009e30707462862989abe6e0ca0f8d4a1b10b4b29b287f512c3d883d03bde
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d9a3e653145b400c444f8716ded794614478de162ebb7d4acbe17d2e26a0537
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10df2caa73d5330e7f0457bd4953ee3daeeba0508bad79e6a70e473d4caffaa9
13e3e82d9e0610e83d8f2cddbf0264a8503a543988a18f2e88d1008e5ff09b6a
13e9dea76c225cf26f86cd52e1387cfd938cc875bd55c534225769286f9bccb3
15a3efce4e527795167d6fb4bb107345067176ddfc514a85cf0ee9a031b07e55
167982fa128d47a62bd03befe22b8adb08f6d0a1590601b325d3d1a14f7c309d
16e04bdf6c116d4ad9220245c02b90483beaee2275b489e27d687f3b519d382e
1c22a7234cc60c7fedf695397c0adf74ca9c49f4015518ecc4c58f360b3bbd40
1c65f75f4e8074aea8c953d0687997fff2594965a64fb3468964935a48164416
1d2fa923c0c762184976e9ac0de7e4ac46d39ea00b70d3a900d84b1f42ef71e4
2153ccd42e86954f8d2a7432968ad1592e128f837e1a9d721e44d9c477d652e5
247aee0b717314c2c113cde9c0c5b01520b040b4b142e25ad63d41054cf3b8ba
2501a068c893e19c8a443c814ed5ec68bfd31018463c31bb7aef1d4b891b8767
250a0280938365d9f83769f776b3834a605a6560ca3df785029ba97b6ddd5c4e
27a1e80167055f562f0ddda38620ec1f5a354c5ab795c75da16874f4095520f3
296991b3dc34755a19b2bdfecac909935febc60e2aedc796b8a1087a32fd7aa2
2b697ae3266afd70d1108fda9eea78b90db518003f1049e6913ad0e0368723fc
2cce5da0c3fe8f478cdc9d3af774d3391464728aff6206745564ddd918803e33
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2f5c4b3243f4c28073afcaefe33a08ee8a0620747099020244a70ed1229ef868
31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c
32f57836b1b68340162c2d6b59e7bd066206eeba024f519d46d885a4a1565c35
33aadd5d0b0ee366e74ef684e03c1ea234c2d555ef1229e30362af3791f0b140
353335bebb8bd293c4c15c9f93804f65aaa41ae5eeabea7a8c64c8ad91c4930b
36dc8627546125c2446359d123c1d11a8afbe6a5100862e2319217e335d985d2
38cec8f50a59efb2c364cb80ccec6f7c6bc50be14de635f19f65358d0b69b046
3c04106baf1333a6d9411aff493577c67786b171cfa91501c8eb3e31405b3059
3c1619981fd89704039ed401b071b2e82e347db0a8b9111e564c3405b8f2ce5a
3e30158b3215490f302dd3424b989d72fc69e7306a6f6cc907d9bae0d71f01ed
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f29550b363950a26ec1b1c7faab15c15736d233b0fc1b404c9cc443c120beec
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40877bd61244df363dd2147a7ea28a398ac8f6c3e42f194ae06449603a5a574b
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43c15c5e339cca85186d462b5951209ac3825b7677341e3d95f5e704b5057c87
448a333dfdb98768c6308de7aeb073d319ec34bef67636b30fdf97abba0683b7
45cdeb8f6769361c91719c0b4bba54c29c9be5124b22aea896f323d4466edac2
4678fe248a305c2cac2cfcd8553119b01cf43e0d68125b668aec4971540e2018
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4b742b1c31052c8bb9eaa70653ae188a165ca707437b33d51f5134dfb6a95e33
4c9209d48b4a8d865429efe3b68bc26eb71b47b22f06caa91aedce506dc4725a
4ce58351b9751bc94a12f1a52de4b098c6483509ace41a8b2135d8638cfec3e7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51ae4c5642051d85bcfb8ed5d7ce619a0fd7cd201723c823f7495a829eefaa72
53f98bb0b288d162a288ce2caf8406c00c1fd474f0c73a58b5893098271621a9
5427138d42e612a6be63f8fc1eb7173c0141db146bafc9d22378a53947797032
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54cd0b9c7f0aca6e83ec8f9eba3bfaef66bd09767101dd9355a7182a1c19f275
55033882e1bc61cac58471a0ce5372606abd57a9663921dbd6f9a4a926c601b0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
585b0c78c77e74d938f9f13dd33070cf8d262f99c0ef125ae1f020eeeb9381cb
59533c24d689c5ee1d8806863591cae5b950dd4c58cc20e7ccf37d0abc8e52f6
5a293aaf862adcd1c0a81c98f17d848c5b2d628c1982d30ff1204bcf5d05e420
5d12f6172d8aa85d6475c28b56f66d34ccf48e833493181279b22f9eb23eb820
62c3a4f78334221a29592245d0d3cda9fb3a850afc658bc7010682c0b723cb72
63b36a51bf5497e4aabb2552047d33213ed0a67768281ddd85003f9e8ecf80ba
66ea91a01b97feca3757a3ff16e3782973b559b2d4cbe79f7704e91607f9aa47
67b08c185967e7dbda1aecb9e42a11c61f24a20c0ccefe9ebfea250a4d67990c
68830c83e088bafc7365a58c8df8cb3ada52255d4cf847199a4d926fd414a01c
6ae7af46904f84c2d51886566d848c93c9f44209eed5922c074720b6731218d8
6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38
71afd4f84f2006b55a0b0d8b62a8f0750141adbc8e48313c98789274e84a4b84
741932350156677164b36a1506347cfd558bc502310bd1d50e246d454c4c1131
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75608011897ecc866f405947986ebb4e604f9b9791708a26ed936a93bbe764d0
759c7c4655708a697cdba60647d20e743deb1b4cc1f4612a8261192000a97e4d
75d20815e51810799c549e1e7b621848d69ed31f8954620921c26e17daa0e87b
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
784a8fabaaf06f69a98c9a16a46f62ac8aa1e68eef09cbd6d2fb442d7ebb9a6a
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7a4a929aa7bd93362df0f605dc0aaca43b3d56b9d723ef8d65a757c80d7aff6f
7c8997cdc0684a2e807d952d6c2be8f4733f3b29266a4c61d68d1608adeb5fec
7de22ad86b9c8fc8740250df7169d1792dedce2ee677b7f828b98c16ab53a5b9
80bf8d6552f807a6e883a432c0b50833936bbaacb6a2ec2696429a28986f2be6
80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6
810973996140f08f00ea7dee7772f3d2c957538c27319f25e045d8afcb49e1f7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836fb0ab22f83a719b0114a49f35d844226e1898473225b9e4bfdd44a4fd204d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84f80d3bc526123294f1c949c0a349a4511116695adbe0c6ca025ef3a977a382
8548d22e0fe82f9ac98dd5148510c0bb6885aad92f661876a8078b9be620ea2e
85a79e8d5d9f11df8dac5dc3d646949a37b612db0324bb671ae612cc3deba488
85e50082d7ce113bfa87dbade18dbf747d1bacfcffdbd628296dcffa98a08f94
87eddedd2d5c528960a4851583fd6dd917c1893db2ee14ecbfd4809093ac6a71
88551e81777283d882e2b4ad08b2513cf80f09066fe67eec1f1c012b8b216638
8d32af14398d35b9b354363faf6b1d6fae20f81da601481c71335277b38f9e8c
8d49b3070550d94e487ca7bb67ff0b7b7413fb13805385cf9ddb9b5fb32a97d0
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e521ebeb6ce59914c54f532b1577efd671f4b02bb3c331e01b4a7e79a02cfea
906ca586685d9b4f321449eaaeeddc7f6a9ea9cdf83df6f82592c643d04a7e2a
91527b0ebde761583acc70f7a1741af1936be26826da17d4961bc4dcc913fc6f
917fe90bace9498f255a5c91d492adf2dcc95a26f3fd6c81cfe76ac7ca217057
964508b64905fb65179786df987e74be47ee1b44a832c2f19bbc8b1d300ed8e6
998e1202c2e488520a53e1d57ca8727b4949a877a7859b792b2e09c24478d91e
9a19209483cd31f0227408730c75f1f372ea1218f347a7fe97db8a480d16081e
9abf8d1ba2e3b1ab6e7a20c35b1c016c41ad8a612a4594edef72b405a8c4c9b1
9c62f88c98d216e8148c1edeafbfa5db5a15b1fe72d2935202db67c1ed9f6554
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a283c159c936cb63d4cb23df490b58cb50b12638da7ca7bddcbd9c3fa6b37cae
a3ff15aac9f8d4499190932e78f89dc69b64ec1b82616f8c4fba0ba2f4aca8cd
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac902a8bb54ca7821f70b8f701c0427d3ff5b3f777c5d015f317b6490568166e
ad46f8be77d0ae452545ffabf8ec6e0dd9ea775c2456e344964576801f813ab7
adefd99362310ce857055caa7ef65de93959ff049609124d085a765b225806bd
ae29212c90bc8ebc71990b47c6bf6bf94135ba1c16349906dcd2c2619a27d850
aeea52d9d8ebb3abb2d7fccf4eadf7ac7be32700a2a46fffc89b6093336352e7
af22215ea6f5fd288ae6ff44214041321c844b24729e386413fdade0da0d1c38
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b3919e97b7d950fa432c4b43b5b5b8651dc8872aa1d34b523d912b4c885a083f
b3c414806e659b347c31f9205558d257b959cb5a465ba7c83943a3a8ca6aa59f
b52d8e39b87927711e68e5b98ba16bd561f6f9bd90f36dffa32de8128388a561
b752a637f15d6b100d20b041fae502758635cba9bdd69a14af15818853027617
b896263dd16c4f5f4009a72b04489499dcd90ce9658086dcb3eb4b01409f088b
bd09bfc1b6b79ff7985d7f8216a95346533354d01282265cb1df32bb8a41b734
bd47e11f786a55e1999e5ad7ced555a79c2f1de7b39dac2d20a74d66c495b156
bd4d57c1bbc49062d2b03ac7599e10b805aab82c4bef4759b66ff109582aa291
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c0c94e93c0e65a88c4ac8cdd3bcc9746296bd7b6b726a3ec16cbf3db5b99a23e
c2ab80281572a2bd9b2732d2e1c6e81174c6651138d79d4c1445fc7d6d2d8cc2
c631d3bebb168e8549f41a8137a8681fc6d87da3b1b4c2cd6377b7d79b236caf
c72659bec2957fe7d11d64fd336a9a0afdcc65e7e7d6c2fab8bd0cf0f8176fd8
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cae2fee0a61b87b871a61fe80e3f58dde1e15fcda781ed63c894968651ab8d91
cc272a4facaba096b3aa8380a4d39b67ad3920a052c1c026e01a461b4d98c96d
cda5cb3f4dac47d9f6312279b4e82d5a27f812ae88a22caea39e00dd7d7163d8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf494a2e88cbf68d229e91f9042c0cae9b221b10c4ebf413dc74d930bd537d94
cfc5710c3ca7e9aa4c6828f5098ac93dbc375ad990b890c17f72b74e5d2f3e90
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d39c7ff4103007338040282460b2eb0e5adadd9fb80f986fb4c8a3d41785a6ca
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d96359b975ea60541c0a2af5c5de0197241e5e769841ac87cdb8dbb636dac16f
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ecd4311b3bc650a24b5488675d91818363c31d88856f1eed1259878f6ce56e
e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b
e83df01b855659a03124fe4faaa9426971c2341d42ee0e5ef9d0a8242f81acab
e8f1723c3adf33a75dfb9a9b451f301923cd619a90b6e6dfab686f9c7139ba23
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb80e9c5c04010f8f01fe1617265efb5a68ca1c13c986c2332385b4c10fe420
f689eddc3feff0de7dd029c3b6256520d74fb609885efcb2a01c21efbe714a99
fa1560f5bb6bd9c2ab63298a350482986102b4962940c4498e855ec16f0e377b
fecf08d48dbc946b3487abedf98eda2cc270626b457f350347e67729bb4c007c
ff2eddce0657f02de657dc3167b9453b9e81850fee55948d22beb8e0acf89cd8

www.ibtimes.co.uk Open in urlscan Pro 3.226.19.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

220 Requests

88 %HTTPS

28 %IPv6

65 Domains

104 Subdomains

80 IPs

10 Countries

4227 kBTransfer

13455 kBSize

91 Cookies

25 Outgoing links

Page URL History

Redirected requests

220 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ibtimes.co.uk Open in urlscan Pro
3.226.19.100 Public Scan

Screenshot
Live screenshot

Full Image

220
Requests

88 %
HTTPS

28 %
IPv6

65
Domains

104
Subdomains

80
IPs

10
Countries

4227 kB
Transfer

13455 kB
Size

91
Cookies

220 HTTP transactions
1 data transactions