www.theguardian.com Open in urlscan Pro
2a04:4e42:600::367 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/BB9I05xnCR
Effective URL:
https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Submission: On November 22 via api (November 22nd 2021, 4:46:19 pm UTC) from US — Scanned from DE

Summary HTTP 82 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 82 HTTP transactions. The main IP is 2a04:4e42:600::367, located in United States and belongs to FASTLY, US. The main domain is www.theguardian.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA H2 2021 on November 5th 2021. Valid for: a year.

This is the only time www.theguardian.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
65	2a04:4e42:600... 2a04:4e42:600::367	54113 (FASTLY) (FASTLY)
12	34.253.249.175 34.253.249.175	16509 (AMAZON-02) (AMAZON-02)
2	151.101.129.194 151.101.129.194	54113 (FASTLY) (FASTLY)
1	151.101.129.111 151.101.129.111	54113 (FASTLY) (FASTLY)
1	13.35.253.34 13.35.253.34	16509 (AMAZON-02) (AMAZON-02)
82	7

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 2a04:4e42:600::367 (United States)

ASN54113 (FASTLY, US)

www.theguardian.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.guim.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.guim.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
interactive.guim.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
contributions.guardianapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sourcepoint.theguardian.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.253.249.175 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

ophan.theguardian.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.111 (United States)

ASN54113 (FASTLY, US)

api.nextgen.guardianapps.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-34.fra6.r.cloudfront.net

cdn.privacy-mgmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	guim.co.uk assets.guim.co.uk i.guim.co.uk interactive.guim.co.uk	796 KB
22	theguardian.com www.theguardian.com ophan.theguardian.com sourcepoint.theguardian.com	186 KB
8	guardianapis.com contributions.guardianapis.com	63 KB
2	fastly.net confiant-integrations.global.ssl.fastly.net	96 KB
1	privacy-mgmt.com cdn.privacy-mgmt.com	1 KB
1	guardianapps.co.uk api.nextgen.guardianapps.co.uk	3 KB
1	t.co t.co	695 B
82	7

	Domain	Requested by
31	assets.guim.co.uk	www.theguardian.com assets.guim.co.uk
12	ophan.theguardian.com	www.theguardian.com
10	interactive.guim.co.uk	assets.guim.co.uk www.theguardian.com interactive.guim.co.uk
8	contributions.guardianapis.com	assets.guim.co.uk t.co
7	sourcepoint.theguardian.com	assets.guim.co.uk sourcepoint.theguardian.com
6	i.guim.co.uk	www.theguardian.com
3	www.theguardian.com	t.co www.theguardian.com
2	confiant-integrations.global.ssl.fastly.net	assets.guim.co.uk confiant-integrations.global.ssl.fastly.net
1	cdn.privacy-mgmt.com	sourcepoint.theguardian.com
1	api.nextgen.guardianapps.co.uk	assets.guim.co.uk
1	t.co
82	11

This site contains links to these domains. Also see Links.

Domain
support.theguardian.com
jobs.theguardian.com
profile.theguardian.com
www.google.co.uk
holidays.theguardian.com
theguardian.newspapers.com
puzzles.theguardian.com
licensing.theguardian.com
www.twitter.com
www.facebook.com
twitter.com
www.haaretz.com
www.forbes.com
www.commerce.gov
www.linkedin.com
syndication.theguardian.com
workforus.theguardian.com
www.youtube.com
www.instagram.com
advertising.theguardian.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
theguardian.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-05` - `2022-12-07`	a year	crt.sh
ophan.theguardian.com Amazon	`2021-03-28` - `2022-04-26`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.privacy-mgmt.com R3	`2021-09-27` - `2021-12-26`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Frame ID: 9282B5505FCB7A7BA42D97453B0A5C8B
Requests: 55 HTTP requests in this frame

Frame: https://www.theguardian.com/email/form/plaintone/tech-scape
Frame ID: E9F888D532E73EB3AAAAA9C23282DC24
Requests: 5 HTTP requests in this frame

Frame: https://www.theguardian.com/email/form/footer/today-uk
Frame ID: 750385C62D1ADC2837DB7D505C504942
Requests: 5 HTTP requests in this frame

Frame: https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false
Frame ID: 861B6B7F6FC227C45233F20BC387A031
Requests: 5 HTTP requests in this frame

Frame: https://sourcepoint.theguardian.com/index.html?message_id=514494&consentUUID=31967d7f-ae61-4775-bbb6-5f820bdceec2&requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&preload_message=true
Frame ID: 997C18BE3D886F7E58CEB0A84D146F6C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Israeli firm’s spyware linked to attacks on websites in UK and Middle East | Malware | The Guardian

Page URL History Show full URLs

https://t.co/BB9I05xnCR Page URL
https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-web... Page URL

Page Statistics

82
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

11
Subdomains

7
IPs

2
Countries

1147 kB
Transfer

2922 kB
Size

15
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://support.theguardian.com/eu/contribute?REFPVID=kwawi6vwnxwcottoupfa&INTCMP=header_support_RemoteRrHeaderLinksTest__NonUK_remote&acquisitionData=%7B%22source%22%3A%22GUARDIAN_WEB%22%2C%22componentId%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%2C%22componentType%22%3A%22ACQUISITIONS_HEADER%22%2C%22campaignCode%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%2C%22abTests%22%3A%5B%7B%22name%22%3A%22RemoteRrHeaderLinksTest__NonUK%22%2C%22variant%22%3A%22remote%22%7D%5D%2C%22referrerPageviewId%22%3A%22kwawi6vwnxwcottoupfa%22%2C%22referrerUrl%22%3A%22https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east%22%2C%22isRemote%22%3Atrue%7D
Title: Contribute

Search URL Search Domain Scan URL

URL: https://support.theguardian.com/eu/subscribe?REFPVID=kwawi6vwnxwcottoupfa&INTCMP=header_support_RemoteRrHeaderLinksTest__NonUK_remote&acquisitionData=%7B%22source%22%3A%22GUARDIAN_WEB%22%2C%22componentId%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%2C%22componentType%22%3A%22ACQUISITIONS_HEADER%22%2C%22campaignCode%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%2C%22abTests%22%3A%5B%7B%22name%22%3A%22RemoteRrHeaderLinksTest__NonUK%22%2C%22variant%22%3A%22remote%22%7D%5D%2C%22referrerPageviewId%22%3A%22kwawi6vwnxwcottoupfa%22%2C%22referrerUrl%22%3A%22https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east%22%2C%22isRemote%22%3Atrue%7D
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://jobs.theguardian.com/?INTCMP=jobs_uk_web_newheader
Title: Search jobs

Search URL Search Domain Scan URL

URL: https://profile.theguardian.com/signin?INTCMP=DOTCOM_NEWHEADER_SIGNIN&ABCMP=ab-sign-in&componentEventParams=componentType%3Didentityauthentication%26componentId%3Dguardian_signin_header
Title: Sign in

Search URL Search Domain Scan URL

URL: https://www.google.co.uk/advanced_search?q=site:www.theguardian.com
Title: Search

Search URL Search Domain Scan URL

URL: https://support.theguardian.com/contribute?INTCMP=side_menu_support_contribute&acquisitionData=%7B%22source%22:%22GUARDIAN_WEB%22,%22componentType%22:%22ACQUISITIONS_HEADER%22,%22componentId%22:%22side_menu_support_contribute%22%7D
Title: Make a contribution

Search URL Search Domain Scan URL

URL: https://support.theguardian.com/subscribe?INTCMP=side_menu_support_subscribe&acquisitionData=%7B%22source%22:%22GUARDIAN_WEB%22,%22componentType%22:%22ACQUISITIONS_HEADER%22,%22componentId%22:%22side_menu_support_subscribe%22%7D
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://jobs.theguardian.com/?INTCMP=jobs_int_web_newheader_dropdown
Title: Search jobs

Search URL Search Domain Scan URL

URL: https://holidays.theguardian.com/?INTCMP=holidays_int_web_newheader
Title: Holidays

Search URL Search Domain Scan URL

URL: https://theguardian.newspapers.com/
Title: Digital Archive

Search URL Search Domain Scan URL

URL: https://puzzles.theguardian.com/download
Title: Guardian Puzzles app

Search URL Search Domain Scan URL

URL: https://licensing.theguardian.com/
Title: Guardian content licensing site

Search URL Search Domain Scan URL

URL: https://www.twitter.com/skirchy
Title: @skirchy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=180444840287&href=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east&CMP=share_btn_fb

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Israeli%20firm%E2%80%99s%20spyware%20linked%20to%20attacks%20on%20websites%20in%20UK%20and%20Middle%20East&url=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east&CMP=share_btn_tw

Search URL Search Domain Scan URL

URL: https://www.haaretz.com/middle-east-news/.premium-top-secret-israeli-cyberattack-firm-revealed-1.6805950
Title: most mysterious cyberwarfare company

Search URL Search Domain Scan URL

URL: https://www.haaretz.com/israel-news/tech-news/.premium-mobile-spytech-millions-in-gulf-deals-top-secret-israeli-cyberattack-firm-reve-1.9125915
Title: lawsuit

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=42ceecd55a39
Title: reported

Search URL Search Domain Scan URL

URL: https://www.commerce.gov/news/press-releases/2021/11/commerce-adds-nso-group-and-other-foreign-companies-entity-list
Title: commerce department’s entity list

Search URL Search Domain Scan URL

URL: https://support.theguardian.com/eu/contribute?selected-contribution-type=MONTHLY&selected-amount=10&REFPVID=kwawi6vwnxwcottoupfa&INTCMP=gdnwb_copts_memco_2021-07-06_FALLBACK_JULY__EU_ROW_CONTROL&acquisitionData=%7B%22source%22%3A%22GUARDIAN_WEB%22%2C%22componentId%22%3A%22gdnwb_copts_memco_2021-07-06_FALLBACK_JULY__EU_ROW_CONTROL%22%2C%22componentType%22%3A%22ACQUISITIONS_EPIC%22%2C%22campaignCode%22%3A%22gdnwb_copts_memco_2021-07-06_FALLBACK_JULY__EU_ROW_CONTROL%22%2C%22abTests%22%3A%5B%7B%22name%22%3A%222021-07-06_FALLBACK_JULY__EU_ROW%22%2C%22variant%22%3A%22CONTROL%22%7D%5D%2C%22referrerPageviewId%22%3A%22kwawi6vwnxwcottoupfa%22%2C%22referrerUrl%22%3A%22https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east%22%2C%22isRemote%22%3Atrue%7D&numArticles=0
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?title=Israeli%20firm%E2%80%99s%20spyware%20linked%20to%20attacks%20on%20websites%20in%20UK%20and%20Middle%20East&mini=true&url=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Search URL Search Domain Scan URL

URL: https://syndication.theguardian.com/automation/?url=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east&type=article&internalpagecode=technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Title: Reuse this content

Search URL Search Domain Scan URL

URL: https://workforus.theguardian.com/
Title: Work for us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/theguardian
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TheGuardian
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/guardian
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/theguardian
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/guardian
Title: Twitter

Search URL Search Domain Scan URL

URL: https://advertising.theguardian.com/
Title: Advertise with us

Search URL Search Domain Scan URL

URL: https://jobs.theguardian.com/?INTCMP=NGW_FOOTER_INT_GU_JOBS
Title: Search UK jobs

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/BB9I05xnCR Page URL
https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

82 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 BB9I05xnCR
t.co/ 531 B
695 B 150ms
133ms Document
text/html 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/BB9I05xnCR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 22 Nov 2021 16:46:14 GMT
vary: Origin
server: tsa_o
expires: Mon, 22 Nov 2021 16:51:14 GMT
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 258
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-response-time: 126
x-connection-hash: 0af03a95355aab72a543a095625598f44a4f871614c408c90c3adc5875e8d872

GET
H2 200 Primary Request israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east Show response
www.theguardian.com/technology/2021/nov/16/ 242 KB
49 KB 101ms
46ms Document
text/html 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Requested by

Host: t.co
URL: https://t.co/BB9I05xnCR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2bd94c32e1be8c4ded489019072498fc0d79c19508aef9fa57ddb507759c177f

Security Headers

Name	Value
Content-Security-Policy	default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://t.co/

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
etag: W/"hash8374452656648029059"
link: <https://assets.guim.co.uk/>; rel=preconnect,<https://i.guim.co.uk>; rel=preconnect,<https://j.ophan.co.uk>; rel=preconnect,<https://ophan.theguardian.com>; rel=preconnect,<https://api.nextgen.guardianapps.co.uk>; rel=preconnect,<https://hits-secure.theguardian.com>; rel=preconnect,<https://interactive.guim.co.uk>; rel=preconnect,<https://phar.gu-web.net>; rel=preconnect,<https://static.theguardian.com>; rel=preconnect,<https://support.theguardian.com>; rel=preconnect
x-gu-dotcomponents: true
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:14 GMT
age: 3138
x-timer: S1637599575.815575,VS0,VE26
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com
referrer-policy: no-referrer-when-downgrade
feature-policy: camera 'none'; microphone 'none'; midi 'none'; geolocation 'none'
permissions-policy: camera=(), microphone=(), midi=(), geolocation=(), interest-cohort=()
x-gu-edition: int
cache-control: max-age=60, stale-while-revalidate=6, stale-if-error=864000, private, no-transform
vary: Accept-Encoding,User-Agent
content-length: 48731

GET
H2 200 GHGuardianHeadline-Medium.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/ 16 KB
17 KB 25ms
7ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-Medium.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

87e9036ce8b1ba1645d519285aaf31491d87a3e16273835fe134aa38993d6f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 7qhlDny7_XZy0N4WDJpPOOLtbXaBoWlr
via: 1.1 varnish
etag: "08f5422d28aa5861fac0170cef914db8"
age: 65859059
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-Medium.woff2
fastly-restarts: 1
x-amz-id-2: upBk3jg9d9JqB7G4nB/PmV5U42LnSLkbi4QCi3+OmqiiYMWO8c3eHZ23Bnwpx/py4TwCiiIqM6o=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:34 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.890838,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 0A5FB32C021BA886
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 16612
content-type: font/woff2
x-cache-hits: 25064

GET
H2 200 GHGuardianHeadline-MediumItalic.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/ 19 KB
19 KB 26ms
9ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-MediumItalic.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

03489467cd73637caad3431e2f186a58045ff1d9080ccf05e36461212d354095

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: uIhPHJKbVgzbQ852auGdUCukv9hRT7y3
via: 1.1 varnish
etag: "f1117595ec5a2cf9f3a9834f42e5fd08"
age: 43334379
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-MediumItalic.woff2
fastly-restarts: 1
x-amz-id-2: 2n0EAMWo+YIH9PkJaMNlZ81DDREeoi2i8v8v0DUsmH+G3jcGrMxhZsuGGibIURhX00XQ8U3T38U=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Fri, 01 Nov 2019 14:36:38 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.890996,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: BS4Q4R9Q6WEN8K4G
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 19052
content-type: font/woff2
x-cache-hits: 23249

GET
H2 200 GHGuardianHeadline-Bold.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/ 16 KB
17 KB 39ms
22ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4fa602e0d446ee3148b06f2014cb08518660f936406251a05bbbcc6ea870cc9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: yb38so.Two3LTQveIR1dZNN4qcvxLQZ2
via: 1.1 varnish
etag: "f5d54732577509c40f5a5a47f47aeab5"
age: 65858474
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-Bold.woff2
fastly-restarts: 1
x-amz-id-2: QEKAk+KzrA1LTLTIgQ74fwd0L8SiKv5t4WH6+6Of04wXbXDjTrr/TzCCoCw9+hvnGoPEquav5/4=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:34 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.896351,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 17E23BBD32988C5F
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 16492
content-type: font/woff2
x-cache-hits: 25478

GET
H2 200 GuardianTextEgyptian-Regular.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/ 16 KB
17 KB 40ms
23ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa364c5f0844c7c1fe4c96d14495d45d65c07b2a635b44800382e266e1a67d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: QYXAwp2tuouJ0Lk6hjMnWl.PiqZrfmqq
via: 1.1 varnish
etag: "66184690aa8f829b88f8d7b855ec63fd"
age: 65858380
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Regular.woff2
fastly-restarts: 1
x-amz-id-2: D4/X2odJBEDsDjdpxuCsp1Y/nUfT3M9ESZCWhFPo6atmXPbVECve5I8kUjAY4QpsgL+R3mKtckE=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:25 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.895978,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: C090B75EF69A67D1
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 16792
content-type: font/woff2
x-cache-hits: 30776

GET
H2 200 GuardianTextEgyptian-Bold.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/ 17 KB
17 KB 40ms
23ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d1bf42c2df6fa95e0806bccd64191d78325514d758c455c0d959913a25d6a101

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: CqQWZcSJGyKPuLTMFGadHYHcoIzK4Vlf
via: 1.1 varnish
etag: "84fb7a78f703a6bea30d38248d76114e"
age: 65858705
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Bold.woff2
fastly-restarts: 1
x-amz-id-2: brKGcmMPnTCSC/GisnJAP7YblubvhvB6riNHYRp2eTU44V30sinCbMFJLRfpGKNL3jsjhC4Zmr0=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:24 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.896509,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 9E408FEAAEDCD03D
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 17044
content-type: font/woff2
x-cache-hits: 23331

GET
H2 200 GuardianTextSans-Regular.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/ 15 KB
15 KB 24ms
8ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf672dbc2fe3d05096cb045691ec7a9dc00e3470458665d42d0b7aabd07bb990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: W1Hv7rRPRRUyW4Ue.cU0aQvIjwUbkD1y
via: 1.1 varnish
etag: "5c9af23772b65de0d3f1fb8638c196b4"
age: 65859152
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Regular.woff2
fastly-restarts: 1
x-amz-id-2: 6l4ZdbH+WPzXg8Y/HuqwlMwGQuum26hF2cKTlztneGTbg6p9pp1kAdJwyh8bX5C2T/gp3q2UgFQ=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:36 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.891591,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 1E40D33F14496FA7
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 15416
content-type: font/woff2
x-cache-hits: 32692

GET
H2 200 GuardianTextSans-Bold.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/ 17 KB
18 KB 25ms
9ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

46e089c7d79ff80fef01582ba8261d42728b78c345fdbe8d52199907498d280e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: _qXyF7mv5ZffuL0kOZNOgbadUrtkYUy0
via: 1.1 varnish
etag: "227b6e4f26bef19d8f2815f6097b7b7c"
age: 65858975
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Bold.woff2
fastly-restarts: 1
x-amz-id-2: q67qG3tiJ/7lGqsc2KaIEwG+H/PGZXDQOvprxYey9kEFZmq0Qc+J8QAVenOOw4NsHIGUIg/m+Lw=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:35 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.891187,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: B4CADE93E9658B5D
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 17376
content-type: font/woff2
x-cache-hits: 32556

GET
H2 200 polyfill.min.js Show response
assets.guim.co.uk/polyfill.io/v3/ 165 B
933 B 24ms
23ms Script
text/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/polyfill.io/v3/polyfill.min.js?rum=0&features=es6,es7,es2017,es2018,es2019,default-3.6,HTMLPictureElement,IntersectionObserver,IntersectionObserverEntry,URLSearchParams,fetch,NodeList.prototype.forEach,navigator.sendBeacon,performance.now&flags=gated&callback=guardianPolyfilled&unknown=polyfill&cacheClear=1

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ca66086d8f50fbfb6ea350401a00e63bcf69fe3ea123091d2d273c2cb237a91f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2820288
detected-user-agent: Chrome Mobile WebView/96.0.4663
x-cache: HIT
x-gu-debug-url: /v3/polyfill.min.js?rum=0&features=es6,es7,es2017,es2018,es2019,default-3.6,HTMLPictureElement,IntersectionObserver,IntersectionObserverEntry,URLSearchParams,fetch,NodeList.prototype.forEach,navigator.sendBeacon,performance.now&flags=gated&callback=guardianPolyfilled&unknown=polyfill&cacheClear=1
server-timing: HIT, fastly;desc="Edge time";dur=1
content-length: 149
x-served-by: cache-mxp6977-MXP
access-control-allow-origin: *
referrer-policy: origin-when-cross-origin
last-modified: Wed, 20 Oct 2021 22:43:04 GMT
x-timer: S1637599575.903735,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/96.0.0
via: 1.1 varnish
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 525

GET
H2 200 ophan.b4033113e9bd743bea56.js Show response
assets.guim.co.uk/assets/ 21 KB
7 KB 37ms
21ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/ophan.b4033113e9bd743bea56.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

11e47b93eb4b43d054eccae1086ded5fc84ad92c3dea3821ff9cc3875d201e28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: oEvgNTP3GbPa2SIfuHyGQQAqzyxpSGtN
content-encoding: gzip
etag: "3e6fe6cf55985a74c3087e5f06f3462d"
age: 2773731
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/ophan.b4033113e9bd743bea56.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: 9h6LkPxiw3+Iy/C7Ogg1erXdtxzqp/MQlliCo37NeEeX+BQWVqRR9EYa+P4AmSWN6+oOyzeoIQU=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:52 GMT
server: AmazonS3
x-timer: S1637599575.891659,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 8PQ9SNF4R2EGCMA1
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 7207
content-type: application/javascript
x-cache-hits: 19042

GET
H2 200 graun.standalone.commercial.js Show response
assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/ 245 KB
77 KB 24ms
23ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0b3c32aa57537bede0a7e02bf061ad9d4da5a49613edeb2966ea6ea132e679f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: EJr.sDSyCtwQF5QNQp8qG7EpY7.CfS7N
content-encoding: gzip
etag: "51e9275e3dbcda6cbdae6d3e5ae95dd8"
age: 363974
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: ee8u5bbbPTTa9DV5/74N2aiwk2ZOlBx1UjfItEbiMHA3pB6UxRXvFWls1UJlX0Rqe/Eg1LXif3U=
x-served-by: cache-mxp6977-MXP
accept-ranges: bytes
last-modified: Thu, 18 Nov 2021 11:36:12 GMT
server: AmazonS3
x-timer: S1637599575.903633,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: BEZHZE1KCSFNDJ99
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 78436
content-type: application/javascript
x-cache-hits: 4348

GET
H2 200 sentryLoader.4a610c73c56e279dc51c.js Show response
assets.guim.co.uk/assets/ 11 KB
5 KB 37ms
22ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/sentryLoader.4a610c73c56e279dc51c.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9b6244d4ee541c5631a450b07c75fcaeac0f24e5c42074884ebe261e24196b2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: .Mxfdf4oJd_PJbVUFD7UPdTxi6akVpUZ
content-encoding: gzip
etag: "fb662614a995d20e6432a62dd15397fb"
age: 2773690
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/sentryLoader.4a610c73c56e279dc51c.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: W1rdEpMRkSvQuLZKHlhC11XzQkjwF5PeGtGXiWpnBqwGzLqjKljNZ9u4HjErLhMoBflmc/QLmvI=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:53 GMT
server: AmazonS3
x-timer: S1637599575.896144,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 2J7RV0F9XCVZJ4D8
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 4799
content-type: application/javascript
x-cache-hits: 19074

GET
H2 200 coreVitals.1aff5e83bb549c6eeb89.js Show response
assets.guim.co.uk/assets/ 10 KB
4 KB 38ms
23ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/coreVitals.1aff5e83bb549c6eeb89.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8c55368b1596666dc3a8341498f96ff79736bf3c10cc25c5adc5e4c758798ff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: xg9xcUc4ZPlYbG4SaqI4RNaSZLcBUawU
content-encoding: gzip
etag: "f6a114b210c9311996ab328f5f4f506d"
age: 1836550
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/coreVitals.1aff5e83bb549c6eeb89.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: HlFvo+IimP+uzJNYgLFJPIwjyy/I2Dk7+SqydIVhHgj0a2BXh1KhjMAK1JagVGJfCnwQLpLqBcg=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Mon, 01 Nov 2021 10:33:34 GMT
server: AmazonS3
x-timer: S1637599575.896077,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 9RT7BW4EA3AHCQ06
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 4053
content-type: application/javascript
x-cache-hits: 19092

GET
H2 200 dynamicImport.0eeae0a7f78c56ec03eb.js Show response
assets.guim.co.uk/assets/ 7 KB
3 KB 23ms
8ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/dynamicImport.0eeae0a7f78c56ec03eb.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

577d26e576165eeb50153c2b7d1a1541d7363fb16414d59aaa0e25ef50e374da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: f4x4FvpwL_tFEK_6OdlkFngUgFwGRlx7
content-encoding: gzip
etag: "4a60fe29c8b49b01667254cf1aa75924"
age: 2773696
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/dynamicImport.0eeae0a7f78c56ec03eb.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: ywv2W3npHfFZnIpUyJZwN2PDZ9A8OhYKWntA3CIf6EFiSYzomOSpMlcEN/nCq22l/Ah7L6fqFoo=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:52 GMT
server: AmazonS3
x-timer: S1637599575.891403,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: GVKNVJ1CREDJP6K3
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 3034
content-type: application/javascript
x-cache-hits: 19027

GET
H2 200 react.664281ded2acb7cff642.js Show response
assets.guim.co.uk/assets/ 463 KB
136 KB 23ms
9ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/react.664281ded2acb7cff642.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

523d5c017e3a79329822c69bc4c621545dbe5a74119642ac9fe1728d127a081a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: UbknerQbHY5SS9Fah3bs3LUKMfGQcKIU
content-encoding: gzip
etag: "96ce01596f73004dafaef3917fa2bbdb"
age: 6078
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/react.664281ded2acb7cff642.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: qUE73LNgl59R8MUMY5yUPBvAzjdwfHp+q2ulfTY1NmCKZhW9fHm9a/pVsl7MsH7GJjlYqqarkfQ=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Mon, 22 Nov 2021 15:02:42 GMT
server: AmazonS3
x-timer: S1637599575.891171,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 33J40D0HV3MX0CG4
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 138430
content-type: application/javascript
x-cache-hits: 150

GET
H2 200 EditionDropdown.ecba00cc3070f43eed89.js Show response
assets.guim.co.uk/assets/ 1 KB
1 KB 36ms
22ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/EditionDropdown.ecba00cc3070f43eed89.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3c4b9f80b5ec8ae97999ea5fcbed813b6c29ef52613333911a5e000d80d74d01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: WSuNqkinyVwVByMPgYnKx7XWp.iMPdR2
content-encoding: gzip
etag: "52946c3652a5afefcb5c3efad19f2aae"
age: 2773803
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/EditionDropdown.ecba00cc3070f43eed89.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: kzoOYNqsOV56wSeIQsZrM1yM/C0ejON2D1ED2+xj4794v6yo/cyNoW/aBXBT4vS2Pb0F5+A3RCE=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:52 GMT
server: AmazonS3
x-timer: S1637599575.896262,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: CG2MW2443BWFVDA1
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 710
content-type: application/javascript
x-cache-hits: 18881

GET
H2 200 elements-InteractiveBlockComponent.a9e78ffcf4e8aa205074.js Show response
assets.guim.co.uk/assets/ 7 KB
3 KB 22ms
8ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/elements-InteractiveBlockComponent.a9e78ffcf4e8aa205074.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c6f0e2e3e0d40832970e85aa1235384d7a024f7dbf2437d95963568c16cda901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 6P3pwfoLMfNI1B3Y..gqel5CxVhbsQbQ
content-encoding: gzip
etag: "c6f0f56b712f01e93c98e559efd4e639"
age: 366388
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/elements-InteractiveBlockComponent.a9e78ffcf4e8aa205074.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: CS8DjvPNHFKq+OF+L+CvcRFNBmNFni0SE1uRsls56CJYM3AtAMyhLDfP+iS6YRmP+85r8ajjhVk=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 18 Nov 2021 10:57:27 GMT
server: AmazonS3
x-timer: S1637599575.891463,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: SJQH2TX033BHYGFZ
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 2961
content-type: application/javascript
x-cache-hits: 677

GET
H2 200 print.css
assets.guim.co.uk/static/frontend/css/ 81 B
477 B 38ms
37ms Stylesheet
text/css 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/css/print.css

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

da22a2e4326e5cc0595a7e7cb5ebd68492896f1660e1ee116e3af32ad6aeccce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: BTP4rKBVDJL5eVvkGlxpJ6d6pXeQWqid
content-encoding: gzip
etag: "db34472656eebc5c36590124014292c0"
age: 14450116
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/css/print.css
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: GGnp5uVMHdlqoQUAPEaWPSF5wqWxWBARtBaXJMFT2jZD4X1xd9GN9H0DyLE56wkgUwincHwSr6Y=
x-served-by: cache-mxp6977-MXP
accept-ranges: bytes
last-modified: Mon, 07 Jun 2021 16:07:15 GMT
server: AmazonS3
x-timer: S1637599575.903901,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 5FSER2D80CRAG65Z
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 91
content-type: text/css
x-cache-hits: 7966

GET
H2 200 5700.jpg
i.guim.co.uk/img/media/1ca47dc757d18b0d58f5db601741708f4df1cfd5/0_142_5700_3420/master/ 51 KB
51 KB 21ms
21ms Image
image/webp 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.guim.co.uk/img/media/1ca47dc757d18b0d58f5db601741708f4df1cfd5/0_142_5700_3420/master/5700.jpg?width=1020&quality=85&auto=format&fit=max&s=096f2b14e79c7212fe5a453dff60212f
Requested by: Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8dc9022b527f378bcc19e9f7d9c826c2bb600cc274fd686c31c1e370226942d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:14 GMT
via: 1.1 varnish, 1.1 varnish
etag: "l3dMtjnbeaqdVPXgBFhzwh7yuCqHFlfUTZZM8hL3oxc"
age: 521963
x-cache: HIT, HIT
fastly-io-info: ifsz=5176097 idim=5700x3420 ifmt=jpeg ofsz=52050 odim=1020x612 ofmt=webp
fastly-stats: io=1
x-amz-meta-bounds-y: 142
content-length: 52050
x-served-by: cache-lcy19256-LCY, cache-mxp6977-MXP
x-amz-meta-bounds-width: 5700
server: AmazonS3
x-timer: S1637599575.895104,VS0,VE1
x-amz-meta-bounds-height: 3420
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-meta-aspect-ratio: 5:3
x-amz-meta-bounds-x: 0
x-cache-hits: 1, 4

GET
H2 200 atomIframe.ca3fe0bf4d5f97251074.js Show response
assets.guim.co.uk/assets/ 4 KB
2 KB 18ms
17ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/atomIframe.ca3fe0bf4d5f97251074.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bcabe3aad03ca10dae6899d63aea16afa3a795856d558b59e0b1f59ed14cbd15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: Eyw4f5SSyX5Z5gZibyACvGoYJ5Qd4zAS
content-encoding: gzip
etag: "09717c5fed643dac542aecfd3d251ecc"
age: 2773787
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/atomIframe.ca3fe0bf4d5f97251074.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: 3bqdD8eWk9IfnTmJIbNXpucWX/6P77r1m+3QOfYV9QzCyf6jwBBWcuu+k1QjYub1cPAAtHwWv+4=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:52 GMT
server: AmazonS3
x-timer: S1637599575.897301,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: HFJ9ZYS8W9X7A8GF
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 1895
content-type: application/javascript
x-cache-hits: 19198

GET
H2 200 embedIframe.28992f8daca245eb6802.js Show response
assets.guim.co.uk/assets/ 4 KB
2 KB 19ms
18ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/embedIframe.28992f8daca245eb6802.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

282d9eaa193401042371f81ad8b2ee9f698c1a8a3061d8c3e53f79fbe8827418

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: _x2OH66T8B08ylwUicgpO15sGL9wzelU
content-encoding: gzip
etag: "a1361c2d674365af5c2fef7e8893d128"
age: 2773784
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/embedIframe.28992f8daca245eb6802.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: foWITs5vm3YXaexGqepVpDxKsEuTl2bkTRLnaAkMXNbUdLGMoIydlPKQ/ytxPJtroFUQXCD7ORc=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:52 GMT
server: AmazonS3
x-timer: S1637599575.897402,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 72HHRT0TRGTRS4DE
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 1897
content-type: application/javascript
x-cache-hits: 19071

GET
H2 200 newsletterEmbedIframe.636bb4d0571f850e6f1f.js Show response
assets.guim.co.uk/assets/ 4 KB
2 KB 19ms
18ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/newsletterEmbedIframe.636bb4d0571f850e6f1f.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a5c03b5fdf2fb27759648f12584259fd3e4be1d818ecedbf2e247edf67ac7521

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: ytSHrQqfEESHEImxZjDf3ykQ0NM1ksJD
content-encoding: gzip
etag: "7eaa96be00759d6efd0896a2489cd37d"
age: 2773788
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/newsletterEmbedIframe.636bb4d0571f850e6f1f.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: 6nPCkKnRCoJqBf6ZtiWcfnLzb0fFP96es0yHyrgSGmx/CCICSF4XoCkVjhjbaKjPl50vG39oB40=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Thu, 21 Oct 2021 14:13:52 GMT
server: AmazonS3
x-timer: S1637599575.897487,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: HFJBCK3EH576GWBE
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 1856
content-type: application/javascript
x-cache-hits: 19111

GET
H2 200 tech-scape Show response
www.theguardian.com/email/form/plaintone/ Frame E9F8 64 KB
8 KB 53ms
53ms Document
text/html 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theguardian.com/email/form/plaintone/tech-scape

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b632904bb25c33427c5f2db71603aead71b8c0e4a7a5652238729b8bf4d3e0b0

Security Headers

Name	Value
Content-Security-Policy	default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
etag: W/"hash-3849051809219411536"
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:14 GMT
age: 778
x-timer: S1637599575.902777,VS0,VE33
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com
referrer-policy: no-referrer-when-downgrade
feature-policy: camera 'none'; microphone 'none'; midi 'none'; geolocation 'none'
permissions-policy: camera=(), microphone=(), midi=(), geolocation=(), interest-cohort=()
x-gu-edition: int
cache-control: max-age=3600, stale-while-revalidate=360, stale-if-error=864000, private, no-transform
vary: Accept-Encoding,User-Agent
content-length: 8221

GET
H2 200 today-uk Show response
www.theguardian.com/email/form/footer/ Frame 7503 64 KB
9 KB 38ms
38ms Document
text/html 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theguardian.com/email/form/footer/today-uk

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3955357efefcf7f3b7e3cd67260a73f02bf34e384b59d2749c1aac361b7b49c

Security Headers

Name	Value
Content-Security-Policy	default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
etag: W/"hash3457201252582296861"
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:14 GMT
age: 58266
x-timer: S1637599575.903975,VS0,VE0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com
referrer-policy: no-referrer-when-downgrade
feature-policy: camera 'none'; microphone 'none'; midi 'none'; geolocation 'none'
permissions-policy: camera=(), microphone=(), midi=(), geolocation=(), interest-cohort=()
x-gu-edition: int
cache-control: max-age=86400, stale-while-revalidate=8640, stale-if-error=864000, private, no-transform
vary: Accept-Encoding,User-Agent
content-length: 8170

GET
H2 200 GHGuardianHeadline-Light.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/ 15 KB
16 KB 7ms
7ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-Light.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a146658c96b87556d722e61e961bbe814f135ddf0b3d352d500d71fb39035595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: I5k8ggb9tfx7pNMPsYmgnLQh9U_S8Xtb
via: 1.1 varnish
etag: "5acde69d26abfad0f3ef938733057577"
age: 65858525
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-headline/noalts-not-hinted/GHGuardianHeadline-Light.woff2
fastly-restarts: 1
x-amz-id-2: 0HeTkxJsOXSXUt0hZU91MiSggm37GVredcrImBNyeKnjJklUUcOoS/FOCkWh1V4tg5RrSDy9Yx0=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:34 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.936328,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 08488668C842BD5B
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 15764
content-type: font/woff2
x-cache-hits: 15397

GET
H2 200 GuardianTextEgyptian-RegularItalic.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/ 17 KB
18 KB 9ms
9ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-RegularItalic.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d1da416a71b864e9a36112077810f09dbd481ec020b6112ee80d52d394084a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: Ha6mXIC6fsyvvkXsL23cAH_20gPx5UnX
via: 1.1 varnish
etag: "56b80ffcda5838d0e6f48aa0afbf42cb"
age: 65859109
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-RegularItalic.woff2
fastly-restarts: 1
x-amz-id-2: Wcm3XT7o+D2wqUPA0kXalHsBRGiEvKBf8RA6M3sBnCPGHZx9FtCwF38vo0C4iFC1nrKSLMggpxw=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:25 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.947487,VS0,VE0
date: Mon, 22 Nov 2021 16:46:14 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: AD70A0F57E47786F
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 17836
content-type: font/woff2
x-cache-hits: 9648

GET
H/1.1 204
No Content 1
ophan.theguardian.com/img/ 0
808 B 132ms
30ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/1?v=16&platform=next-gen&url=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east&ref=https%3A%2F%2Ft.co%2F&visibilityState=visible&tz=0&contentType=article&viewId=kwawi6vwnxwcottoupfa

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 136ms
31ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&inPrivateBrowsingMode=false

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 139ms
32ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&experiences=dotcom-rendering

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/7oDgiTsq88US4rrBG0_Nxpafkrg/gpt_and_prebid/ 189 KB
36 KB 59ms
17ms Script
text/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/7oDgiTsq88US4rrBG0_Nxpafkrg/gpt_and_prebid/config.js
Requested by: Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b97b801cdb31d4b039b404b46c726f1644ddf661d369cd9af389a751137101e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Content-Encoding: gzip
Age: 173
X-Cache: HIT
Connection: keep-alive
Content-Length: 35779
x-amz-id-2: rJcVTLx7W5Zn4B7Jrc29w1SzGaW0Vh18510AUt73WQAa7/Y40lWL5TVSabdD+9JJ/X8v0ENf1/w=
X-Served-By: cache-cdg20747-CDG
Last-Modified: Mon, 22 Nov 2021 16:37:26 GMT
Server: AmazonS3
X-Timer: S1637599575.046154,VS0,VE0
ETag: "2906d594a638cbd7376c1b8a05f734cf"
x-amz-request-id: PS0JABRXXQ6VAAF8
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 11

GET
H2 200 index.html Show response
interactive.guim.co.uk/embed/from-tool/generic/ Frame 861B 15 KB
3 KB 248ms
248ms Document
text/html 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false

Requested by

Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/assets/elements-InteractiveBlockComponent.a9e78ffcf4e8aa205074.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

589c223d9c77a94e34140709997aa8986384134e97672880865abed1b38b0305

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Response headers

x-amz-id-2: p6E/jlErpBAY7Fd+N1Z1Kp6islviV/qYrI//Zyjh23XEMPfSfV9v3tJkkLgISzOs+ePGNu5lYQc=
x-amz-request-id: SF5CMJAV9BPBQ2QE
cache-control: max-age=20
last-modified: Tue, 23 Feb 2021 14:58:07 GMT
etag: "1c6fe4abcca5ffdcbf174662d8752fb5"
content-type: text/html
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-mxp6977-MXP
x-cache: HIT
x-cache-hits: 1
x-timer: S1637599575.075738,VS0,VE219
vary: Accept-Encoding
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
strict-transport-security: max-age=31536000
content-length: 2510

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 70ms
30ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&abTestRegister=%7B%22SignInGateMainVariant%22%3A%7B%22variantName%22%3A%22main-variant-4%22%2C%22complete%22%3Afalse%7D%7D

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H2 200 iframeMessenger.js Show response
interactive.guim.co.uk/libs/iframe-messenger/ Frame 7503 13 KB
4 KB 20ms
20ms Script
application/x-javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/libs/iframe-messenger/iframeMessenger.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/email/form/footer/today-uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

972a157b46d5c4752e1cfff2b890dea370e42a1baa11debd2b8e24b3d9850dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/email/form/footer/today-uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 56802
via: 1.1 varnish
x-cache: HIT
content-length: 3636
x-amz-id-2: tZqSXzdf/C5aqSs3p3UJXEM6GD1KnNTTPk0eauHRQ4MRPzxnRRG52EX7S6jDpEu+IxINNgpdLzI=
x-served-by: cache-mxp6977-MXP
last-modified: Mon, 23 Nov 2020 14:56:28 GMT
server: AmazonS3
x-timer: S1637599575.085166,VS0,VE0
etag: "0df71ce295009e71bd417701bc3221a7"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: MA1F9T6B0FNC4BY3
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=86400
accept-ranges: bytes
content-type: application/x-javascript
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 1107

GET
H2 200 iframeMessenger.js Show response
interactive.guim.co.uk/libs/iframe-messenger/ Frame E9F8 13 KB
4 KB 20ms
20ms Script
application/x-javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/libs/iframe-messenger/iframeMessenger.js

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/email/form/plaintone/tech-scape

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

972a157b46d5c4752e1cfff2b890dea370e42a1baa11debd2b8e24b3d9850dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/email/form/plaintone/tech-scape
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 56802
via: 1.1 varnish
x-cache: HIT
content-length: 3636
x-amz-id-2: tZqSXzdf/C5aqSs3p3UJXEM6GD1KnNTTPk0eauHRQ4MRPzxnRRG52EX7S6jDpEu+IxINNgpdLzI=
x-served-by: cache-mxp6977-MXP
last-modified: Mon, 23 Nov 2020 14:56:28 GMT
server: AmazonS3
x-timer: S1637599575.086519,VS0,VE0
etag: "0df71ce295009e71bd417701bc3221a7"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: MA1F9T6B0FNC4BY3
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=86400
accept-ranges: bytes
content-type: application/x-javascript
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 1108

GET
H2 200 316.fa30eee9d52b41370f17.js Show response
assets.guim.co.uk/assets/ 7 KB
3 KB 20ms
20ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/316.fa30eee9d52b41370f17.js

Requested by

Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/assets/react.664281ded2acb7cff642.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7793cf8baa96ef5ebae5c4dc72fb0bb734a8048f3ed7e875d3b4c98cf01b2569

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: kFJ3IoZhKmBgcMPAKFzoK5KHvZV0nIbL
content-encoding: gzip
etag: "88f0cd1f108aebf10c29c5627e91c3c2"
age: 889373
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/316.fa30eee9d52b41370f17.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: Lch9rU+4OgyrAX54Btolx+XsZ2kBz3DRT+CKtRf6/GGEKOUtceeAqk5zCVp9wi9FW4I/tDeAzng=
x-served-by: cache-mxp6977-MXP
accept-ranges: bytes
last-modified: Fri, 12 Nov 2021 09:34:20 GMT
server: AmazonS3
x-timer: S1637599575.095974,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: J3G5ERC3SF4PPSA9
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 2823
content-type: application/javascript
x-cache-hits: 4159

GET
H2 200 MostViewedRightWrapper.39ac03047be471dac27b.js Show response
assets.guim.co.uk/assets/ 10 KB
4 KB 21ms
21ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/assets/MostViewedRightWrapper.39ac03047be471dac27b.js

Requested by

Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/assets/react.664281ded2acb7cff642.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

328bec4f9461149a451700274d10f472596300b74d7e5aff1469613fc5f76453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 27BGI4IsjyhybGYnn.D8gQuZBGxbBvHQ
content-encoding: gzip
etag: "883e696d2b3d8f86b110427ebc923c8f"
age: 1120837
via: 1.1 varnish
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/assets/MostViewedRightWrapper.39ac03047be471dac27b.js
vary: Accept-Encoding
fastly-restarts: 1
x-amz-id-2: cCTADgn1pJZwUv2osZd6pTBtKe1P/ntZydW4p1Pri+Vb0yqS2FuK6q013mrAUmd4RBcgReoUO/s=
x-served-by: cache-mxp6977-MXP
accept-ranges: bytes
last-modified: Tue, 09 Nov 2021 17:22:40 GMT
server: AmazonS3
x-timer: S1637599575.096125,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: TBVZAD2H6JFWMYRX
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 3944
content-type: application/javascript
x-cache-hits: 1600

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 61ms
31ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&attentionMs=0

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

OPTIONS
H2 204 header
contributions.guardianapis.com/ Frame 0
0 32ms
31ms Preflight 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/header
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.theguardian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

x-powered-by: Express
access-control-allow-origin: https://www.theguardian.com
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers: content-type
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
x-served-by: cache-fra19121-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1637599575.092815,VS0,VE24
vary: Origin, Access-Control-Request-Headers

POST
H2 200 header Show response
contributions.guardianapis.com/ 1020 B
1 KB 33ms
31ms Fetch
application/json 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/header
Requested by: Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: / Express
Resource Hash: 1d06aa97e44864dd0d6f21f4dd141de1a0f10c0bae9b5cc0c78ae691207e0b8d

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
etag: W/"3fc-lvjSC46H15zQXonv7/kq0djoqDg"
x-timer: S1637599575.125556,VS0,VE24
x-powered-by: Express
x-served-by: cache-fra19121-FRA
vary: Origin, Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.theguardian.com
accept-ranges: bytes
content-length: 1020
x-cache-hits: 0

GET
H2 200 wrapperMessagingWithoutDetection.js Show response
sourcepoint.theguardian.com/ 152 KB
44 KB 23ms
22ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sourcepoint.theguardian.com/wrapperMessagingWithoutDetection.js

Requested by

Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3027903fadc1c7bce41a6da98ec6b2f98f81a6a8cf9a7e9d18225d75a0fc5c7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 1941d7a64ce4dc55d14b445963586a6e.cloudfront.net (CloudFront), 1.1 varnish
etag: W/"1aa01f69176ee58df1ff14e1e378a06e"
age: 3279
x-cache: Hit from cloudfront, MISS
content-encoding: gzip
vary: Accept-Encoding
x-served-by: cache-mxp6977-MXP
last-modified: Fri, 19 Nov 2021 19:27:27 GMT
server: AmazonS3
x-timer: S1637599575.109136,VS0,VE1
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=300
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-pop: MXP63-P2
accept-ranges: bytes
x-amz-cf-id: ow6A31ieX3xn0_xy1zPBzG3VU0Y4YoLa5oO4-goerkpTE5SjN3zlXw==
x-cache-hits: 0

GET
H2 200 GuardianTextSans-Regular.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/ Frame E9F8 15 KB
15 KB 11ms
9ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/email/form/plaintone/tech-scape

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf672dbc2fe3d05096cb045691ec7a9dc00e3470458665d42d0b7aabd07bb990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: W1Hv7rRPRRUyW4Ue.cU0aQvIjwUbkD1y
via: 1.1 varnish
etag: "5c9af23772b65de0d3f1fb8638c196b4"
age: 65859152
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Regular.woff2
fastly-restarts: 1
x-amz-id-2: 6l4ZdbH+WPzXg8Y/HuqwlMwGQuum26hF2cKTlztneGTbg6p9pp1kAdJwyh8bX5C2T/gp3q2UgFQ=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:36 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.112658,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 1E40D33F14496FA7
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 15416
content-type: font/woff2
x-cache-hits: 32693

GET
H2 200 GuardianTextSans-Bold.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/ Frame E9F8 17 KB
18 KB 11ms
9ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/email/form/plaintone/tech-scape

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

46e089c7d79ff80fef01582ba8261d42728b78c345fdbe8d52199907498d280e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: _qXyF7mv5ZffuL0kOZNOgbadUrtkYUy0
via: 1.1 varnish
etag: "227b6e4f26bef19d8f2815f6097b7b7c"
age: 65858975
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Bold.woff2
fastly-restarts: 1
x-amz-id-2: q67qG3tiJ/7lGqsc2KaIEwG+H/PGZXDQOvprxYey9kEFZmq0Qc+J8QAVenOOw4NsHIGUIg/m+Lw=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:35 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.112825,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: B4CADE93E9658B5D
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 17376
content-type: font/woff2
x-cache-hits: 32558

GET
H2 200 GuardianTextSans-Bold.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/ Frame 7503 17 KB
17 KB 9ms
7ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/email/form/footer/today-uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

46e089c7d79ff80fef01582ba8261d42728b78c345fdbe8d52199907498d280e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: _qXyF7mv5ZffuL0kOZNOgbadUrtkYUy0
via: 1.1 varnish
etag: "227b6e4f26bef19d8f2815f6097b7b7c"
age: 65858975
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Bold.woff2
fastly-restarts: 1
x-amz-id-2: q67qG3tiJ/7lGqsc2KaIEwG+H/PGZXDQOvprxYey9kEFZmq0Qc+J8QAVenOOw4NsHIGUIg/m+Lw=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:35 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.126379,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: B4CADE93E9658B5D
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 17376
content-type: font/woff2
x-cache-hits: 32559

GET
H2 200 GuardianTextSans-Regular.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/ Frame 7503 15 KB
15 KB 8ms
7ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/email/form/footer/today-uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf672dbc2fe3d05096cb045691ec7a9dc00e3470458665d42d0b7aabd07bb990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: W1Hv7rRPRRUyW4Ue.cU0aQvIjwUbkD1y
via: 1.1 varnish
etag: "5c9af23772b65de0d3f1fb8638c196b4"
age: 65859152
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textsans/noalts-not-hinted/GuardianTextSans-Regular.woff2
fastly-restarts: 1
x-amz-id-2: 6l4ZdbH+WPzXg8Y/HuqwlMwGQuum26hF2cKTlztneGTbg6p9pp1kAdJwyh8bX5C2T/gp3q2UgFQ=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:36 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.126526,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: 1E40D33F14496FA7
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 15416
content-type: font/woff2
x-cache-hits: 32694

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/ 189 KB
60 KB 16ms
16ms Script
application/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/7oDgiTsq88US4rrBG0_Nxpafkrg/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Content-Encoding: gzip
Age: 370
X-Cache: HIT
Connection: keep-alive
Content-Length: 61293
x-amz-id-2: 5iXtHtoR3zmnGS+avaHSjIgLslhSyydTrY+g3UmfZTT92vT7uG6NNDcfSUTd2Oc29pzSMn4ql8c=
X-Served-By: cache-cdg20747-CDG
Last-Modified: Wed, 17 Nov 2021 21:29:49 GMT
Server: AmazonS3
X-Timer: S1637599575.154153,VS0,VE0
ETag: "cb7589d017ac65aecf6dc6f5ec17c4b7"
x-amz-request-id: A3AJK1PYMKBECDJW
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 771

GET
H2 200 GuardianTextEgyptian-Regular.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/ Frame 7503 16 KB
17 KB 7ms
7ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa364c5f0844c7c1fe4c96d14495d45d65c07b2a635b44800382e266e1a67d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: QYXAwp2tuouJ0Lk6hjMnWl.PiqZrfmqq
via: 1.1 varnish
etag: "66184690aa8f829b88f8d7b855ec63fd"
age: 65858380
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Regular.woff2
fastly-restarts: 1
x-amz-id-2: D4/X2odJBEDsDjdpxuCsp1Y/nUfT3M9ESZCWhFPo6atmXPbVECve5I8kUjAY4QpsgL+R3mKtckE=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:25 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.151166,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: C090B75EF69A67D1
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 16792
content-type: font/woff2
x-cache-hits: 30778

GET
H2 200 GuardianTextEgyptian-Regular.woff2
assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/ Frame E9F8 16 KB
17 KB 7ms
7ms Font
font/woff2 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.guim.co.uk/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa364c5f0844c7c1fe4c96d14495d45d65c07b2a635b44800382e266e1a67d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.theguardian.com/
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: QYXAwp2tuouJ0Lk6hjMnWl.PiqZrfmqq
via: 1.1 varnish
etag: "66184690aa8f829b88f8d7b855ec63fd"
age: 65858380
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/static/frontend/fonts/guardian-textegyptian/noalts-not-hinted/GuardianTextEgyptian-Regular.woff2
fastly-restarts: 1
x-amz-id-2: D4/X2odJBEDsDjdpxuCsp1Y/nUfT3M9ESZCWhFPo6atmXPbVECve5I8kUjAY4QpsgL+R3mKtckE=
x-served-by: cache-fra19121-FRA
accept-ranges: bytes
last-modified: Tue, 22 Oct 2019 10:30:25 GMT
server: AmazonS3
x-fonts-legal-notice: The displayed fonts and associated software are the exclusive property of Schwartzco Inc (trading as Commercial Type). Reproduction or further transmission of all or part of the fonts, or use of the associated software, without written permission of Commercial Type is prohibited. By displaying the fonts, no permission or sub-licence is granted by Guardian News & Media Limited for use of the fonts by third parties.
x-timer: S1637599575.154365,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: C090B75EF69A67D1
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 16792
content-type: font/woff2
x-cache-hits: 30779

GET
H2 200 Header.js Show response
contributions.guardianapis.com/modules/v3/header/ 51 KB
17 KB 7ms
7ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/modules/v3/header/Header.js
Requested by: Host: t.co
URL: https://t.co/BB9I05xnCR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1504645044c577f875f453b1ebcb3cbc73e96ecbe57e44492b70556b1f93fd78

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: dazjsZouDfia08e4AKYiuR_PhnO08RwQ
content-encoding: gzip
etag: "dd3d36d921f47135abc278b53921a922"
age: 195
via: 1.1 varnish
x-cache: HIT
x-amz-meta-surrogate-control: max-age=300
content-length: 17094
x-amz-id-2: p+0jnVClTgcFBqE7OcwuJeCIZnEf62pF47Y5RkF4nw4tbbT/Rcqk7TLGFRNMMU4A+bpINU7kQVs=
x-served-by: cache-fra19121-FRA
last-modified: Mon, 22 Nov 2021 13:29:51 GMT
server: AmazonS3
x-timer: S1637599575.171781,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
vary: Accept-Encoding
x-amz-request-id: VE6B9WAG9JQ7NRX1
access-control-allow-origin: https://www.theguardian.com
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 7

GET
H2 200 native-message Show response
sourcepoint.theguardian.com/wrapper/tcfv2/v1/gdpr/ 110 KB
10 KB 29ms
29ms XHR
application/json 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sourcepoint.theguardian.com/wrapper/tcfv2/v1/gdpr/native-message?requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&hasCsp=true&env=prod&consentLanguage=browserDefault&body=%7B%22accountId%22%3A1257%2C%22requestUUID%22%3A%227c25ed17-5427-4e85-9104-63babc293ee1%22%2C%22propertyHref%22%3A%22https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2021%2Fnov%2F16%2Fisraeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east%22%2C%22euconsent%22%3Anull%2C%22meta%22%3A%22%7B%5C%22mmsCookies%5C%22%3A%5B%5D%2C%5C%22resolved%5C%22%3Anull%7D%22%2C%22clientMMSOrigin%22%3A%22https%3A%2F%2Fsourcepoint.theguardian.com%22%2C%22targetingParams%22%3A%22%7B%5C%22framework%5C%22%3A%5C%22tcfv2%5C%22%7D%22%2C%22campaignEnv%22%3A%22prod%22%2C%22pubData%22%3A%7B%22platform%22%3A%22next-gen%22%2C%22pageViewId%22%3A%22kwawi6vwnxwcottoupfa%22%2C%22cmpInitTimeUtc%22%3A1637599575097%7D%7D

Requested by

Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/ Express

Resource Hash

9c369e881a2acb6328bc220796f747916a47ae1c700203816c9d2a8acea2ba3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: FRA56-C1
x-powered-by: Express
x-cache: Miss from cloudfront, MISS
x-served-by: cache-fra19121-FRA
access-control-allow-origin: https://www.theguardian.com
x-timer: S1637599575.202331,VS0,VE20
strict-transport-security: max-age=300
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront), 1.1 varnish
cache-control: no-cache, no-store
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id: yvxFAAjRF2_-f_82Ghjj2VLdYSeXBXiac0DsxUWk83gEghCw9GPjuA==
x-cache-hits: 0

OPTIONS
H2 200 native-message
sourcepoint.theguardian.com/wrapper/tcfv2/v1/gdpr/ Frame 0
0 17ms
17ms Preflight
text/plain 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/ Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.theguardian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/plain; charset=utf-8
x-powered-by: Express
access-control-allow-origin: https://www.theguardian.com
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods: GET, PUT, POST, DELETE
cache-control: no-cache, no-store
via: 1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: uEAdX34kj1OBFQPPuO_ul_fOzsdk6HnSfMksYSEjn6X8aMqBiypYHw==
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:15 GMT
x-served-by: cache-fra19121-FRA
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
x-timer: S1637599575.184002,VS0,VE11
vary: Accept-Encoding
strict-transport-security: max-age=300
content-length: 2

GET
H2 200 most-read-geo.json Show response
api.nextgen.guardianapps.co.uk/ 12 KB
3 KB 33ms
8ms Fetch
application/json 151.101.129.111
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.nextgen.guardianapps.co.uk/most-read-geo.json?dcr=true
Requested by: Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.111 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 33ad2e76be0df98eb2e8a716a41b0eef1223ac1816e4fb440f7148d2063c44c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
age: 0
x-gu-backend-app: onward
x-cache: HIT, HIT
content-length: 2940
x-served-by: cache-lcy19251-LCY, cache-hhn4037-HHN
access-control-allow-origin: https://www.theguardian.com
server: nginx
x-timer: S1637599575.219133,VS0,VE0
etag: W/"hash-5559037267563652005"
vary: Accept-Encoding,Origin,Accept
content-type: application/json
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900, stale-while-revalidate=90, stale-if-error=864000, private
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: X-Requested-With,Origin,Accept,Content-Type
x-cache-hits: 1, 16

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 32ms
32ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&componentEvent=%7B%22component%22%3A%7B%22componentType%22%3A%22ACQUISITIONS_HEADER%22%2C%22id%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%2C%22campaignCode%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%7D%2C%22action%22%3A%22INSERT%22%2C%22abTest%22%3A%7B%22name%22%3A%22RemoteRrHeaderLinksTest__NonUK%22%2C%22variant%22%3A%22remote%22%7D%7D

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H2 200 2404.jpg
i.guim.co.uk/img/media/1bf473717ca073df1bf6045b32286d315851c89c/654_154_2404_1442/master/ 4 KB
4 KB 25ms
24ms Image
image/webp 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.guim.co.uk/img/media/1bf473717ca073df1bf6045b32286d315851c89c/654_154_2404_1442/master/2404.jpg?width=300&quality=85&auto=format&fit=max&s=0bd3c0822fc284fdd1d92e44e5a2b237
Requested by: Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 690580db9feffb7f8a10790fdfbd14f2a6162f089fcc28bfc63250c6aea65f21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish, 1.1 varnish
etag: "OBRkfR2E/b3VN/2wSlO9yEsZLxwHhzGCIDjQk7MuBCI"
age: 14286
x-cache: HIT, HIT
fastly-io-info: ifsz=1033452 idim=2404x1442 ifmt=jpeg ofsz=3740 odim=300x180 ofmt=webp
fastly-stats: io=1
x-amz-meta-bounds-y: 154
content-length: 3740
x-served-by: cache-lcy19259-LCY, cache-mxp6977-MXP
x-amz-meta-bounds-width: 2404
server: AmazonS3
x-timer: S1637599575.244842,VS0,VE0
x-amz-meta-bounds-height: 1442
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-meta-aspect-ratio: 5:3
x-amz-meta-bounds-x: 654
x-cache-hits: 4, 119

GET
H2 200 3500.jpg
i.guim.co.uk/img/media/11f180895c0d4ac5c953c3bf4f86a4365711fc39/0_233_3500_2100/master/ 17 KB
17 KB 26ms
25ms Image
image/webp 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.guim.co.uk/img/media/11f180895c0d4ac5c953c3bf4f86a4365711fc39/0_233_3500_2100/master/3500.jpg?width=300&quality=85&auto=format&fit=max&s=e6c3cc4650db9f29c7f7099e60ecf8c6
Requested by: Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d115560c07126044936439c359cdf6b6f74e4a7ef1356b7ff4505ac8cadba227

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish, 1.1 varnish
etag: "Glvt1/ckS/2j78d0zOtXxd/MoQpedXGvjvFoqrZNqjo"
age: 17560
x-cache: HIT, HIT
fastly-io-info: ifsz=2521764 idim=3500x2100 ifmt=jpeg ofsz=17584 odim=300x180 ofmt=webp
fastly-stats: io=1
x-amz-meta-bounds-y: 233
content-length: 17584
x-served-by: cache-lcy19230-LCY, cache-mxp6977-MXP
x-amz-meta-bounds-width: 3500
server: AmazonS3
x-timer: S1637599575.245073,VS0,VE0
x-amz-meta-bounds-height: 2100
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-meta-aspect-ratio: 5:3
x-amz-meta-bounds-x: 0
x-cache-hits: 2, 60

GET
H2 200 6000.jpg
i.guim.co.uk/img/media/024e8704aaf8283c88f3ba115eeb1aab84ab1238/0_199_6000_3601/master/ 7 KB
8 KB 25ms
25ms Image
image/webp 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.guim.co.uk/img/media/024e8704aaf8283c88f3ba115eeb1aab84ab1238/0_199_6000_3601/master/6000.jpg?width=300&quality=85&auto=format&fit=max&s=95d8560e1c7b816fec3581d4baf5be5c
Requested by: Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0d57add607d2a9ecc4e0952b460dd4ee11a11d3ab924ca4a53e3c3e3da2748e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish, 1.1 varnish
etag: "HfTVrbFtsXkq0fUPWPUIDycVD87xt+YlLSdeZf1Fip4"
age: 14603
x-cache: HIT, HIT
fastly-io-info: ifsz=4170941 idim=6000x3601 ifmt=jpeg ofsz=7352 odim=300x180 ofmt=webp
fastly-stats: io=1
x-amz-meta-bounds-y: 199
content-length: 7352
x-served-by: cache-lcy19246-LCY, cache-mxp6977-MXP
x-amz-meta-bounds-width: 6000
server: AmazonS3
x-timer: S1637599575.245229,VS0,VE0
x-amz-meta-bounds-height: 3601
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-meta-aspect-ratio: 5:3
x-amz-meta-bounds-x: 0
x-cache-hits: 2, 124

GET
H2 200 1600.jpg
i.guim.co.uk/img/media/d835a0218d8c40a38a89f2aea16b6fd961713d72/38_0_1600_960/master/ 10 KB
10 KB 25ms
25ms Image
image/webp 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.guim.co.uk/img/media/d835a0218d8c40a38a89f2aea16b6fd961713d72/38_0_1600_960/master/1600.jpg?width=300&quality=85&auto=format&fit=max&s=a34300d802e5e03d35e66b44ed7b8aa2
Requested by: Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1b0ec6b46f6d030a07c58caffbb2596e86875d0cf10a9fd9f01ab93555d63500

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish, 1.1 varnish
etag: "RGqP7eP7FWDj3w7KHgapGb5KWbFC5yseWqbmZI4H83I"
age: 54649
x-cache: HIT, HIT
fastly-io-info: ifsz=463239 idim=1600x960 ifmt=jpeg ofsz=10520 odim=300x180 ofmt=webp
fastly-stats: io=1
x-amz-meta-bounds-y: 0
content-length: 10520
x-served-by: cache-lcy19260-LCY, cache-mxp6977-MXP
x-amz-meta-bounds-width: 1600
server: AmazonS3
x-timer: S1637599575.245264,VS0,VE0
x-amz-meta-bounds-height: 960
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-meta-aspect-ratio: 5:3
x-amz-meta-bounds-x: 38
x-cache-hits: 1, 434

GET
H2 200 5999.jpg
i.guim.co.uk/img/media/7a460e2864a1b420054a0d9201cfbda55e77b413/0_0_5999_3601/master/ 6 KB
6 KB 25ms
24ms Image
image/webp 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.guim.co.uk/img/media/7a460e2864a1b420054a0d9201cfbda55e77b413/0_0_5999_3601/master/5999.jpg?width=300&quality=85&auto=format&fit=max&s=583477444118ba7358398878c6605d11
Requested by: Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5e3272b035c6a7873856c7f3fe0fe2631ca36eb24d27ebb10420a4ea33ae8b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish, 1.1 varnish
etag: "4QeYvs8jooksyusa4j7Eu5bD5Dsu0zWXNk1S7vMTodw"
age: 86259
x-cache: HIT, HIT
fastly-io-info: ifsz=5104523 idim=5999x3601 ifmt=jpeg ofsz=6274 odim=300x180 ofmt=webp
fastly-stats: io=1
x-amz-meta-bounds-y: 0
content-length: 6274
x-served-by: cache-lcy19230-LCY, cache-mxp6977-MXP
x-amz-meta-bounds-width: 5999
server: AmazonS3
x-timer: S1637599575.245333,VS0,VE0
x-amz-meta-bounds-height: 3601
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-meta-aspect-ratio: 5:3
x-amz-meta-bounds-x: 0
x-cache-hits: 1, 164

OPTIONS
H2 204 banner
contributions.guardianapis.com/ Frame 0
0 117ms
116ms Preflight 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/banner
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.theguardian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

x-powered-by: Express
access-control-allow-origin: https://www.theguardian.com
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers: content-type
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
x-served-by: cache-fra19121-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1637599575.293519,VS0,VE101
vary: Origin, Access-Control-Request-Headers

OPTIONS
H2 204 epic
contributions.guardianapis.com/ Frame 0
0 108ms
108ms Preflight 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/epic
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.theguardian.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

x-powered-by: Express
access-control-allow-origin: https://www.theguardian.com
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers: content-type
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
x-served-by: cache-fra19121-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1637599575.304078,VS0,VE100
vary: Origin, Access-Control-Request-Headers

POST
H2 200 banner Show response
contributions.guardianapis.com/ 2 B
177 B 114ms
114ms Fetch
application/json 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/banner
Requested by: Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-timer: S1637599575.402392,VS0,VE99
x-powered-by: Express
x-served-by: cache-fra19121-FRA
vary: Origin, Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.theguardian.com
accept-ranges: bytes
content-length: 2
x-cache-hits: 0

POST
H2 200 epic Show response
contributions.guardianapis.com/ 16 KB
3 KB 118ms
118ms Fetch
application/json 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/epic
Requested by: Host: assets.guim.co.uk
URL: https://assets.guim.co.uk/javascripts/commercial/b496a5507b93dfdfd6d1/graun.standalone.commercial.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: / Express
Resource Hash: 2d59736bc82cfb92dde2ea02e3552f173c07196106c074f2cbfeeebe23bd4eb8

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
etag: W/"3ffc-gLq+BMUBc3naggmoPL3gqia7W2A"
x-timer: S1637599575.413396,VS0,VE111
x-powered-by: Express
x-served-by: cache-fra19121-FRA
vary: Origin, Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.theguardian.com
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 index.html Show response
sourcepoint.theguardian.com/ Frame 997C 4 KB
2 KB 23ms
22ms Document
text/html 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sourcepoint.theguardian.com/index.html?message_id=514494&consentUUID=31967d7f-ae61-4775-bbb6-5f820bdceec2&requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&preload_message=true

Requested by

Host: sourcepoint.theguardian.com
URL: https://sourcepoint.theguardian.com/wrapperMessagingWithoutDetection.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b16e4fdd3534e5df810787df45c2b8441ef95029ca125ab45d99f0bc68da9bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Response headers

content-type: text/html
last-modified: Thu, 18 Nov 2021 02:51:09 GMT
server: AmazonS3
content-encoding: gzip
etag: W/"89b8a4c9183b2e83d76d4204d34d51f6"
via: 1.1 13b67581ff611543a4bbfc12dfe7dae1.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: MXP63-P2
x-amz-cf-id: QfWHJNLGay6FT8MVVAnIcQgFZI-0fWm2ObelN-pQW9paZSAXGZi1ow==
age: 3203
accept-ranges: bytes
date: Mon, 22 Nov 2021 16:46:15 GMT
x-served-by: cache-mxp6977-MXP
x-cache: Hit from cloudfront, MISS
x-cache-hits: 0
x-timer: S1637599575.320093,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=300

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 31ms
31ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&componentEvent=%7B%22component%22%3A%7B%22componentType%22%3A%22CONSENT%22%2C%22products%22%3A%5B%5D%2C%22labels%22%3A%5B%2231967d7f-ae61-4775-bbb6-5f820bdceec2%22%2C%22CPQFJy9PQFJy9AGABCENB2CgAAAAAGPAAAYgAAANogQAAOAAuACEAHIAPwAyABoADaAI4ASIAswBcgDqAHdAQcBCACIgE7AJ-AUsAuoBgQDMgGsANeAdQA7YB_wEPgJiAXaAxYBtABIyAGAI4ApYCYhEAIApYBrAkAQARwBSwDWAJiDQAgClgGsFQAwBHAFLATEOgCACOALqAdQBdpCAGAI4A6gC7SUAUANoAjgC6gHUAXaUgAgLtAAA.YAAAAAAAAAAA%22%5D%7D%2C%22action%22%3A%22MANAGE_CONSENT%22%7D

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H2 200 iframeMessenger.js Show response
interactive.guim.co.uk/libs/iframe-messenger/ Frame 861B 13 KB
4 KB 21ms
20ms Script
application/x-javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/libs/iframe-messenger/iframeMessenger.js

Requested by

Host: interactive.guim.co.uk
URL: https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

972a157b46d5c4752e1cfff2b890dea370e42a1baa11debd2b8e24b3d9850dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 56802
via: 1.1 varnish
x-cache: HIT
content-length: 3636
x-amz-id-2: tZqSXzdf/C5aqSs3p3UJXEM6GD1KnNTTPk0eauHRQ4MRPzxnRRG52EX7S6jDpEu+IxINNgpdLzI=
x-served-by: cache-mxp6977-MXP
last-modified: Mon, 23 Nov 2020 14:56:28 GMT
server: AmazonS3
x-timer: S1637599575.333515,VS0,VE0
etag: "0df71ce295009e71bd417701bc3221a7"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: MA1F9T6B0FNC4BY3
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=86400
accept-ranges: bytes
content-type: application/x-javascript
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 1109

GET
H2 200 handlebars.min.js Show response
interactive.guim.co.uk/embed/from-tool/ Frame 861B 74 KB
23 KB 230ms
229ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/embed/from-tool/handlebars.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9e0258f770b81f7f586e6ad68672f34b289ea51b900d528334258eda2c8ccc5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 22740
x-amz-id-2: BPPjGTUjHTBRGU0wdXlutGz2Ff6W4J8XqLhW7EJ3eWv1bHJkLjA+CxqU9GiLTTlcbZwPwhgJfyA=
x-served-by: cache-mxp6977-MXP
last-modified: Tue, 23 Feb 2021 14:58:08 GMT
server: AmazonS3
x-timer: S1637599575.333763,VS0,VE209
etag: "5640145268153dd8498008f3a99760da"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: 6EY29SRMYY112NJK
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=20
accept-ranges: bytes
content-type: application/javascript
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 1

GET
H2 200 Notice.03819.css
sourcepoint.theguardian.com/ Frame 997C 32 KB
6 KB 22ms
21ms Stylesheet
text/css 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sourcepoint.theguardian.com/Notice.03819.css

Requested by

Host: sourcepoint.theguardian.com
URL: https://sourcepoint.theguardian.com/index.html?message_id=514494&consentUUID=31967d7f-ae61-4775-bbb6-5f820bdceec2&requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&preload_message=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

51eb44a48f2ec3bf5ee39395698b49d23ad55ed26f05bcbbccbeb1e128f477ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sourcepoint.theguardian.com/index.html?message_id=514494&consentUUID=31967d7f-ae61-4775-bbb6-5f820bdceec2&requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&preload_message=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 1941d7a64ce4dc55d14b445963586a6e.cloudfront.net (CloudFront), 1.1 varnish
vary: Accept-Encoding
age: 3199
x-cache: Hit from cloudfront, MISS
content-encoding: gzip
x-served-by: cache-mxp6977-MXP
last-modified: Thu, 18 Nov 2021 02:51:09 GMT
server: AmazonS3
x-timer: S1637599575.349326,VS0,VE1
etag: W/"894f01a34ee58f1147257366e6a6bde7"
strict-transport-security: max-age=300
content-type: text/css
x-amz-cf-pop: MXP63-P2
accept-ranges: bytes
x-amz-cf-id: 8hDhSaHFAxOI9_ENLkgOCaWMgK2SCgcBvIElbZdc2QjXpYLvihQYNQ==
x-cache-hits: 0

GET
H2 200 polyfills.d36c5.js Show response
sourcepoint.theguardian.com/ Frame 997C 5 KB
2 KB 22ms
22ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sourcepoint.theguardian.com/polyfills.d36c5.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

533b23c57b1770cc3ee9c15b998b2eb494fa0adb2d6929fd22a9b78adfade3a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sourcepoint.theguardian.com/index.html?message_id=514494&consentUUID=31967d7f-ae61-4775-bbb6-5f820bdceec2&requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&preload_message=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 4493dc3008710a8dfc9586c416757fbd.cloudfront.net (CloudFront), 1.1 varnish
vary: Accept-Encoding
age: 3180
x-cache: Hit from cloudfront, MISS
content-encoding: gzip
x-served-by: cache-mxp6977-MXP
last-modified: Thu, 18 Nov 2021 02:51:09 GMT
server: AmazonS3
x-timer: S1637599575.349504,VS0,VE1
etag: W/"89661b8fd918815bcb224bba79cabab1"
strict-transport-security: max-age=300
content-type: application/javascript
x-amz-cf-pop: MXP63-P2
accept-ranges: bytes
x-amz-cf-id: iXbG2aEFsutt1DeUeHtEkD5c6uZpUWq6K_ckvdILelinPKJJZF2yDg==
x-cache-hits: 0

GET
H2 200 Notice.70828.js Show response
sourcepoint.theguardian.com/ Frame 997C 209 KB
52 KB 22ms
22ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sourcepoint.theguardian.com/Notice.70828.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

498d017c7df4ed4e2a5945e5502cbd57fd431fa898b4fd3209fdc045c3c34d7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sourcepoint.theguardian.com/index.html?message_id=514494&consentUUID=31967d7f-ae61-4775-bbb6-5f820bdceec2&requestUUID=7c25ed17-5427-4e85-9104-63babc293ee1&preload_message=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 69b8255864bcbab6fa21e4a2a96c169e.cloudfront.net (CloudFront), 1.1 varnish
vary: Accept-Encoding
age: 3393
x-cache: Hit from cloudfront, MISS
content-encoding: gzip
x-served-by: cache-mxp6977-MXP
last-modified: Thu, 18 Nov 2021 02:51:09 GMT
server: AmazonS3
x-timer: S1637599575.349561,VS0,VE1
etag: W/"3f789fabb7890dc26d3914692795ffb3"
strict-transport-security: max-age=300
content-type: application/javascript
x-amz-cf-pop: MXP63-P2
accept-ranges: bytes
x-amz-cf-id: yDwa8TWK80jXsRlNc5BJQZ2PXEiKjz8W0vh429i_ixI3v0c3hfzSNA==
x-cache-hits: 0

GET
H2 200 categories Show response
cdn.privacy-mgmt.com/consent/tcfv2/vendor-list/ Frame 997C 769 B
1 KB 41ms
11ms Fetch
application/json 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.privacy-mgmt.com/consent/tcfv2/vendor-list/categories?siteId=7417&consentLanguage=en

Requested by

Host: sourcepoint.theguardian.com
URL: https://sourcepoint.theguardian.com/Notice.70828.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.253.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-253-34.fra6.r.cloudfront.net

Software

Resource Hash

ccf21e9dd2e3f91718b022d750111d13afbc1a3b47130e863a5af2b8b35c272f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sourcepoint.theguardian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 6e432daa93321d42e8840614082fcdc3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
strict-transport-security: max-age=15552000; includeSubDomains
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sourcepoint.theguardian.com
cache-control: no-cache
access-control-allow-credentials: true
x-cache: Miss from cloudfront
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 769
x-amz-cf-id: tPfPxxRAVEKFHxKfSG2ZsaCptX5iGILnbpjXTUT2UmnIlcRvygWTKQ==

GET
DATA 200
OK truncated
/ Frame 997C 464 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4deb8b98e5ce51144ce980707d596608be453de89423be3addfcd9beeaf45086

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 GTGuardianTitlepiece-Bold.woff2
interactive.guim.co.uk/fonts/garnett/ Frame 997C 26 KB
26 KB 8ms
7ms Font
application/octet-stream 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/fonts/garnett/GTGuardianTitlepiece-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

edd12e6fa14355f432e7071326eb15fc600f3099ac0485a972cd2a80880c6d49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://sourcepoint.theguardian.com/
Origin: https://sourcepoint.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
age: 402411
x-cache: HIT
content-length: 26504
x-amz-id-2: Vj/iimejDlBOqHIWf8AfExwYBAynYBbw2RpzHvnLYNt56Q5D11HkCSKYOFuFjoGzp4/pgyNixPo=
x-served-by: cache-fra19121-FRA
last-modified: Wed, 18 Nov 2020 17:26:07 GMT
server: AmazonS3
x-timer: S1637599575.417476,VS0,VE0
etag: "ec26e97636dac18945f3a7ee4fd87032"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: YPTWF6TM2H6XM02D
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: public,max-age=604800
x-amz-meta-creator: Cyberduck
accept-ranges: bytes
content-type: application/octet-stream
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 4797

GET
H2 200 GuardianTextSansWeb-Regular.woff2
interactive.guim.co.uk/fonts/guss-webfonts/GuardianTextSansWeb/ Frame 997C 35 KB
35 KB 9ms
8ms Font
application/octet-stream 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/fonts/guss-webfonts/GuardianTextSansWeb/GuardianTextSansWeb-Regular.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa2ee0bb51dae9640fe999becb0881b75f544a647068a208bcb2fec2146cd7d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://sourcepoint.theguardian.com/
Origin: https://sourcepoint.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
age: 104430
x-cache: HIT
content-length: 35868
x-amz-id-2: dCEcS71b3BSa7l+stFcHdEGUMB/cNsBt8kleOcobuLua4mwQzTepGrt1VIxLaoVgIdaQecXfYiA=
x-served-by: cache-fra19121-FRA
last-modified: Thu, 16 Aug 2018 16:27:39 GMT
server: AmazonS3
x-timer: S1637599575.417681,VS0,VE0
etag: "42edb0793116210cd6ee2fde2debe92f"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: J4KP9T388VRJRR0P
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=302400
accept-ranges: bytes
content-type: application/octet-stream
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 1590

GET
H2 200 GuardianTextSansWeb-Bold.woff2
interactive.guim.co.uk/fonts/guss-webfonts/GuardianTextSansWeb/ Frame 997C 39 KB
39 KB 8ms
8ms Font
application/octet-stream 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/fonts/guss-webfonts/GuardianTextSansWeb/GuardianTextSansWeb-Bold.woff2

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98a6ba8081d2c2dd28a5c7b7efa6f80bf1e9ea513d5d77ecca6a699b21f7a2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://sourcepoint.theguardian.com/
Origin: https://sourcepoint.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
age: 274158
x-cache: HIT
content-length: 39500
x-amz-id-2: y6GrdoGxiYJp6hXWU/vk4aLX/EBc7ea8S76VeiKl7kD5CVWOgNA2oEc6naDN+OIb7Fv0LZkhLYE=
x-served-by: cache-fra19121-FRA
last-modified: Thu, 16 Aug 2018 16:27:39 GMT
server: AmazonS3
x-timer: S1637599575.417855,VS0,VE0
etag: "7b29fbe222ef6f546085ef8cbc69a4e0"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: PP1C695CEDES0MSB
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=302400
accept-ranges: bytes
content-type: application/octet-stream
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 3037

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 32ms
32ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&componentEvent=%7B%22component%22%3A%7B%22componentType%22%3A%22ACQUISITIONS_HEADER%22%2C%22id%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%2C%22campaignCode%22%3A%22header_support_RemoteRrHeaderLinksTest__NonUK_remote%22%7D%2C%22action%22%3A%22VIEW%22%2C%22abTest%22%3A%7B%22name%22%3A%22RemoteRrHeaderLinksTest__NonUK%22%2C%22variant%22%3A%22remote%22%7D%7D

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H2 200 ContributionsEpic.js Show response
contributions.guardianapis.com/modules/v3/epics/ 163 KB
42 KB 8ms
8ms Script
application/javascript 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://contributions.guardianapis.com/modules/v3/epics/ContributionsEpic.js
Requested by: Host: t.co
URL: https://t.co/BB9I05xnCR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6198720b00beafe186e92a80838585f6c57cf5cade30a77c20ca14718b017a5b

Request headers

Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
Origin: https://www.theguardian.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 1710uFtiaFZ02FQArpp6E.izpntHtWcR
content-encoding: gzip
etag: "020a85185b598fa4a420b94df0fde171"
age: 134
via: 1.1 varnish
x-cache: HIT
x-amz-meta-surrogate-control: max-age=300
content-length: 43039
x-amz-id-2: u8xlhymLMgOF2OHC5gq5eKtFsW0lvBTvYoLgB/7pz9sT55u/yUSvzh4QxD7zcHQfOdKL7VF5/V8=
x-served-by: cache-fra19121-FRA
last-modified: Mon, 22 Nov 2021 14:03:31 GMT
server: AmazonS3
x-timer: S1637599576.549885,VS0,VE1
date: Mon, 22 Nov 2021 16:46:15 GMT
vary: Accept-Encoding
x-amz-request-id: RRMM4993G7CVQGD5
access-control-allow-origin: https://www.theguardian.com
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 GHGuardianHeadline-Bold.woff2
interactive.guim.co.uk/fonts/guss-webfonts/GHGuardianHeadline/ Frame 861B 16 KB
16 KB 23ms
22ms Font
binary/octet-stream 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/fonts/guss-webfonts/GHGuardianHeadline/GHGuardianHeadline-Bold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4fa602e0d446ee3148b06f2014cb08518660f936406251a05bbbcc6ea870cc9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false
Origin: https://interactive.guim.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
age: 94877
x-cache: HIT
content-length: 16492
x-amz-id-2: MXFCiJMbEWWlixRgNGTXSJbZ5z3caA8vLhVWK3YmqpBQfoZy3VJrpvi7S0gS0tQdamRFJhdj6Ok=
x-served-by: cache-mxp6977-MXP
last-modified: Fri, 12 Jan 2018 15:54:13 GMT
server: AmazonS3
x-timer: S1637599576.581626,VS0,VE0
etag: "f5d54732577509c40f5a5a47f47aeab5"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: 6FAP8JBCHP2PZ6M6
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=302400
accept-ranges: bytes
content-type: binary/octet-stream
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 67

GET
H2 200 GuardianSansWeb-Regular.woff
interactive.guim.co.uk/fonts/guss-webfonts/GuardianSansWeb/ Frame 861B 37 KB
37 KB 23ms
23ms Font
application/octet-stream 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://interactive.guim.co.uk/fonts/guss-webfonts/GuardianSansWeb/GuardianSansWeb-Regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

88ff9f45c743b8d2fb6d8aac8475b8ea73fd73cc5cec81c17f0ea3d6ba31a1ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://interactive.guim.co.uk/embed/from-tool/generic/index.html?vertical=News&opinion-tint=false&title=Get%20in%20touch&description=Do%20you%20have%20information%20about%20this%20story%3F%20Email%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22mailto%3Astephanie.kirchgaessner%40theguardian.com%22%3Estephanie.kirchgaessner%40theguardian.com%3C%2Fa%3E%2C%20or%20(using%20a%20non-work%20phone)%20use%20Signal%20or%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fapi.whatsapp.com%2Fsend%3Fphone%3D16468868761%22%3EWhatsApp%3C%2Fa%3E%20to%20message%20%2B1%20646%20886%208761.%20For%20the%20most%20secure%20communications%2C%20use%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fsecuredrop%22%3ESecureDrop%3C%2Fa%3E%20or%20see%20%3Ca%20style%3D%22color%3A%23ab0613%22%20href%3D%22https%3A%2F%2Fwww.theguardian.com%2Fhelp%2Fng-interactive%2F2017%2Fmar%2F17%2Fcontact-the-guardian-securely%22%3Eour%20guide%3C%2Fa%3E.&link=false
Origin: https://interactive.guim.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:46:15 GMT
via: 1.1 varnish
age: 96213
x-cache: HIT
content-length: 37389
x-amz-id-2: G49WRQCvPHZg7ZvvWtGUIrWjwSMsSUgQlTOrPx8WtsNMtbxDEqaNKHFQg+mWYVcRd/ueijv+1+o=
x-served-by: cache-mxp6977-MXP
last-modified: Thu, 16 Aug 2018 16:28:59 GMT
server: AmazonS3
x-timer: S1637599576.581729,VS0,VE1
etag: "1de51da394699e318a69ee815bb301c8"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-amz-request-id: ENNFJ0M3AK6CRZWS
access-control-allow-origin: *
access-control-expose-headers: Date
cache-control: max-age=302400
accept-ranges: bytes
content-type: application/octet-stream
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Range
x-cache-hits: 1

GET
H2 200 payment-methods.png
assets.guim.co.uk/images/acquisitions/2db3a266287f452355b68d4240df8087/ 2 KB
3 KB 21ms
20ms Image
image/png 2a04:4e42:600::367
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.guim.co.uk/images/acquisitions/2db3a266287f452355b68d4240df8087/payment-methods.png

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::367 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8b19757aa154780ef70b03267727892c9468f3f7944885a6e739e7420f7ea7da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: cUZsW7I3Hqpvt8lrcoHyYHPy3qjYVRqk
via: 1.1 varnish
etag: "2db3a266287f452355b68d4240df8087"
age: 14449975
x-cache: HIT
x-gu-debug-url: /PROD/frontend-static/images/acquisitions/2db3a266287f452355b68d4240df8087/payment-methods.png
fastly-restarts: 1
x-amz-id-2: a7rR3wwXRmrCG84ypFy+fDk8exUtmij8MWzDwy5cWcr8TiGVc3/TqK9ZK5nmVPoBkp3w1tMlEPA=
x-served-by: cache-mxp6977-MXP
accept-ranges: bytes
last-modified: Mon, 07 Jun 2021 16:06:13 GMT
server: AmazonS3
x-timer: S1637599576.605030,VS0,VE0
date: Mon, 22 Nov 2021 16:46:15 GMT
strict-transport-security: max-age=31536000
x-amz-request-id: ASE47E7ZVS4Y5CT1
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: true
content-length: 2448
content-type: image/png
x-cache-hits: 6443

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 31ms
31ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&componentEvent=%7B%22component%22%3A%7B%22componentType%22%3A%22ACQUISITIONS_EPIC%22%2C%22products%22%3A%5B%22CONTRIBUTION%22%2C%22MEMBERSHIP_SUPPORTER%22%5D%2C%22campaignCode%22%3A%22gdnwb_copts_memco_2021-07-06_FALLBACK_JULY__EU_ROW_CONTROL%22%2C%22id%22%3A%22gdnwb_copts_memco_2021-07-06_FALLBACK_JULY__EU_ROW_CONTROL%22%7D%2C%22abTest%22%3A%7B%22name%22%3A%222021-07-06_FALLBACK_JULY__EU_ROW%22%2C%22variant%22%3A%22CONTROL%22%7D%2C%22action%22%3A%22INSERT%22%7D

Requested by

Host: www.theguardian.com
URL: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 32ms
32ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&performance=%7B%22dns%22%3A6%2C%22connection%22%3A49%2C%22firstByte%22%3A45%2C%22lastByte%22%3A22%2C%22domContentLoadedEvent%22%3A170%2C%22loadEvent%22%3A589%2C%22navType%22%3A0%2C%22redirectCount%22%3A0%7D&renderedComponents=%5B%22nav2%22%2C%22sub-nav%22%2C%22section%22%2C%22meta-byline%22%2C%22email-embed--tech-scape%22%2C%22geo-most-popular%22%2C%22most-popular%22%2C%22footer%22%5D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 30ms
30ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1 204
No Content 2
ophan.theguardian.com/img/ 0
336 B 32ms
31ms Image
text/plain 34.253.249.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ophan.theguardian.com/img/2?viewId=kwawi6vwnxwcottoupfa&adUnitWasHidden=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.249.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-249-175.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.theguardian.com/technology/2021/nov/16/israeli-firm-candiru-spyware-linked-to-attacks-on-websites-uk-middle-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:46:15 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
Connection: keep-alive
X-Content-Type-Options: nosniff

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 16:24:31	Name: muc Value: 8c516264-4301-4a60-9d24-6524dbfb8eac
.t.co/	1970-01-20 16:24:31	Name: muc_ads Value: 8c516264-4301-4a60-9d24-6524dbfb8eac
.theguardian.com/	1970-01-20 01:02:55	Name: GU_mvt_id Value: 710764
www.theguardian.com/	1969-12-31 23:59:59	Name: GU_geo_country Value: DE
.theguardian.com/	1970-01-20 07:38:55	Name: bwid Value: idFromPV_AizmgYJTWI8W1nl53mWLYA
.theguardian.com/	1970-01-20 07:38:55	Name: bwid_withoutSameSiteForIncompatibleClients Value: idFromPV_AizmgYJTWI8W1nl53mWLYA
.theguardian.com/	1970-01-19 22:53:21	Name: vsid Value: AX1Iinw4
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_uid Value: 1:603:4e45d19f-6bb8-40b5-9c5a-78f867b85910
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_data Value: 2:362803:1637599575:0:1:0:1:0:0:_:-1
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_ss Value: 1:H4sIAAAAAAAAAItWqo5RKimOUbLKK83J0YlRSkVil4AlqmtrlXTgyqKRGXkghkFtLC59OCWUYgEO1mB4eQAAAA%3D%3D
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_opt Value: 1:
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_consent Value: 1!0:-1:-1:-1:-1:-1
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_csv Value: null
www.theguardian.com/	1970-01-19 23:36:31	Name: _sp_v1_lt Value: 1:
.theguardian.com/	1970-01-20 07:38:55	Name: consentUUID Value: 31967d7f-ae61-4775-bbb6-5f820bdceec2

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: camera, microphone, midi, geolocation. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: camera, microphone, midi, geolocation. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: camera, microphone, midi, geolocation. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.nextgen.guardianapps.co.uk
assets.guim.co.uk
cdn.privacy-mgmt.com
confiant-integrations.global.ssl.fastly.net
contributions.guardianapis.com
i.guim.co.uk
interactive.guim.co.uk
ophan.theguardian.com
sourcepoint.theguardian.com
t.co
www.theguardian.com
104.244.42.197
13.35.253.34
151.101.129.111
151.101.129.194
2a04:4e42:600::367
34.253.249.175
03489467cd73637caad3431e2f186a58045ff1d9080ccf05e36461212d354095
0b3c32aa57537bede0a7e02bf061ad9d4da5a49613edeb2966ea6ea132e679f3
11e47b93eb4b43d054eccae1086ded5fc84ad92c3dea3821ff9cc3875d201e28
1504645044c577f875f453b1ebcb3cbc73e96ecbe57e44492b70556b1f93fd78
1b0ec6b46f6d030a07c58caffbb2596e86875d0cf10a9fd9f01ab93555d63500
1d06aa97e44864dd0d6f21f4dd141de1a0f10c0bae9b5cc0c78ae691207e0b8d
282d9eaa193401042371f81ad8b2ee9f698c1a8a3061d8c3e53f79fbe8827418
2bd94c32e1be8c4ded489019072498fc0d79c19508aef9fa57ddb507759c177f
2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1
2d59736bc82cfb92dde2ea02e3552f173c07196106c074f2cbfeeebe23bd4eb8
3027903fadc1c7bce41a6da98ec6b2f98f81a6a8cf9a7e9d18225d75a0fc5c7a
328bec4f9461149a451700274d10f472596300b74d7e5aff1469613fc5f76453
33ad2e76be0df98eb2e8a716a41b0eef1223ac1816e4fb440f7148d2063c44c6
3c4b9f80b5ec8ae97999ea5fcbed813b6c29ef52613333911a5e000d80d74d01
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46e089c7d79ff80fef01582ba8261d42728b78c345fdbe8d52199907498d280e
498d017c7df4ed4e2a5945e5502cbd57fd431fa898b4fd3209fdc045c3c34d7e
4deb8b98e5ce51144ce980707d596608be453de89423be3addfcd9beeaf45086
4fa602e0d446ee3148b06f2014cb08518660f936406251a05bbbcc6ea870cc9a
51eb44a48f2ec3bf5ee39395698b49d23ad55ed26f05bcbbccbeb1e128f477ef
523d5c017e3a79329822c69bc4c621545dbe5a74119642ac9fe1728d127a081a
533b23c57b1770cc3ee9c15b998b2eb494fa0adb2d6929fd22a9b78adfade3a7
577d26e576165eeb50153c2b7d1a1541d7363fb16414d59aaa0e25ef50e374da
589c223d9c77a94e34140709997aa8986384134e97672880865abed1b38b0305
6198720b00beafe186e92a80838585f6c57cf5cade30a77c20ca14718b017a5b
690580db9feffb7f8a10790fdfbd14f2a6162f089fcc28bfc63250c6aea65f21
7793cf8baa96ef5ebae5c4dc72fb0bb734a8048f3ed7e875d3b4c98cf01b2569
87e9036ce8b1ba1645d519285aaf31491d87a3e16273835fe134aa38993d6f6b
88ff9f45c743b8d2fb6d8aac8475b8ea73fd73cc5cec81c17f0ea3d6ba31a1ce
8b19757aa154780ef70b03267727892c9468f3f7944885a6e739e7420f7ea7da
8c55368b1596666dc3a8341498f96ff79736bf3c10cc25c5adc5e4c758798ff4
8dc9022b527f378bcc19e9f7d9c826c2bb600cc274fd686c31c1e370226942d5
972a157b46d5c4752e1cfff2b890dea370e42a1baa11debd2b8e24b3d9850dd0
98a6ba8081d2c2dd28a5c7b7efa6f80bf1e9ea513d5d77ecca6a699b21f7a2b0
9b6244d4ee541c5631a450b07c75fcaeac0f24e5c42074884ebe261e24196b2c
9c369e881a2acb6328bc220796f747916a47ae1c700203816c9d2a8acea2ba3f
9e0258f770b81f7f586e6ad68672f34b289ea51b900d528334258eda2c8ccc5c
a146658c96b87556d722e61e961bbe814f135ddf0b3d352d500d71fb39035595
a5c03b5fdf2fb27759648f12584259fd3e4be1d818ecedbf2e247edf67ac7521
b16e4fdd3534e5df810787df45c2b8441ef95029ca125ab45d99f0bc68da9bc0
b632904bb25c33427c5f2db71603aead71b8c0e4a7a5652238729b8bf4d3e0b0
b97b801cdb31d4b039b404b46c726f1644ddf661d369cd9af389a751137101e5
bcabe3aad03ca10dae6899d63aea16afa3a795856d558b59e0b1f59ed14cbd15
bf672dbc2fe3d05096cb045691ec7a9dc00e3470458665d42d0b7aabd07bb990
c6f0e2e3e0d40832970e85aa1235384d7a024f7dbf2437d95963568c16cda901
ca66086d8f50fbfb6ea350401a00e63bcf69fe3ea123091d2d273c2cb237a91f
ccf21e9dd2e3f91718b022d750111d13afbc1a3b47130e863a5af2b8b35c272f
d115560c07126044936439c359cdf6b6f74e4a7ef1356b7ff4505ac8cadba227
d1bf42c2df6fa95e0806bccd64191d78325514d758c455c0d959913a25d6a101
d1da416a71b864e9a36112077810f09dbd481ec020b6112ee80d52d394084a00
d5e3272b035c6a7873856c7f3fe0fe2631ca36eb24d27ebb10420a4ea33ae8b4
da22a2e4326e5cc0595a7e7cb5ebd68492896f1660e1ee116e3af32ad6aeccce
e3955357efefcf7f3b7e3cd67260a73f02bf34e384b59d2749c1aac361b7b49c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edd12e6fa14355f432e7071326eb15fc600f3099ac0485a972cd2a80880c6d49
f0d57add607d2a9ecc4e0952b460dd4ee11a11d3ab924ca4a53e3c3e3da2748e
fa2ee0bb51dae9640fe999becb0881b75f544a647068a208bcb2fec2146cd7d1
fa364c5f0844c7c1fe4c96d14495d45d65c07b2a635b44800382e266e1a67d2e

www.theguardian.com Open in urlscan Pro 2a04:4e42:600::367 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

82 Requests

100 %HTTPS

17 %IPv6

7 Domains

11 Subdomains

7 IPs

2 Countries

1147 kBTransfer

2922 kBSize

15 Cookies

30 Outgoing links

Page URL History

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.theguardian.com Open in urlscan Pro
2a04:4e42:600::367 Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

11
Subdomains

7
IPs

2
Countries

1147 kB
Transfer

2922 kB
Size

15
Cookies

82 HTTP transactions
1 data transactions