www.phoneworld.com.pk Open in urlscan Pro
104.26.6.106 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Submission: On August 20 via manual (August 20th 2023, 2:22:01 pm UTC) from US — Scanned from DE

Summary HTTP 212 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 19 domains to perform 212 HTTP transactions. The main IP is 104.26.6.106, located in and belongs to CLOUDFLARENET, US. The main domain is www.phoneworld.com.pk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 17th 2023. Valid for: a year.

This is the only time www.phoneworld.com.pk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
66	104.26.6.106 104.26.6.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	175.110.113.114 175.110.113.114	49981 (WORLDSTREAM) (WORLDSTREAM)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
20	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	167.172.183.24 167.172.183.24	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1 17	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	157.230.100.179 157.230.100.179	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	167.71.54.9 167.71.54.9	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
27	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
5 6	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
3 4	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
2 4	172.64.148.101 172.64.148.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
10	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
212	30

66 104.26.6.106 (None, )

ASN13335 (CLOUDFLARENET, US)

www.phoneworld.com.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 175.110.113.114 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 175-110-113-114.hosted-by-worldstream.net

avads.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.172.183.24 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

cdn.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.230.100.179 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

bot.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.71.54.9 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

analytics.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.206.34 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.148.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (Grosse Pointe, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (Grosse Pointe, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	phoneworld.com.pk www.phoneworld.com.pk	801 KB
50	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 125 fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 163	351 KB
33	doubleclick.net 4 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 122 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 228 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 cm.g.doubleclick.net — Cisco Umbrella Rank: 261 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 371	296 KB
25	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 387	546 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 352	118 KB
8	google.com 5 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2706 www.google.com — Cisco Umbrella Rank: 3	2 KB
5	webpushr.com cdn.webpushr.com — Cisco Umbrella Rank: 30941 bot.webpushr.com — Cisco Umbrella Rank: 48447 analytics.webpushr.com — Cisco Umbrella Rank: 37817	21 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 760	3 KB
3	gstatic.com fonts.gstatic.com www.gstatic.com	96 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 275	2 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 225	141 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 76	232 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 157
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 73	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 62	21 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2930 pixel.wp.com — Cisco Umbrella Rank: 2793	3 KB
2	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2291 0.gravatar.com — Cisco Umbrella Rank: 8843	6 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5345	408 B
1	avads.live avads.live — Cisco Umbrella Rank: 410946	20 KB
212	19

	Domain	Requested by
66	www.phoneworld.com.pk	www.phoneworld.com.pk
27	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.phoneworld.com.pk tpc.googlesyndication.com fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com cdn.ampproject.org
25	cdn.ampproject.org	securepubads.g.doubleclick.net
20	pagead2.googlesyndication.com	avads.live securepubads.g.doubleclick.net tpc.googlesyndication.com fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com www.phoneworld.com.pk
17	securepubads.g.doubleclick.net	1 redirects www.googletagservices.com securepubads.g.doubleclick.net www.phoneworld.com.pk
10	s0.2mdn.net	www.phoneworld.com.pk s0.2mdn.net
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.phoneworld.com.pk fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
6	www.google.com	5 redirects tpc.googlesyndication.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.googletagservices.com	avads.live fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
3	www.googletagmanager.com	www.phoneworld.com.pk www.googletagmanager.com
2	www.googleadservices.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	securepubads.g.doubleclick.net fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	www.phoneworld.com.pk
2	analytics.webpushr.com	cdn.webpushr.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdn.webpushr.com	www.phoneworld.com.pk
1	www.gstatic.com	fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
1	bot.webpushr.com	cdn.webpushr.com
1	www.google.de	www.phoneworld.com.pk
1	stats.g.doubleclick.net	www.googletagmanager.com
1	0.gravatar.com	secure.gravatar.com
1	pixel.wp.com	www.phoneworld.com.pk
1	stats.wp.com	www.phoneworld.com.pk
1	secure.gravatar.com	www.phoneworld.com.pk
1	avads.live	www.phoneworld.com.pk
212	31

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
pinterest.com
api.whatsapp.com
reddit.com
www.mwclasvegas.com
www.3gca.org
www.youtube.com
www.instagram.com
telegram.me

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-17` - `2024-05-16`	a year	crt.sh
avads.live Sectigo RSA Domain Validation Secure Server CA	`2023-03-16` - `2024-03-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.webpushr.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-11` - `2024-05-17`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Frame ID: E88E0402DB116C717401EE81DD445D0D
Requests: 108 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230816/r20190131/zrt_lookup.html
Frame ID: C4B094699D342F43FAD7F82CC629C9B8
Requests: 1 HTTP requests in this frame

Frame: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B41999180580794EAB12BDCF3C26EEE2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: CB1A4FD40406FC8D8FB95DCA3F204E96
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6069F02F17AA95D13CE0A7F0A8CD8D16
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9098AB1202EA2E98E112750D97B9E916
Requests: 2 HTTP requests in this frame

Frame: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AE47BB1BF96FF33010C6A174DE1C4FC6
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLGLhfMBMAE&v=APEucNUUZdXtaqOFtQgLOaWawhngwD72jIzHwKCBbM3-7hu0q7Nf2QfoyCKxSc1iMjAyPTB1F_A3kXkNBvVVY973XQq1j5up0jKku-TS8M0zjiqpOd6nZXQuF0PPm0Y1tp6V39n_BeJZCO_kWh6sc_EajRWyyVuQQqUdfL6I9pHQuZPAD_ZiBQU
Frame ID: FB6BC1C8D81672A5D3966D7AF6E474A0
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: AA1372A896F85ECAC763E29AF5327506
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DC17EEFB33D43AD7B9808E1B2714C358
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
Frame ID: 5E0F2B0F63F0B7C5A193384460641D87
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: C28EFEC37EC6201239551F8E27349F4F
Requests: 11 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: 2FDD5EDC8EAD3EC315283C12A22CC23E
Requests: 14 HTTP requests in this frame

Frame: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2B1D3C7D53035923151886FF55368D3A
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4B135F7719E235D991AE02ACEE5187AD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/-jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js
Frame ID: 379C0B4B0D02093F37A442FCADA68D6B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: 09122979D5E19C8D0B470F093F218258
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

212
Requests

96 %
HTTPS

62 %
IPv6

19
Domains

31
Subdomains

30
IPs

6
Countries

2656 kB
Transfer

7143 kB
Size

18
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer.php?u=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security&url=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/&title=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/&description=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security&media=https://www.phoneworld.com.pk/wp-content/uploads/2023/08/hacking.jpg
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/send?app_id=5303202981&display=popup&link=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/&redirect_uri=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Title: Messenger

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security%20https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Title: WhatsApp

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/&title=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.mwclasvegas.com/passes?utm_parmeter=MWCLV23_Web&utm_source=PhoneWorld&utm_medium=Partners&utm_term=wBanner&utm_content=300250
Title: <img src="https://www.phoneworld.com.pk/wp-content/uploads/2023/08/MWC_LV_Media_Partner_EarlyBird_300x250.jpg" alt="" class="no-lazyload" width="300" height="250" />

Search URL Search Domain Scan URL

URL: https://www.3gca.org/
Title: Phoneworld by CACF

Search URL Search Domain Scan URL

URL: https://www.facebook.com/phoneworldmag
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/PhoneWorldpk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/phoneworld-magazine/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCYmUMGu44oZJnXUYB8HZiTw
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/phoneworldpk/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/&text=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security
Title: Telegram

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 119

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 131

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJnC9Y5GdzulX2f13JIKhoI&google_cver=1

Request Chain 132

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOIhgwa5bg-DQV3NjcoMeAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAGyRDyApndHsMzjCxrC_HU&google_cver=1

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEH2PE2GmqL6p9iY-U8Uu84Q&google_cver=1

Request Chain 134

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM4MzQxMDQ0MTI1MjEyMjMzNg%3D%3D

Request Chain 147

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 179

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 191

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 207

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 210

https://securepubads.g.doubleclick.net/pagead/adview?ai=C88E2hCHiZI7JBsS89u8P0t-juAXO8o23ct6xzurrEdrZHhABINvrhCdglfrwgYwHoAHH7q_aA8gBAakCPZodL7Y9sj7gAgCoAwHIA8sEqgS3Ak_QQJpX5yQlakPK8KbyaNyJFzbyvfIQcUwLv3vFfiAWpBoPqrLoD3GPWFltJDb_gElRc2dHJFqjTTnnixY2SMbrzWHjyoMcXOgduHLnM1Ro6hi_zhpl-j3P9w4Il5KlgvJ7yPO3an9JWwFe6fy5PF2pnYrUyAvFEzMT_vinRGyD39KxXg3LQDoxSWx6_lg8u98JSs7OJYZMvLSkD5DCiFawvCPmo_sf7L7APywxIoptzkwqLFH4v0IiumWL3CXynBWYhIH0slhovJbsP0UfUGNHw7kUf6Uf8oCTsrOpxusBnSq0YcVVCvv-5l2_HBNXy2dBeVITgxAgHKvYCvXOdrTxPdIv0U4wyzkloee5V5c50Ad93WcJqx3qnrLb9HF7Q0Fc4RY3JZOSGZigXuLh49u9CgaUf96cwATo_pzssgTgBAGSBQQIBBgBkgUECAUYBIAHoZHQJagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEO_0A9IIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCYUBaHR0cHM6Ly93d3cuY29tYXJjaC5jb20vdHJhZGUtYW5kLXNlcnZpY2VzL2RhdGEtbWFuYWdlbWVudC9yZXNvdXJjZXMvaG93LXRvLW5hdmlnYXRlLWVpbnZvaWNpbmctYW5kLWVyZXBvcnRpbmctcmVxdWlyZW1lbnRzLWZlYXQtcHdjL4AKAcgLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi03NDU3NTk3Njc4MTcyODM1GPvSHA&sigh=cP7AjBoDwbY&uach_m=[UACH]&ase=2&cid=CAQSSwBpAlJWMEtslk2YNU_6-GeFDGVd_9VRqRtJAnOUlj3kNh9yk2q1a7nBR93irxBTHiqsUtBlyKXKqBBowZP-5jr_OMFbkG41-6fejRgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211715374250312878314%22,%22debug_reporting%22:true,%22destination%22:%22https://comarch.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22994834247%22],%224%22:[%2208-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213202090174764445681%22}&andc=true

212 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/ 191 KB
34 KB 780ms
687ms Document
text/html 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cf029544aa224ba5dffae3a9cda7880ca66eee47812b54d65ed79a047c04f79

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7f9b49007be49101-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 20 Aug 2023 14:21:52 GMT
expires: Sun, 20 Aug 2023 14:21:52 GMT
last-modified: Sun, 20 Aug 2023 14:02:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2QsD0vxZUzI8%2F1%2FuDFp1A5j7V6wmlG7lNDOmufXGHv423%2Ffhns3S0UJZPqkxD1GqcZ4Uf91l09JzNEHh24gEtW6MWW4kjcwpo5Ghqm8XKL6ZzU%2FbxElgswujz09x7W%2FQrqVDYP%2Fiw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent

GET
H2 200 av.pworld.js Show response
avads.live/s/ 64 KB
20 KB 193ms
71ms Script
application/javascript 175.110.113.114
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://avads.live/s/av.pworld.js
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 175.110.113.114 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 175-110-113-114.hosted-by-worldstream.net
Software: nginx / Express
Resource Hash: e0189a3aa1849fa14a8f71c8cdcab924adc6c95462c4af61078ad8727335d000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 06:12:38 GMT
server: nginx
x-powered-by: Express
etag: W/"ff0e-189bf2d3685"
vary: Origin
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 view.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/ 2 KB
1 KB 48ms
36ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/view.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95d19d87f29a6ea4e274e3681e839eac392e30647f4d373841c3c9c30749b64b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5he6Af9J492pbt8rCxENKbXS9zZLW3arucYhUrwrmv9N%2BxCwHVgeI8zakXwRhdvpOThS1tkO7UoOfJq5wHMKDIHn%2FTWwshovNRoGJJxLUK%2BzMBsUqFU8w3X8VkGzWm5XwYBycriPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4904dfcb9101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
www.phoneworld.com.pk/wp-includes/js/mediaelement/ 11 KB
3 KB 79ms
67ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 12 Apr 2022 11:26:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
x-cache: HIT
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=55Tfvf2HuE4rPgBzf%2BkmZ5VXVEzUmRIFkNsCDUBkvyjJVCsA3XxSFPxrzKU8d2PBWlQuZLawldIoWhpxR3Dqgfy0Z9m9Khaw4opxwllrbh6%2BdoXpEKLYn3k9GTfiwn%2Br%2BXyDSf19lw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000, public
cf-ray: 7f9b4904dfcd9101-FRA
expires: Fri, 31 May 2024 19:21:05 GMT

GET
H2 200 wp-mediaelement.min.css
www.phoneworld.com.pk/wp-includes/js/mediaelement/ 4 KB
1 KB 48ms
36ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.3
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 12 Apr 2022 11:26:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 981151
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TfOmcLlXgcXf1eBYhD7FYdlMsgvURfbKFralXPA%2Bet%2FBe%2BGhvDPvXMgEtbQQTgVWUIjx%2BpoeVA25pvUF3XMqYCm6JE4UYwCSjyRO2sUl8DHUAGPB9ulGJ3k55cEmkGHb%2FjCO9w06A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4904dfce9101-FRA
expires: Thu, 08 Aug 2024 05:49:21 GMT

GET
H2 200 style.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/table-maker/css/ 5 KB
2 KB 48ms
36ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/table-maker/css/style.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f0b4687e17b9737ae13310042b476079b5b8241317984eba3641711c80a1bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
cf-polished: origSize=5593
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQFxvHO0Mp1N0jeXKkkqbp20xTwvA2MPwhK4EbN0ElBRBH08ljvbRjhUnRWn0In8hbxMX9CKrfthj4KP4bdB8IFulWfA934RJiWz7oVPy86FVv9QHzcqsaYfr2KcuaraGqF4EtOU6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4904dfd29101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 base.min.css
www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/ 41 KB
9 KB 50ms
37ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/base.min.css?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7444c52b3e982d5b014c0d34546cafd91598ed406a6ee0cbd82f705236114d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 19 May 2023 05:41:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
x-cache: HIT
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ea1yjcIEeOFa4QdXs0sntAKWi%2FIXRnXljAGwDgX7nToUSN9jPR04q%2F9bZnp6N5OAuMynt6Mm1QyMEpqnJFKIwpieNPhIIZg5A6ckx80EUN%2FIiygm3sDdZdfTVWa5NiU%2BJe0v2WLEWA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000, public
cf-ray: 7f9b4904dfd59101-FRA
expires: Fri, 31 May 2024 19:30:45 GMT

GET
H2 200 style.min.css
www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/ 150 KB
26 KB 52ms
40ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/style.min.css?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a07b6d8c65b2b0da62f2b1ab3f6ed501b12c09ab385829c44cb8af2e5ca53084

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Feb 2023 15:28:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
x-cache: HIT
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AngIXJCCiZexE0ZEb26EcApDQ94nd%2F9YMb%2F8MGtfCgw5sIjpUo8g%2FivUTiwVSv3a8lpPHzYafZfDnLOdFqo6%2FSbz8fKwFKNZ2efh%2BSAgnQ9w0an31DeLEox9Eamim19KL8nnKT92sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000, public
cf-ray: 7f9b4904dfd69101-FRA
expires: Fri, 31 May 2024 19:21:05 GMT

GET
H2 200 widgets.min.css
www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/ 46 KB
9 KB 50ms
39ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/widgets.min.css?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e7ae6c6e13ced8756e3f36d8d3857976b5ceab11e08588adbafc70211889d0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 12 Jan 2023 04:05:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
x-cache: HIT
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AgCAXpxmAmkTyRtclN8aNbN2Yh6kFZIovU5pCBqDnVQ5Lsuwu1Oet9UccDIixLGjmDYvNMZYxuRu%2FrY3h9DUAe1dnSX%2FvgUHL1cry2AEkpggxg05vQJhj1EN%2F8QY9l2PUdFc4v5YmA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000, public
cf-ray: 7f9b4904efd79101-FRA
expires: Fri, 31 May 2024 19:21:05 GMT

GET
H2 200 helpers.min.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/ 39 KB
8 KB 53ms
42ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/helpers.min.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1838dde7622a453a5c1b3d8a326be5c309a07ab92c946f981d9d2d47f3ef129

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1620567
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T4zhT8XsdC0jp87%2FlyjfNsiWL8jmaJO7n2Wv7zgaQZyTFlRJGmY4Y2ByiTz9hmql%2FoEQPpXU2NFuHBE%2BkPhUHW5M1DNOLs6YrKQ8mlEHT9tP3eBkv09d3270FsjE82iwuVX3tWeNmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4904efd89101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 fontawesome.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/ 58 KB
13 KB 53ms
43ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/fontawesome.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b50003b26f8af6ab292c2d3f6b8295f2f3011d343aa1e57ec1531972abf6d90e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
cf-polished: origSize=59379
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXVHmJnnHkMBmfmQGlV9SFgzQ43vYSAc0Zdm8kHbT5Myajfbe9qnPsziAkOc60Mdx0G3CLYAKcjaLDuOBpYpGPgfsS4EA8jsMI2hqN7QtTiMpzXngxq8O2XDJgY6VquQidtbuE7luQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4904efd99101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 skin.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/ilightbox/dark-skin/ 12 KB
2 KB 49ms
38ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/ilightbox/dark-skin/skin.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b6009d6ec002db5cdf4fcdffb0768b0e8cb0339b63cb18f0c1fa9e0d90f099d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
cf-polished: origSize=12127
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYS3EJYcQgw%2FY127FIdzSigb7hwvfuDaxcpvcRQ8aybtk1ce8aR7FSVWbVCNKFFvelJbnZzOTnrr0yR5NTAUDaobuK2ntCnuDlc1HJ1vWnlKqUalZE8m7Qb3DkrkNnlmIcinQCNztQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4904efda9101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 shortcodes.min.css
www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/plugins/ 13 KB
4 KB 85ms
75ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/plugins/shortcodes.min.css?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f731ebe4dbcb9350959ba58c97711b0a5a25adf8a63b6ad1244c17f8ac8b708b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 09 Dec 2022 05:01:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
x-cache: HIT
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LiQHQf1nQCdsH1sAUKluE5RK%2B5EZh8fushAnTYKYZsNf4AMZaniPsOmZKIesNFBwC%2Bc2OtkAuW5oC2FLrcnL4%2FvoEJkAGPSWt01T5a1o8fZfHizgPTAE6SxseO2l3owgNM%2FxF7HdKw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ff49101-FRA
expires: Fri, 31 May 2024 19:21:05 GMT

GET
H2 200 single.min.css
www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/ 45 KB
10 KB 78ms
68ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/single.min.css?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 610a5e6378dcc7f3e05755de99d87d2b8ed9de0b20595275d08dca78e489d714

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 04:44:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
x-cache: HIT
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UcX0AMGbJ2G6gygviKQ%2BtonmZCBfyqzvsgwhx%2FljycbsFv7ZXLrP8Hbp8QpYpRH8Y0kXN3J2i5e4OH4dWjzHDRdjgAt3k4fAfnaAo%2F7cKAgh0mwHXOOX5spuCnSNqqcXKCzeMbOTSg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ff59101-FRA
expires: Fri, 31 May 2024 19:21:05 GMT

GET
H2 200 style.css
www.phoneworld.com.pk/wp-content/themes/jannah-child/ 0
334 B 78ms
68ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah-child/style.css?ver=6.3
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 981151
cf-polished: origSize=602
content-length: 0
cf-bgj: minify
last-modified: Tue, 28 Mar 2023 07:22:27 GMT
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SaIfgDU%2BfbuSK9W7%2BfI1uPthd8MONzKAM7V7RUyjzEdJgBqqXIiYIcJ3BfE68GvwxoIrIoa2CnS6lWK%2Fo8RI%2Brb6is0YsESTGpUK%2FnoDAnvHkqzU6ay8889YrCFbOszjIz6Vfwimbw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
cf-ray: 7f9b49050ff69101-FRA
expires: Thu, 08 Aug 2024 05:49:21 GMT

GET
H2 200 styles.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/thrive-comments/assets/css/ 123 KB
17 KB 80ms
70ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/thrive-comments/assets/css/styles.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61c777899dc0d591a388376fda737aa4e51aad81d05fab82a7b91f4ceff227f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
cf-polished: origSize=125892
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZGPfPyzokTBKAw3UA0aHFceaHcAmIKfctuUZMHv7FT95%2FDJbEGI4USP5aPiKVTHJbEyTXBVb2k57kGeIs1sup03ec1t0n3B5AQ0WwelmNiBUOC7R31Gg5nX7bEH2ZlL0HW6KbPq9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ff79101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 dashicons.min.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-includes/css/ 58 KB
35 KB 106ms
96ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-includes/css/dashicons.min.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8276d99808a3a111dcb2dc61c895388c21341d48be9c3f87d905787a49c2b832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1620567
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h94M%2F3wFtkH55LrHJwldgs%2Brjen%2F6FSvDH8tXxOZ5apy20tZ7y%2BYMcJhm214oDeWOZm1iPIfj2hHh9zsc8NUHGvbUvO2AfK4rTiQ03YNqUDWGsgXCOGQAt7%2Fvbm2WmdxiNPEO1jy7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ff89101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 wp-auth-check.min.css
www.phoneworld.com.pk/wp-includes/css/ 2 KB
1 KB 82ms
73ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/css/wp-auth-check.min.css?ver=6.3
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f835251502d0276039438a188ee26c22c413b4e2f9a061b45e634b831a924a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Aug 2023 05:15:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 981151
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ec3kYD%2Fbk8YfyPSigMF3jMQhReBbFt0VnC1BnOFovKHY5X2Fhrftkh6P4lL2hOL3CSsSkGesxt5XQWJreN9nZ1sQH0zMK24uWIvrfSklDGxVlVgiGFPpOSfF%2FvNPrY4x9%2F6UtEwyQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ff99101-FRA
expires: Thu, 08 Aug 2024 05:49:21 GMT

GET
H2 200 style-custom.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/custom-css/ 4 KB
1 KB 76ms
67ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/custom-css/style-custom.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dacc133c4cc7896cc68c0ea692d37322832c5104ff413e60f72b39055e58de1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
cf-polished: origSize=4371
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SIr0rL3mdOVkVLNBoN22MHpc%2FQayFWq6N1Oo657J9hrPNH4HxB0ziiiiApLZoA2INmgBLo1%2BOq7YnK8ZdGDZpK0t4TNK1qYlcuVl9xyXeQYfDACdYAoIvmZSiaes90JuTMgUd6BEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ffb9101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 jetpack.css
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jetpack/css/ 97 KB
19 KB 105ms
96ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jetpack/css/jetpack.css?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ec2a3925aab30db5b9aa975a1eefee359610555e16046cd68d4133263d4d283

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620567
cf-polished: origSize=99879
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jmsP3Yu008CSHFFpHSKyyxVzBco97owhKldmiw66xdRh3MmhrY4ccR%2BrkuYgugAF3SdLbmrjfW3zicvwuMMy20tbM%2FMtJCMEq%2BtZYSOlpnkEWQw0o6Fw38cGbXggAif8XirB3kUC%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b49050ffc9101-FRA
expires: Wed, 31 Jul 2024 20:12:24 GMT

GET
H2 200 jquery.min.js Show response
www.phoneworld.com.pk/wp-includes/js/jquery/ 85 KB
31 KB 81ms
72ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Aug 2023 05:15:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 981151
etag: W/"64d320df-155ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrPVKYy%2Fol3fZ%2BoKHBAf0FCkrnp5zBq0YpJlCXnZSb0GY78ZFAR7knqZZh4vHiO4djtgSdFc20X%2BmcBUmJlHuc%2Fm2ODn369jeIQfHicKvVXX1EqXgBRpTV5xJNoPsV9GHpVcJYLn9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b49050ffd9101-FRA

GET
H2 200 jquery-migrate.min.js Show response
www.phoneworld.com.pk/wp-includes/js/jquery/ 13 KB
5 KB 80ms
71ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Aug 2023 05:15:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 981151
etag: W/"64d320df-3509"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGuOqsP5B2XnmKGO0LzpII7S%2BHqesqWsx4Ig2rWnhqK0KgbqZueoFs%2BHVesAxS28JS%2FimTkIWqbgQjtCP9D0jLJd%2FKH1CTYt6NW5vuoTxzGCOa1YrJjIaP11hkBuQU9EXBKQ6gF0Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b49050ffe9101-FRA

GET
H2 200 advanced.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/advanced-ads/public/assets/js/ 7 KB
3 KB 79ms
71ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/advanced-ads/public/assets/js/advanced.min.js?ver=1.44.0
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a4dd11c3764a3be7caee75eeb660be2d9f01fc3ba61f95990d8f64e5e441875

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 05 Jun 2023 07:29:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 332705
etag: W/"647d8ede-1c67"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FZ0lExRwB5ElVhw%2FeJttZI8R5j9tO1yhDFwBj4r1IoY201%2FLULa1sDS8W%2FgIgrwGorTHR511dUEhBprkoGzlwV78CBuVvzN%2F%2BHrCJXSDbwO04Dxly1TAJWaLsgkZaDqZCSpPtxx51g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b49050fff9101-FRA

GET
H2 200 libs-frontend.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/js/ 66 KB
23 KB 82ms
73ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/js/libs-frontend.min.js?ver=2.18
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b8c2ccf7b77791954f5f71ed5f5336193d56eea3dc654da9afb06dbfabcafab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 05 Jun 2023 07:30:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6589602
etag: W/"647d8f30-1061e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4PRXyy0BR%2FqoyeFStywvdwgxe23kYNoD3W%2FBwMIrMQhxtETiOsaeP3tkLdNsNpRq3B7WE1UiXnXQhbA0TKHmmIqoZdvB%2BgeMLDPmMmq2xfAQJpJEN%2BAydsjdPt8q4nUh58UtRfYVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508009101-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 165 KB
61 KB 195ms
71ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-23026382-1

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

19e74de7f937e68df090c1ed7358e1a8b65955bd64bb747caa5a5439890a7d52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62129
x-xss-protection: 0
last-modified: Sun, 20 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 20 Aug 2023 14:21:53 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 251 KB
85 KB 220ms
169ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7QWBTY4Y25

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b341c158e215ce2daecaad07657606b00cdf6436ccc8a2ab1868cd9438d85547

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87229
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 20 Aug 2023 14:21:53 GMT

GET
H2 200 email-decode.min.js Show response
www.phoneworld.com.pk/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 75ms
66ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.phoneworld.com.pk/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 17 Aug 2023 10:58:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64ddfd41-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v7P9hO2IiPCls6ebWqUNWUjKrR1LO8QgaQnYsZ9f%2B%2BxnyQumA5uoA17vNfu4nBUv6xYSrXYxg9%2FaehS2mmKJNNmppy2ihSBo4RY%2FN%2BALDQLLvSwoXOylBrGqL4Y4GGyz%2B9%2BZFegBAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7f9b490508019101-FRA
expires: Tue, 22 Aug 2023 14:21:52 GMT

GET
H2 200 form.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/mailster/assets/js/ 2 KB
1 KB 83ms
75ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/mailster/assets/js/form.min.js?ver=3.3.7
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79e81da30841273cf6c088ca06dc5e1b66c54c732c9c967485939bbb9833534a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 20 Jul 2023 05:27:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2704333
etag: W/"64b8c5bb-975"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xthQVQgEpx%2FBCXzqAX0TGoiXf1JbiL5W1AEqxURzGXtRsOptQ4qeu2lDEmZd8yrXr5i%2B47mYnxrgeYSK9SF3qGaCvHKOzm7Jq51pXjCDhZx23f5ibBE%2F5%2F0993Lgs8SuHVGhCQeyUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508029101-FRA

GET
H2 200 script.js Show response
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/advanced-ads-responsive/public/assets/js/ 2 KB
865 B 81ms
73ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/advanced-ads-responsive/public/assets/js/script.js?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68a84433a9939762eaac536834e7e8c2470d867a6108cf1022831b8509d55caf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620804
etag: W/"64c95f38-6cb"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSsyu3NvZpTOancolF%2BK%2B9gY2O6oHtuQynrf6lnoxecBivxGuAViJfQVyRRoL0G144hhZ0mdZRaf4faGeFvd9gjU3O8dD0qvX6wbedB5BNSLJH6xncvzR4pxz%2F5nV872CykJ0nBnfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508039101-FRA

GET
H2 200 sticky.js Show response
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/advanced-ads-sticky-ads/public/assets/js/ 4 KB
2 KB 98ms
90ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/advanced-ads-sticky-ads/public/assets/js/sticky.js?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd37e2cd931803994ea8f76c16d3d81aa0aa6d6488a049df19c78a078043c8bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620804
etag: W/"64c95f38-e08"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UcvREUbGnlNQrG%2FVgKDw9dcGlwEz8CZRnLyc4%2BPX6uHWISgPoaUznT6Ga6X2McHHvxWCMgLclgmTjG6rxQIKVZV8ZvUF6v3NMCUcnYVeC1DXskeiAAciU7JYkGzWtQXCdRYcHiZXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508049101-FRA

GET
H2 200 dlm-xhr.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/download-monitor/assets/js/ 10 KB
3 KB 79ms
72ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/download-monitor/assets/js/dlm-xhr.min.js?ver=4.8.3
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b042e22311586cd062be12e91361664872b12c8f76e55d47e792a8015651851

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 05 Jun 2023 07:29:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6589601
etag: W/"647d8ef1-2951"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nD2S2T5aC8q%2FmAZrd5uQ%2FDatpTLKEp2Nt7ctxT1c2%2BrI%2FEE3R3P89mxKA2ZXPNr9L9jHKMWedqvK1uzqb2k3zxUvLqcCEPmRYJ03frs5zJhMuu8e83gmgLcXx2AXvxRdIjYyiqOSgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508069101-FRA

GET
H2 200 advanced-ads-pro.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/advanced-ads-pro/assets/js/ 6 KB
2 KB 79ms
71ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/advanced-ads-pro/assets/js/advanced-ads-pro.min.js?ver=2.21.2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ba2a0da5c4bbb91065d70e8d6e9e22b1eb1c2e066ac876e261efcc96036b031

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 08:57:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"643e5b7b-1834"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1p96vfCp3QJX3A2w%2BckAovt%2FmaYjwBsGO67TMNKdkxKfrBOCknHQQ4GzNnt%2BTdwlWZouj0Aj8CiMQ7kSgqDQ6Ag73%2FSvG3CvlWCIKdbugCWptI%2FL6dSpRmYaCX%2FGaSJgz3Cs6oCUdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508079101-FRA

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 13 KB
5 KB 99ms
28ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202333
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
last-modified: Thu, 10 Aug 2023 08:40:05 GMT
server: nginx
etag: W/"64d4a265-327b"
content-type: application/javascript
cache-control: max-age=604800
expires: Sun, 27 Aug 2023 14:21:52 GMT

GET
H2 200 wpgroho.js Show response
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jetpack/modules/ 1 KB
967 B 79ms
72ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jetpack/modules/wpgroho.js?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58ab1f1090e861ac8b6dd1c89deee12ed25d6b2132947aa81bb64c19f8c86c59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620804
etag: W/"64c95f38-58a"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oeTV47tQdecOKf5NLlCKTP5yiNxjUFFQCRPjgyAcZ5A%2B0gCa%2BByeNr%2FCd1R2ngYEvQ%2FjETPQs6BcfI9u%2FSlw%2Fm77V2QziDFUstBc2WM%2FJGLg2MEbOrhxmqDix1L0NdpHMbCDvJpBYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508089101-FRA

GET
H2 200 frontend.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/thrive-comments/thrive-dashboard/js/dist/ 2 KB
1 KB 105ms
98ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/thrive-comments/thrive-dashboard/js/dist/frontend.min.js?ver=3.33
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed77fc2cbbcf4cd716fbf7f4ace9c8d1612bf6140a5996e4f38f8caa142edcb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 05 Jun 2023 07:30:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2142971
etag: W/"647d8f31-82a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXr0kZ2bo2RB6LW4sEo3TotocaKkscUkQeV7rJG4KPtZ7qc0W0Vgkv4b3K7xJUUMhUtGIxNix2d5UmusUUThLAEx19fUKr0i3UeYjMWAsnhLjRoE7ZoquJWOI9wtliWTFI%2Brao8L9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508099101-FRA

GET
H2 200 base.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/advanced-ads-pro/assets/js/ 72 KB
24 KB 97ms
91ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/advanced-ads-pro/assets/js/base.min.js?ver=2.21.2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07556f378e5523136e2c6e0197ed545fa18f9f7022c83a93eac10ea24533bcfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 08:57:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"643e5b7b-120ee"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GAO5nZWf%2FvCH5sZiIEXnvI3n0%2FN%2F3%2BThSHnsVE9VtblJ0DEnkP1PO5MFt4dwiQBjc1LFbCe6VVfbWE4fgXhqrLOEYrx50vqWV6VrnPk6pb5jmE9%2FxFZc8abzQ6fFTDjA3VJsz2SJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b4905080a9101-FRA

GET
H2 200 tracking.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/advanced-ads-tracking/public/assets/js/dist/ 10 KB
3 KB 80ms
74ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/advanced-ads-tracking/public/assets/js/dist/tracking.min.js?ver=2.4.6
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 622d4e2da39f5ea961864441f76065bb203bb9053bc3f03c256f42fc5ab1b57b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 08:57:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"643e5b88-27cf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VM7UAr65zmTPiCDdoshvSzEMjkO30cjAu%2BR%2FkXKiTkakW4M6kpAmQdYhcdN80z86BMbk4unnfCShXPLJfDV%2Bd0vP7fgnjzSUbE%2BHYN0UduFZ1XZ7qgJXjvwicC6Hkts%2FZKRr0Jho%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b4905080b9101-FRA

GET
H2 200 delayed.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/advanced-ads-tracking/public/assets/js/dist/ 1 KB
826 B 78ms
72ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/advanced-ads-tracking/public/assets/js/dist/delayed.min.js?ver=2.4.6
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9aca2a71cdfe5e8e4eeed187dc802909e67482e63d1c3642d75e9f3067c8e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 08:57:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"643e5b88-4a5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BnSoyEtDrubZtUl2YKd2kj8uAfCEqEQBS3wQtJ4Ms6fY3%2B6uKq46yMmbq0WkcrNrRyJK9BTu8tEocbqzVGI1yTz%2BJIRkTFLTbbugT3TbD7G8BCTEqGEes5PU%2FjoeZZmreP0Iw7O4%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b4905080c9101-FRA

GET
H2 200 scripts.min.js Show response
www.phoneworld.com.pk/wp-content/themes/jannah/assets/js/ 23 KB
8 KB 79ms
74ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/js/scripts.min.js?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52ec3f4d0b043a36683a54caef45ae1158780aede5f886a6a1b63b61668e0d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Dec 2022 19:19:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"63ab452a-5b9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNmbndQxshkooa%2BMttb7Z1dzj4mhq%2BzkAz46FRlT0hBUxLoU5htJ1saawBG1H9930wyM1y%2FQnveF7sC8LF0T2%2FYKD724XarxFzrJsK71X13ztOzeB2xqXKqvrrdR%2BI5fZOXZYT0R6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b4905080d9101-FRA

GET
H2 200 lightbox.js Show response
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/ilightbox/ 79 KB
25 KB 81ms
76ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/ilightbox/lightbox.js?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db13b35dba933986b3d5b3f045f17fae683a1e7d35aba413ae32498056f8f172

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620804
cf-polished: origSize=80835
etag: W/"64c95f38-13bc3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMcpDK2zReGYDMnDrkGtNbJMH8XFb6tEFhS%2BHeZ1Oh1nvmErOjKCYJU0yHS3v3JHmxcvqYK8jpKDAOxxF69w5%2B4VOHR30W2iO8IohKJtSWDv8jihU5sp2gTtQjog0hSAkm8%2BXh1T2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 7f9b4905080e9101-FRA

GET
H2 200 sliders.min.js Show response
www.phoneworld.com.pk/wp-content/themes/jannah/assets/js/ 48 KB
12 KB 80ms
74ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/js/sliders.min.js?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aedd618e5afdcceeaeb82c1d6926175a4bb43dd363e9c64eacfca2ae80c9b60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 14 Feb 2021 14:09:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"60292f36-c0a7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFUPW%2FGJXspgK6JOmRNuzKVrKYXupoOwkboKCE7SsRMB87cXD1nSzQN24D8UXPbII6pVBY78Jb58JjMmccKHpwM4%2B0ZkygG6ro16wXmW6xwUz1YzPqdy2hZTCgQ6r9Zhp87EOye7vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b4905080f9101-FRA

GET
H2 200 shortcodes.js Show response
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/js/ 10 KB
4 KB 102ms
97ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/js/shortcodes.js?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdae6ec5705a433fbe45f34fc46a72d387bc8315a9cd377a530f0a31900459a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620804
cf-polished: origSize=10708
etag: W/"64c95f38-29d4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2q8yQ71Xvl%2FqgU5m5iydeju0aBkXMcI%2FiQ5YZ0Av2c%2FFMsmyIajjWkpOEDfdootYO401s0x5cOvrGZWMqdlzi5wEPWlQFuUTm6XDPB%2FMs25Wa67JBstM2t0y2pNy%2B3deXadc%2B42Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 7f9b490508109101-FRA

GET
H2 200 single.min.js Show response
www.phoneworld.com.pk/wp-content/themes/jannah/assets/js/ 5 KB
2 KB 102ms
97ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/js/single.min.js?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e60d8e5aa1e9414a1312403dc47e1f0e93aab527dcbff70cc861bf4e89c23c11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 28 Mar 2022 00:41:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"62410448-15ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wdx3nQ5e3sM4gc701gYOuPJRpaORkXhpE3FPzVT9yMLZsZeZjVkSZPEYH5iaKMwfXRIpMzWMI%2BHY5J5xZBmnkWbV5yE9xJgT4wutpmqBilLW%2FYbDILdKWZcu4XvfO%2FiFs4MbJz7e9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508119101-FRA

GET
H2 200 comment-reply.min.js Show response
www.phoneworld.com.pk/wp-includes/js/ 3 KB
2 KB 101ms
96ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/comment-reply.min.js?ver=6.3
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 30 May 2022 11:55:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 981151
etag: W/"6294b0bd-ba5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMKlOeC0Fc2SE%2BG6oC38%2B3ljA0h6ann%2FwxFiTy6bTy6rM8ffrjKhiyPtkoBrZBJb%2FiXBZg9MM2PceEcClnE%2F415HIxALLWQWEjoT1bK78nzYD8gccXx2gtYUXBy%2F4wgRu5C9fACiww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508129101-FRA

GET
H2 200 underscore.min.js Show response
www.phoneworld.com.pk/wp-includes/js/ 18 KB
8 KB 102ms
98ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/underscore.min.js?ver=1.13.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 10:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"63cfac7d-4991"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pdsXrI4asoi%2FRhQFOdScnbXleJUXDKNUS184LOt8pIvaILpAT9rTzoZ5uhDH3%2BbnpgF0w5jOUuhWHOm5snZu%2BoGPjSB2vN8EZZbFySuQ9o3g4i92ShmtG4bvDfkuqhtt23MoXMfgxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508139101-FRA

GET
H2 200 backbone.min.js Show response
www.phoneworld.com.pk/wp-includes/js/ 23 KB
8 KB 80ms
75ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-includes/js/backbone.min.js?ver=1.4.1
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b99993143ef5c98b746267c0a19fd2c2f4a6d64af3e1dae82a87573c4b9b1572

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 15 May 2023 17:05:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893185
etag: W/"64626646-5d28"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTultU0iiqfJvGyO7V3sFk5yvVpZaJ45fs9eP%2FxKbHZzI6JZRLDNa2TMSz31ADycAPmQDb6JOXv8vxrzFulF5Yplf7qjWC1EXawxIPYONkNcuyKO6i94H1WoTx4qC%2B5HuugA0BAXAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508149101-FRA

GET
H2 200 frontend.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/js/ 60 KB
16 KB 99ms
95ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/js/frontend.min.js?ver=2.18
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a65632f160cf5bfc65a7555220876eeab940e61a21bbe7ae926e4c5a6c3d0f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 05 Jun 2023 07:30:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6589600
etag: W/"647d8f30-ee6e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DSZwvYyW8glpGLnpErIPsQLpXKDNYy%2B2UFvu0uCNLEysLZOgfRJ45cBBnwjoDUjCxZFvxM892YnOxbNp%2Bw7pySfZ2xAx2fhzbjrTtxGHYIIkZ2zhnenUgm6AqP8UNl%2B6Z1I3g1rXTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b490508159101-FRA

GET
H2 200 e-202333.js Show response
stats.wp.com/ 7 KB
3 KB 92ms
27ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202333.js
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684461103136.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 12 Aug 2024 06:45:23 GMT

GET
H2 200 autoload-parent.js Show response
www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jannah-autoload-posts/js/ 17 KB
7 KB 101ms
97ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/jannah-autoload-posts/js/autoload-parent.js?ver=1690918712
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37ae5e7eb18f5756a613e19c5709e7b6b26fa3c5cde995ee431b068aef2f13ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 19:38:32 GMT
server: cloudflare
age: 1620804
cf-polished: origSize=17926
etag: W/"64c95f38-4606"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPY7bRwnf9O8w1qvKL6wp7EwtOgtXYcbhQS%2BOaWqF6LS61u3gbrKtwOoHQF3o0km5SVyYywp%2BqWRWQO0FNJqePWH9sUPrkc%2B53xrLLQSflAAxrOLrPl1Zrk%2FqwlbBvJTRb5%2BF4OsnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 7f9b490508169101-FRA

GET
H2 200 lazyload.min.js Show response
www.phoneworld.com.pk/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
3 KB 36ms
36ms Script
application/javascript 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 09:13:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6893186
etag: W/"643e5f34-22bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2CzUXOZTf3hS8O1xcKksGRhBHYjWZzhre3icBFpWz8hm2LHHNeV15XFF4XW2Z8Jg6Z8reBVL5yOmES%2BNaG1YccfHQyb7V6zEbI9JZKhR8glwwRx1oIW7ezIMI6H4wy57i9sJ05lWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f9b4906997a9101-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
51 KB 288ms
156ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: avads.live
URL: https://avads.live/s/av.pworld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

786653ab0e3afb34ce8cd74298fa7140e8c6f85f62da78617634009e09ed4768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51322
x-xss-protection: 0
server: cafe
etag: 10047024688772597628
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 20 Aug 2023 14:21:53 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 97 KB
28 KB 300ms
148ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: avads.live
URL: https://avads.live/s/av.pworld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8d778efc7dc25944147ff00bbea3cda6aa4a92da1b7e997b48830d4e051d31a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28539
x-xss-protection: 0
server: cafe
etag: 560 / 19589 / 31077163 / config-hash: 4570674370816517536
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 20 Aug 2023 14:21:53 GMT

GET
H2 200 print.css
www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/ 2 KB
1 KB 43ms
42ms Stylesheet
text/css 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/css/print.css?ver=6.1.4
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1672b6adb575ab5321d426ebcca1e8b00217bfb2704fb41797f0dc91f5f5061

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6893186
cf-polished: origSize=1761
x-cache: HIT
cf-bgj: minify
last-modified: Thu, 12 Jan 2023 04:05:02 GMT
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYjq%2BAmHaK0o%2Fek%2FJrBFh9RMEBhoa3BtRq6FzjYanrgGnXFyoNgz7mk8NWkgzq7FmYGCrYR7Nh38WcrIULqMo4LYhfD9ZxMzHoEkl6bGBt7aKjcjDe%2Bkfmnc2KVpB66%2FnPDa4oJd2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
cf-ray: 7f9b4906997e9101-FRA
expires: Fri, 31 May 2024 19:30:46 GMT

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd52521af5ceb8f50b7acb0245fd2278e761ab56b876ca33ae16012f384468a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4bf862f3586f612ddb5751eb35d4e67ea6719bd5049fd103a606f303a025ca1e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a14ea03c678fe3a3ac453e1778b500e39bd693d46843141ad49536f0760012d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04a59f4b56d8d14ed7c127db4cfedf8caa618594e00b14bb9a6150182e7c31d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15d51a96c00f46c89828a7e962637d786edd66bd3ddde40c395f8647649d958b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf072b797353602918996980c44cfe88d0067ac8bc2582aa01d55ba11fd8ecf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06684ef23bf7efa9b16e44669ac0986788be53136be89e89857a473b32ed5374

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 loading.gif
www.phoneworld.com.pk/wp-content/plugins/mailster/assets/img/ 4 KB
4 KB 35ms
35ms Image
image/gif 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/mailster/assets/img/loading.gif
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72bda989d376fa49ec87c8847f5e41ec792d4f4502842481f4cc4e1bb8f61a15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6851861
cf-polished: origSize=4162, status=webp_bigger
content-length: 3741
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Apr 2023 09:12:31 GMT
server: cloudflare
etag: "643e5eff-1042"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cVQGAjKEv6hRFn3VAQHOF9poljRuREhRJd5yTtjDAoLhKAp9khI3BNrSixPeky4%2FidQcPbA8Dta0cEwO%2F7DEx2fSTXrAEsftE4Qff9ng1x%2F%2FcwVqTWza0Bg%2BKgR%2FX8eXOeVIe9M8Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4906b99e9101-FRA

GET
H2 200 fa-solid-900.woff2
www.phoneworld.com.pk/wp-content/themes/jannah/assets/fonts/fontawesome/ 78 KB
78 KB 37ms
36ms Font
application/font-woff2 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/fonts/fontawesome/fa-solid-900.woff2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/fontawesome.css?ver=1690918712
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Referer: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/fontawesome.css?ver=1690918712
Origin: https://www.phoneworld.com.pk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Mar 2020 17:46:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6854140
etag: "5e78f5da-13654"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JgHbwy5Dachh%2Bk%2BjMfGaz1xNKltgNKXu%2BoQkj9svrjKwJr3zmQSzcl2vP4CqjGkKZ%2BWUKellMDN6%2FVQBoXZtBdNN5TJjg%2B%2BIhzxS45LyT17b2oFxqcNVtsDbFFoHAILBd55UzpFPBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4906c9a89101-FRA
content-length: 79444

GET
H2 200 tielabs-fonticon.woff
www.phoneworld.com.pk/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/ 40 KB
25 KB 39ms
38ms Font
application/font-woff 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/tielabs-fonticon.woff
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/helpers.min.css?ver=1690918712
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1bc17112f84d3e3b9e381a292e9ee6263cfb0706f07e34501396dee3a7c8a2a

Request headers

Referer: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/themes/jannah/assets/css/helpers.min.css?ver=1690918712
Origin: https://www.phoneworld.com.pk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 03 Jul 2022 20:06:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6885127
etag: W/"62c1f6be-9f6c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqaCtKvKTwqwmRy6JG%2BzHzvwui7MM5%2Bgn2wcfbH49ENnUW4SPvDoAlvIHMVazowpiXWGnE0K8aYMmDsVQJyvSmXsPVGZ3fa8FBIRQ59aGq0wXdgiWKSv%2F1dfhNV6k6ogJSzmSvlfVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: public, max-age=31536000
cf-ray: 7f9b4906c9a99101-FRA

GET
H2 200 admin-ajax.php Show response
www.phoneworld.com.pk/wp-admin/ 64 B
549 B 451ms
450ms XHR
text/html 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.phoneworld.com.pk/wp-admin/admin-ajax.php?postviews_id=250977&action=tie_postviews&_=1692541313017

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

638a34db1d7b3f386cf2f8e7544101985f7982921d317c59338e3f6f981bb81e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2DQYvbaz%2FpqYp1lu6fpezGIf0PxPpR7h8XmTf6mgAA%2Fz5sklG%2FOXiGMo%2F2w%2FS1g9BzLgS0BC04PCNqeuB25ftake%2BTdUcFhkk9d%2FAMUaapRCJQiUAGzHbldkFkPO%2Fj9b%2F0iOWg1r0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
cf-ray: 7f9b49076a249101-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 app.min.js Show response
cdn.webpushr.com/ 43 KB
13 KB 110ms
28ms Script
application/javascript 167.172.183.24
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.webpushr.com/app.min.js
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.172.183.24 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 24121647cc448082299e345c46eadb6f1e488fcf6a0e11302fc8e7d67df711be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: gzip
last-modified: Wed, 24 May 2023 18:52:05 GMT
server: nginx/1.16.1
etag: W/"646e5cd5-aca2"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
x-gg-cache-status: HIT, HIT
cache-control: max-age=86400
expires: Mon, 21 Aug 2023 14:21:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 175ms
54ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-23026382-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 20 Aug 2023 13:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1930
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 20 Aug 2023 15:49:43 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 251 KB
85 KB 77ms
76ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7QWBTY4Y25&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-23026382-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

271ab017788515ea1f86ec3f56fc3690fea086535affbe0d5c9ec5d4bfac79d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87177
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 20 Aug 2023 14:21:53 GMT

POST
H2 200 admin-ajax.php Show response
www.phoneworld.com.pk/wp-admin/ 1 B
333 B 681ms
680ms XHR
text/html 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.phoneworld.com.pk/wp-admin/admin-ajax.php

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-content/plugins/advanced-ads-tracking/public/assets/js/dist/tracking.min.js?ver=2.4.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7tdbo7dVooZYyI7K99qmUGvV%2BvE5qZeEiGmXmks42zVh3hlH2R7NhfkHR432oFcx7es3qt4A4EwPpDLdvFbUmQi0%2FNZ67aFE7xVfZuUwaZcHg32sNE4JXm63F90VBaNLmRflyH4Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
cf-ray: 7f9b4907ca7a9101-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 33ms
27ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=65708759&post=250977&tz=5&srv=www.phoneworld.com.pk&j=1%3A12.1.1&host=www.phoneworld.com.pk&ref=&fcp=1193&rand=0.1957746004891432
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 20 Aug 2023 14:21:53 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 3 KB
904 B 36ms
27ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/hovercards/hovercards.min.css
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202333
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 922f7310455a01a1cc789155c95eed771508f7cf31cf38b176a934147e26c7af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
last-modified: Mon, 07 Aug 2023 12:03:28 GMT
server: nginx
etag: W/"64d0dd90-d4e"
content-type: text/css
cache-control: max-age=604800
expires: Sun, 27 Aug 2023 14:21:53 GMT

GET
H2 200 desktop-1.png
www.phoneworld.com.pk/wp-content/uploads/2021/08/ 2 KB
2 KB 39ms
37ms Image
image/png 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2021/08/desktop-1.png
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cf68980ebfec488f70450492f520b9bfcfe235c117fda6c559940717e15091

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 936739
cf-polished: origSize=2699, status=vary_header_present
content-length: 1715
cf-bgj: imgq:85,h2pri
last-modified: Tue, 12 Apr 2022 11:47:04 GMT
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzssM30U9Z5lgZGq8WPxN45FQ%2FUjr%2BoInmBzyErq6yMSCckWepehxA6vcwf2HorMQvPSOtI%2FlZCmAV6OckEEZsXD%2Bxb74jCnca72R%2BBVAjZjIWkZVuSa%2BJrYRxrRQjObo4zr3KvWkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 7f9b4907ea9d9101-FRA
expires: Thu, 07 Dec 2023 18:09:34 GMT

GET
H2 200 hacking.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/08/ 33 KB
33 KB 43ms
41ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/08/hacking.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb65a83aaae58dccda5d5835357f7c852446491cadfb7b375555d78885723683

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 183685
cf-polished: qual=85, origFmt=jpeg, origSize=110593
content-disposition: inline; filename="hacking.webp"
content-length: 33752
cf-bgj: imgq:85,h2pri
last-modified: Fri, 18 Aug 2023 10:18:49 GMT
server: cloudflare
etag: "64df4589-1b001"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iCQ6LROwIIJsnSQNuWklOHA7ADIuXGf4%2B42ZMSGLhsPYOXAPVLWkpZgMcVk97tD4eXizHU2CAZeOlOlr6%2Blxezm7GYGvMnNDCAtTuaSYyUFhLSMpdJvMSjizGrABmfrnLVVC0qM4ug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907ea9f9101-FRA

GET
H2 200 Pay-PTA-taxes-in-installments-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/08/ 8 KB
9 KB 495ms
493ms Image
image/jpeg 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/08/Pay-PTA-taxes-in-installments-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 819927e0e18e2f640b5bfa61728e9080e2c92edec215022a6ad6f03c51434efc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: MISS
last-modified: Fri, 18 Aug 2023 07:26:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64df1d1a-2114"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2HIn10Z1PKxDfkGaCkJ6dhWPt6sCg2M58sYiar7pWBrwj23nTFojQFViMkcdRqPyaLHLC1KeXPZHn4wqR%2BQNzkoFr%2F%2Bb1uOUjBz9RnGy10wJBcZizHE8dUFysFvn3B0qGJSjRF4kfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907eaa09101-FRA
content-length: 8468

GET
H2 200 Android-APKs-Compression-Methods-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/08/ 5 KB
5 KB 38ms
36ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/08/Android-APKs-Compression-Methods-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a86bb0af999aabf8f5e1a5c7afd2844f81aa92c972ee8a3485fb426811d6309

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 60782
cf-polished: qual=85, origFmt=jpeg, origSize=6509
content-disposition: inline; filename="Android-APKs-Compression-Methods-220x150.webp"
content-length: 4986
cf-bgj: imgq:85,h2pri
last-modified: Sat, 19 Aug 2023 11:57:53 GMT
server: cloudflare
etag: "64e0ae41-196d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WE1GXfs0l9DJD9%2BmFkn5fTrh8HgejttL0nrkpjSOSJPPFxOokZGhUMjEJCbbJw6ORjAqdrEbQsSjV0s0FCAKNsOWVkuLfbRo6GIZYQGjuVyxGI7hxYiZqk7yPppe7lrmeNr3JLLUcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907eaa29101-FRA

GET
H2 200 22-220x150.png
www.phoneworld.com.pk/wp-content/uploads/2023/08/ 37 KB
38 KB 40ms
38ms Image
image/png 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/08/22-220x150.png
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f848cd3f3072b5793df1b5acd706e12f0883e3f1c2458b883a852631cf0be2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 109324
cf-polished: origSize=43282, status=vary_header_present
content-length: 38258
cf-bgj: imgq:85,h2pri
last-modified: Sat, 19 Aug 2023 07:14:13 GMT
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BbK5l%2FPwwImSSfbMrMvVUR2tiwqAx7nmyFSt44Jq6k6kkDBv3mB6Kd9ggefTZXtXVgf%2BXg9REv5Hrw8%2B2ulhipkgnZ7GPclX%2FkH%2BwNjPqSfAwXeCZCi9oSinbdjZZSFSgdv5BIQiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 7f9b4907eaa49101-FRA
expires: Sun, 17 Dec 2023 07:59:49 GMT

GET
H2 200 IMG-20230818-WA0074-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/08/ 3 KB
3 KB 39ms
38ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/08/IMG-20230818-WA0074-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 633f04c0bde0e94e5a4e742b390b01f13b8663e494648ea90ab8c421f71908d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 148333
cf-polished: qual=85, origFmt=jpeg, origSize=4914
content-disposition: inline; filename="IMG-20230818-WA0074-220x150.webp"
content-length: 3076
cf-bgj: imgq:85,h2pri
last-modified: Fri, 18 Aug 2023 15:23:19 GMT
server: cloudflare
etag: "64df8ce7-1332"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruiqlgOI9%2F0yG3VV5vzevmzqp6v%2FFPq9PvcKI55n23Y7m508D%2FgSYDcsCfhyXpOrlp8vhaHUsukNtAtXbXIhACB3spUhSZE%2Fv6TDoYnuR4zVc8P9BadRxpjo9JcMCebUwMGcxotrMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907eaa59101-FRA

GET
H2 200 Untitled-1-139-1-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/07/ 7 KB
7 KB 41ms
39ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/07/Untitled-1-139-1-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90c86a8cf50c843fdfee59fe9bbecaf3aef7349b05d6469b959c919356788a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 24480
cf-polished: qual=85, origFmt=jpeg, origSize=8249
content-disposition: inline; filename="Untitled-1-139-1-220x150.webp"
content-length: 7080
cf-bgj: imgq:85,h2pri
last-modified: Fri, 21 Jul 2023 06:36:06 GMT
server: cloudflare
etag: "64ba2756-2039"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WceIZ4kGiiRpLAJ%2FYDopJMiPBTI7NZyRvAV%2Brv%2FM%2BJ6AMl0UgnwkJ3nevkDhSFy0XLKVq72Fgu86wg2yhY8e7HXNjLrZp598cn3o%2F%2FS7j9wQftnCzsNuzCr6LoE1bt%2FlEFYNSVzG1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907eaa79101-FRA

GET
H2 200 temporary-mobile-reg-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/07/ 6 KB
6 KB 37ms
35ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/07/temporary-mobile-reg-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a976760768b0be95005812deac4f09c1721505c5d631532efe5bd80352ed295

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 339918
cf-polished: qual=85, origFmt=jpeg, origSize=10966
content-disposition: inline; filename="temporary-mobile-reg-220x150.webp"
content-length: 5856
cf-bgj: imgq:85,h2pri
last-modified: Wed, 19 Jul 2023 09:10:58 GMT
server: cloudflare
etag: "64b7a8a2-2ad6"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GLSauEuvz9avNw6aO50wQmI8njxbjEwpRQNozuym0H3Fr349Bt6yuLsLIonaZtUYCwqxbBvqCw12Mg7VMpRFW5sbThTUhdSyDTRzrgfv9q5lpUZNSvGznYUayEUvZCME%2F92s7njZXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907eaa89101-FRA

GET
H2 200 temporary-registration-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/07/ 9 KB
10 KB 41ms
40ms Image
image/jpeg 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/07/temporary-registration-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f42b94d099916980fb192ffa1aad0920a000d28fd9d718015f4e6ad7a4d080f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 328723
cf-polished: degrade=85, origSize=21622, status=webp_bigger
content-length: 9661
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Jul 2023 11:56:14 GMT
server: cloudflare
etag: "64b67dde-5476"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYYUw%2BThuWsXlAoNKwsHl%2FDc6%2F2LRTKfCbbRlkDOu%2BeJkJlQbyzB1lLVuwMkVed2cvNSucHgzQQLyVl%2B1DQZzQv5QlF7a42itFYHPFIZ9DUNVW1sh14uBVBgfmqz5Yub9wzciBd2qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907fab19101-FRA

GET
H2 200 Pay-PTA-taxes-in-installments-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/07/ 7 KB
7 KB 44ms
43ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/07/Pay-PTA-taxes-in-installments-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3f99872ceadfc1f744644d6b6df26a3d2e7aaca0c9f763d71cdd3e8db5a06f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 621964
cf-polished: qual=85, origFmt=jpeg, origSize=8468
content-disposition: inline; filename="Pay-PTA-taxes-in-installments-220x150.webp"
content-length: 7268
cf-bgj: imgq:85,h2pri
last-modified: Fri, 14 Jul 2023 07:42:37 GMT
server: cloudflare
etag: "64b0fc6d-2114"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQzvvaz611CMyjCLoFshFLtIwf1qlbvE8Uxwa4FLwXYDMSMXGmL%2BUNbLLqwHlKewhu1TeBsPzbLlC%2Bb40Dl1Mzae%2BocXFJNerUQ7GYcPd2NHqphCLja1hYTUauPXqc%2Bw%2FI5Okik%2FLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907fab29101-FRA

GET
H2 200 Pay-PTA-taxes-in-installments-1-220x150.jpg
www.phoneworld.com.pk/wp-content/uploads/2023/06/ 7 KB
8 KB 43ms
42ms Image
image/webp 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/uploads/2023/06/Pay-PTA-taxes-in-installments-1-220x150.jpg
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3f99872ceadfc1f744644d6b6df26a3d2e7aaca0c9f763d71cdd3e8db5a06f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1232947
cf-polished: qual=85, origFmt=jpeg, origSize=8468
content-disposition: inline; filename="Pay-PTA-taxes-in-installments-1-220x150.webp"
content-length: 7268
cf-bgj: imgq:85,h2pri
last-modified: Fri, 23 Jun 2023 10:00:19 GMT
server: cloudflare
etag: "64956d33-2114"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wqoo4RfR1scP3tmxaGKezEO6QxcshEOSE1NSnEJi74XdFKpOyaZlp1uWjA0bs%2FxrMqCAAP1AnikEs9%2BZnxzUw2t9q7oqnb0AFvV1O1LD%2BiWHARfV%2ByWYyTuGHOtXNdOu0SOOlMrLEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b4907fab39101-FRA

POST
H2 200 admin-ajax.php Show response
www.phoneworld.com.pk/wp-admin/ 84 B
462 B 734ms
733ms XHR
application/json 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.phoneworld.com.pk/wp-admin/admin-ajax.php

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

525ef40a0ed25fd866873cfafe160a444dab62cf34d2fa53221e1a95c73dfb0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENEHigfmoe4SXpgNjKUwZzkQx0Cwg1gsaupXoc8iyP%2Bz6x%2FmBZm4G0Dl2ooZZIiTbM1xCaQZsMn7TQnabdEhwje%2FSWOgnquPAbbevQH0Q%2BJPGc8Oj6i08522Q%2Bg4Myj8J60KcITWVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
cf-ray: 7f9b4907fab49101-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 105ms
34ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7QWBTY4Y25&gtm=45je38g0&_p=12866460&_gaz=1&cid=1774754590.1692541313&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692541313&sct=1&seg=0&dl=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&dt=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7QWBTY4Y25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 106ms
35ms Ping
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-7QWBTY4Y25&cid=1774754590.1692541313&gtm=45je38g0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7QWBTY4Y25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 212ms
94ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7QWBTY4Y25&cid=1774754590.1692541313&gtm=45je38g0&aip=1&z=907354046

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/ 402 KB
127 KB 208ms
55ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6eda84e469463424ebf458949c409a82ee31d042cf3c8e84978658832f634c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 23:23:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53919
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129634
x-xss-protection: 0
server: cafe
etag: 8962464231799197432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 18 Aug 2024 23:23:14 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
211 B 62ms
61ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=12866460&t=pageview&_s=1&dl=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&ul=en-us&de=UTF-8&dt=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1802377178&gjid=1732342474&cid=1774754590.1692541313&tid=UA-23026382-1&_gid=1705360363.1692541313&_r=1&gtm=457e38g0&jsscut=1&z=708756026

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.phoneworld.com.pk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230816/r20190131/ Frame C4B0 10 KB
5 KB 186ms
57ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230816/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a56bbb4199232f466109c81aad2004410c5d35567ebb59c1a0aef0f9f79b91dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.phoneworld.com.pk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6691
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4542
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 12:30:22 GMT
etag: 13776922816869014096
expires: Sun, 03 Sep 2023 12:30:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
1 KB 96ms
95ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&ists=1&fas=8&sc=1&cookie_enabled=1&abxe=1&dt=1692541313838&lmt=1692532966&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=1140507532&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ff3e92f7890ba5bbd26d3a9dfb4e3731506154a4703c3c57775b21fe869a979

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 732
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B419 6 KB
3 KB 227ms
65ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.phoneworld.com.pk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:54 GMT
expires: Mon, 19 Aug 2024 14:21:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/ 37 KB
13 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl_page_level_ads.js?cb=31077163

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75cabc24bf21015cd44fc8329fd6070558e9503cf50eadfa65b8d20504bb803f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 15:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81908
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13169
x-xss-protection: 0
server: cafe
etag: 9395162698141603618
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 18 Aug 2024 15:36:45 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
12 KB 555ms
555ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_sidebar_top&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=2&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313853&lmt=1692532966&adxs=1046&adys=167&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=307x0&msz=307x0&fws=4&ohw=307&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=1853477310&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

092010a00a9ad9ec13a15cc1de1dcd925b30c743c6cf49a38097389ed3a07f2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12172
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 983ms
983ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_top_header_atf&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&ifi=3&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313859&lmt=1692532966&adxs=436&adys=126&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=1353347140&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbe318c16dc831941c721c67adc2740f0dda25681d9ed9070c517dedc5cce975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9904
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 50 KB
12 KB 1313ms
1313ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_in_content_mid1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C300x250%7C320x250%7C336x280&ifi=4&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313863&lmt=1692532966&adxs=246&adys=1386&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=720x0&msz=720x0&fws=0&ohw=0&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=3713383300&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81baa92972e5a729cbf915fe4187a3e63d17b0f9c078f7ea14a291d8a4571171

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:55 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12370
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
12 KB 2026ms
2025ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_sidebar_bottom&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=5&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313866&lmt=1692532966&adxs=1046&adys=818&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=307x0&msz=307x0&fws=4&ohw=307&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=3194719814&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4204303e05bf16a93b212c146d3e9a248d7abed958e6a3846910148e5b78d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:55 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12010
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 58 KB
14 KB 2323ms
2323ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_in_content_top&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250%7C320x250%7C728x90&ifi=6&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313870&lmt=1692532966&adxs=438&adys=919&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=720x0&msz=720x0&fws=0&ohw=0&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=4290479161&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd07bcd3439000568c9bcdb21b794a36c897c9101102e11a3cee14e55cb0f1ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14111
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 106 KB
38 KB 2915ms
2914ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_catfish_atf&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&ifi=7&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313874&lmt=1692532966&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=1497981685&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6218fad6f0bfdab65ed936f74cb3608dd4465d97cbe703bc2f56468308fe43fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39059
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
13 KB 3773ms
3773ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3924240903733991&correlator=961970630676733&eid=31077163%2C31070233&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fif&iu_parts=133545211%2Cphoneworld_in_content&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C300x250%7C336x280%7C320x250&ifi=8&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1692541313877&lmt=1692532966&adxs=246&adys=1128&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&vis=1&psz=720x0&msz=720x0&fws=0&ohw=0&ga_vid=1774754590.1692541313&ga_sid=1692541314&ga_hid=12866460&ga_fc=true&dlt=1692541312753&idt=1034&adks=1862474756&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f2a22bd06f529e168758f23d73b5f44a95ceb718552e4356ee5e250a8ca1bd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:57 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12990
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.phoneworld.com.pk
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK get_info Show response
bot.webpushr.com/prompt/ 9 KB
3 KB 111ms
28ms Fetch
text/html 157.230.100.179
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://bot.webpushr.com/prompt/get_info
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.230.100.179 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9a520b81ffd7648d0ecebde7fb82e3c1c061dbb328eb4da1cf823a216c11815b

Request headers

Referer: https://www.phoneworld.com.pk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

server_name: lookup3
Date: Sun, 20 Aug 2023 14:21:53 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
X-Fastcgi-Cache: EXPIRED
Access-Control-Allow-Origin: https://www.phoneworld.com.pk
Access-Control-Allow-Credentials: true
proxy_server_name: fr1_lookup_proxy
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
X-Proxy-Cache: HIT

POST
H/1.1 200
OK session Show response
analytics.webpushr.com/impression/ 0
544 B 107ms
31ms Fetch
text/html 167.71.54.9
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/session
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.54.9 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.phoneworld.com.pk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 20 Aug 2023 14:21:53 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://www.phoneworld.com.pk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 250977 Show response
www.phoneworld.com.pk/wp-json/tcm/v1/comments/ 61 B
726 B 390ms
390ms XHR
application/json 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.phoneworld.com.pk/wp-json/tcm/v1/comments/250977?itemsPerPage=10&page=1&sortBy=comment_ID&order=DESC&_=1692541313018

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16a3f96d874fd924e26c49252372ba799d2f3d3edc6d8ae458d1bbdf7dbd6901

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
X-WP-Nonce: db71a46cd7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
allow: GET
vary: Origin,X-Forwarded-Proto,Accept-Encoding,User-Agent
content-type: application/json; charset=UTF-8
x-dlm-no-waypoints: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MoHmAhoXVfD9U%2FsCpQyUp8v1N2h2BoJ1m4E6sIKuNyr4%2Btu9UH3lNvGiXqQ8TVWW36v6ruXEAn0TYpKu3qlArB2tMaza%2B89cJ8NC9oq1U1fkXuNUm%2F%2FlRErdyRM0R8DXQ%2Bz9pCIsBw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=0
x-robots-tag: noindex
link: <https://www.phoneworld.com.pk/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 7f9b490c8f109101-FRA
x-wp-nonce: db71a46cd7
expires: Sun, 20 Aug 2023 14:21:54 GMT

GET
H2 200 Roboto-Regular.ttf
www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/css/fonts/ 168 KB
168 KB 38ms
37ms Font
application/octet-stream 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/css/fonts/Roboto-Regular.ttf
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/thrive-comments/assets/css/styles.css?ver=1690918712
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79e851404657dac2106b3d22ad256d47824a9a5765458edb72c9102a45816d95

Request headers

Referer: https://www.phoneworld.com.pk/wp-content/cache/min/1/wp-content/plugins/thrive-comments/assets/css/styles.css?ver=1690918712
Origin: https://www.phoneworld.com.pk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 09:12:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6885126
etag: "643e5f18-29e9c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fv8E6EnG5eCZHVg2NCwcoVDF3vx7IFibUE0kh%2Fu444SwxnzljSEtVJ%2BbRkSOQDLeAOY1%2BINzgZtBcPe4C%2FwsWWxDBw8WKCjGMpahOvi1kLSDgAjsuXSm2OEtxoILZDdZFY6750bWtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7f9b490c9f149101-FRA
content-length: 171676

POST
H/1.1 200
OK prompt Show response
analytics.webpushr.com/impression/ 0
544 B 30ms
30ms Fetch
text/html 167.71.54.9
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/prompt
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.54.9 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.phoneworld.com.pk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 20 Aug 2023 14:21:54 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://www.phoneworld.com.pk
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 YePt0rEXqY.png
cdn.webpushr.com/siteassets/ 4 KB
4 KB 28ms
28ms Image
image/png 167.172.183.24
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webpushr.com/siteassets/YePt0rEXqY.png
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.172.183.24 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: ee17e0e2ab2e750502467ce4fdeffbc3979d6677bfd81ebe98e1a6669f53ccf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
last-modified: Tue, 19 Jul 2022 10:29:37 GMT
server: nginx/1.16.1
etag: "62d68791-e07"
content-type: image/png
access-control-allow-origin: *
x-gg-cache-status: HIT
accept-ranges: bytes
content-length: 3591

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 225ms
107ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c2e7fe102b728b4b71880c7bbcb0436077012be559ce02ccad1b62bd00d386e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11720
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 290ms
147ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 20 Aug 2023 14:21:54 GMT

GET
H2 200 placeholder_avatar_icon.svg
www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/images/ 932 B
870 B 37ms
37ms Image
image/svg+xml 104.26.6.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.phoneworld.com.pk/wp-content/plugins/thrive-comments/assets/images/placeholder_avatar_icon.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.106 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64b55be244048bf05a8a204b5799e7602ae7f715de3f18865ffc3a053fc9fe19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 09:12:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6885125
etag: W/"643e5f18-3a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TmthykD1rgb8vXMHqaNweRoZft4M8juERLihSQyYnI7m8OOA45oDnb82B4GdLSTyJH8vMd8OH0UeMIor2wQbesTtnULyaE7h5Y%2FkZ1toW%2FCZ9LR7PuOwGhaoCzxToB1QN695QcK%2F3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 7f9b490f097e9101-FRA

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame CB1A 222 KB
62 KB 218ms
55ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:31 GMT
age: 479183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:31 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame CB1A 15 KB
5 KB 327ms
165ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:23 GMT
age: 479191
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:23 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame CB1A 94 KB
28 KB 342ms
180ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 10:46:54 GMT
age: 444900
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 10:46:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame CB1A 5 KB
2 KB 362ms
200ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame CB1A 40 KB
13 KB 331ms
170ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
DATA 200
OK truncated
/ Frame CB1A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abaac68efd8c6ee70ad14c253173170c57a409b87aef98a418534e38d9d57d5d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 3881219415707341466
tpc.googlesyndication.com/simgad/ Frame CB1A 45 KB
45 KB 84ms
57ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3881219415707341466?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4ql2K9LwA1qHlBZ4y9KFuYN_fTkO0Q

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fa884a8a3b751aa489d13d81f23d5cf4e1a3aabb9c5dbd622ba5b839db0c7f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:47:43 GMT
x-content-type-options: nosniff
age: 20051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45950
x-xss-protection: 0
last-modified: Mon, 24 Oct 2022 14:27:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 19 Aug 2024 08:47:43 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CB1A 2 KB
3 KB 154ms
127ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:26:59 GMT
x-content-type-options: nosniff
server: cafe
age: 60895
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:26:59 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CB1A 295 B
664 B 82ms
56ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:40:34 GMT
x-content-type-options: nosniff
server: cafe
age: 60080
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:40:34 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6069 13 KB
5 KB 59ms
57ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.phoneworld.com.pk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 8269
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 12:04:05 GMT
expires: Mon, 19 Aug 2024 12:04:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9098 829 B
1 KB 198ms
68ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e3b8509c9251f39204d1f99494791c629dd45ad45ae21f4d7c134f4a86af56a3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-t0UHM4b2-smHRubUEZ3uDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.phoneworld.com.pk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-t0UHM4b2-smHRubUEZ3uDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:54 GMT
expires: Sun, 20 Aug 2023 14:21:54 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 -jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6069 37 KB
15 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa377f05c276fe6b8779b9dae9a33eb78070009a8df373671778439bcdd13d9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 09:42:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14691
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 19 Aug 2024 09:42:51 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame CB1A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

67ms
67ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H2
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

date: Sun, 20 Aug 2023 14:21:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 container.html Show response
fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AE47 6 KB
3 KB 58ms
57ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.phoneworld.com.pk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:54 GMT
expires: Mon, 19 Aug 2024 14:21:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9098 0
0 156ms
155ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308150101&jk=3924240903733991&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FB6B 624 B
531 B 101ms
98ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLGLhfMBMAE&v=APEucNUUZdXtaqOFtQgLOaWawhngwD72jIzHwKCBbM3-7hu0q7Nf2QfoyCKxSc1iMjAyPTB1F_A3kXkNBvVVY973XQq1j5up0jKku-TS8M0zjiqpOd6nZXQuF0PPm0Y1tp6V39n_BeJZCO_kWh6sc_EajRWyyVuQQqUdfL6I9pHQuZPAD_ZiBQU

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:55 GMT
expires: Sun, 20 Aug 2023 14:21:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame AE47 86 KB
29 KB 188ms
187ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 20 Aug 2023 14:21:55 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE47 42 B
63 B 156ms
155ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B3E2cduuAk08_B1leVcHrShYLmQrsfnIA-gPNOWgKB0_J7PsdoZZsmGM6jUnmJGYg6Ofu-UJreTNmgh104TPHL--9dtxEQZ_V1qtlJ-GCr909kKE8

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE47 0
20 B 157ms
156ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2118599424577495979&x=1&ct=119

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame AE47 3 KB
1 KB 56ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 11:18:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 11:18:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame AE47 20 KB
8 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 13:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3204
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 13:28:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AE47 180 KB
57 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Aug 2023 14:21:55 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CB1A 0
0 101ms
101ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUHGugSHiZOigN4Sg9u8P4uCEwAPU0bW5crCJtsS7EJ_V1qq8ARABINvrhCdglfrwgYwHoAGG19e9A8gBAqkCPZodL7Y9sj7gAgCoAwHIAwiqBMECT9BovzAuMXB3e3FpitMryngIec54hnf-I0SC6WqZGlFg92bjX-Xz0Az8zfNZ0HXvxtJhyggM1wF-gopigonBaf1CdmsgNibGiDyZN1psld6fYY7t5P1W2eunG9nRqKavsYBkwNClHMGaSEuyJlUCJQaVjXY8Vv3pCygFzQ9eqZRXUizTVSEmofdxTofAOPx7CnhqXzT98hWaSrOvwiSjwEvR8MC3lI4Sy1mVopU-543udixNmHpwlEB-CAJr_OZqi2abYBot5QTOweqcFUHSWFp_Oysl8OE8OAfsLx9CziO9Ww4nN3okUzgLHzVUdzEDZs50My-HClX5mXjlX3QJZYmzSCPy0kbsWkWDN7mquOjsZalfTMXlUhVPRZqmcAziymQFqdDRH09yjk15ZPM-96rZAq6XaOT_BNGC9IKPIrAHwASC6srbkQTgBAGSBQQIBBgBkgUECAUYBKAGAoAH4qioQqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEM3xBNIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCTtodHRwczovL3d3dy5saWxpZW50aGFsLmJlcmxpbi9sMDEtMTEyLWIwMjNqP3ZvdWNoZXI9c3BlY2lhbIAKAcgLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi03NDU3NTk3Njc4MTcyODM1GPvSHA&sigh=a7aUtbtgp-k&uach_m=[]&ase=2&cid=CAQSSwBpAlJW82o6rjU_jgyW5Zr851_aNECO0dZEu6IOK45js6iSXvDs0trsOr1SVJU8RrZNIPq4UpM1PkmgMYNqy3ngzG9qiwN7Z6Q1bhgB&cbvp=2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6069 0
10 B 54ms
54ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?oHZASw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FB6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJnC9Y5GdzulX2f13JIKhoI&google_cver=1

43 B
770 B

53ms
53ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJnC9Y5GdzulX2f13JIKhoI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLGLhfMBMAE&v=APEucNUUZdXtaqOFtQgLOaWawhngwD72jIzHwKCBbM3-7hu0q7Nf2QfoyCKxSc1iMjAyPTB1F_A3kXkNBvVVY973XQq1j5up0jKku-TS8M0zjiqpOd6nZXQuF0PPm0Y1tp6V39n_BeJZCO_kWh6sc_EajRWyyVuQQqUdfL6I9pHQuZPAD_ZiBQU
Protocol: H3
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRm343iLilva6nyQD90oiR%2FI82BhpYpXWB%2BJ83uBCFwsQTKKtqPWO%2BJH4rWRCSYGUtWr4AfAVa3d9yYqIeb6t9b7E%2Fms2Tnnqz0ppISNqRmDKwKzuHQGAZ1UgE04cD%2F5s5fAj9i7lhIQqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 7f9b4914cfc558de-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJnC9Y5GdzulX2f13JIKhoI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame FB6B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOIhgwa5bg-DQV3NjcoMeAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAGyRDyApndHsMzjCxrC_HU&google_cver=1

43 B
732 B

54ms
53ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAGyRDyApndHsMzjCxrC_HU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLGLhfMBMAE&v=APEucNUUZdXtaqOFtQgLOaWawhngwD72jIzHwKCBbM3-7hu0q7Nf2QfoyCKxSc1iMjAyPTB1F_A3kXkNBvVVY973XQq1j5up0jKku-TS8M0zjiqpOd6nZXQuF0PPm0Y1tp6V39n_BeJZCO_kWh6sc_EajRWyyVuQQqUdfL6I9pHQuZPAD_ZiBQU
Protocol: H3
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ps68u3ts0UFAsaDa6wHB4gOGGbqkZetPXX%2F98Oe3KZQA8jfdLrbkC7baL7avkcQt962PvPMNJTL031o9RXLE%2F6hqWKEBkrF1Hi5GovUtGs%2BTYt7aUAtEv2%2Bq72EneajbR4Xmp724q9x16w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 7f9b4914f81558de-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAGyRDyApndHsMzjCxrC_HU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame FB6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEH2PE2GmqL6p9iY-U8Uu84Q&google_cver=1

43 B
844 B

28ms
28ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEH2PE2GmqL6p9iY-U8Uu84Q&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLGLhfMBMAE&v=APEucNUUZdXtaqOFtQgLOaWawhngwD72jIzHwKCBbM3-7hu0q7Nf2QfoyCKxSc1iMjAyPTB1F_A3kXkNBvVVY973XQq1j5up0jKku-TS8M0zjiqpOd6nZXQuF0PPm0Y1tp6V39n_BeJZCO_kWh6sc_EajRWyyVuQQqUdfL6I9pHQuZPAD_ZiBQU

Protocol

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
an-x-request-uuid: 25047424-5d15-4916-a3f3-0956a1d2960a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 193.32.248.221; 193.32.248.221; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEH2PE2GmqL6p9iY-U8Uu84Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FB6B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM4MzQxMDQ0MTI1MjEyMjMzNg%3D%3D

170 B
243 B

68ms
68ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM4MzQxMDQ0MTI1MjEyMjMzNg%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
an-x-request-uuid: 3fca0220-3f8c-4c1a-9200-8b57edeca8f4
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM4MzQxMDQ0MTI1MjEyMjMzNg%3D%3D
x-proxy-origin: 193.32.248.221; 193.32.248.221; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame AA13 222 KB
61 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:31 GMT
age: 479184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:31 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame AA13 15 KB
5 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:23 GMT
age: 479192
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:23 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame AA13 94 KB
28 KB 76ms
74ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 10:46:54 GMT
age: 444901
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 10:46:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame AA13 5 KB
2 KB 85ms
83ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508255
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame AA13 40 KB
13 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508255
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AA13 2 KB
2 KB 56ms
55ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:26:59 GMT
x-content-type-options: nosniff
server: cafe
age: 60896
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:26:59 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AA13 295 B
319 B 55ms
54ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:40:34 GMT
x-content-type-options: nosniff
server: cafe
age: 60081
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:40:34 GMT

GET
DATA 200
OK truncated
/ Frame AA13 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 832888005cc3bbe4a7c6d803b944c7fb9ff64f4d0c9bfcc490aa62f10dae3be6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14049639201453444125
tpc.googlesyndication.com/simgad/ Frame AA13 6 KB
6 KB 55ms
54ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14049639201453444125?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkET2KySSi1KcnzFJQOPzPzRbCh2Q

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9185695205d36a986b6fbd479932766b7c33012cce3cb61ef8bafb7db22d6884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 22:10:12 GMT
x-content-type-options: nosniff
age: 144703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6591
x-xss-protection: 0
last-modified: Wed, 05 Apr 2023 08:22:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Aug 2024 22:10:12 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE47 0
20 B 156ms
155ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=798940765117&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE47 0
20 B 156ms
155ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=798940765117&version=m202307240101&ct=119&x=1&cor=2118599424577496000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AE47 88 KB
37 KB 132ms
131ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DgKyF-0m3_rDTymoe2XVUVtT3jiuYHXLQBnggUp-WXutyM9cWTJFohNOQ2Nr8O8_XMHPgrsHpboLzykwoDFVibmniQxa_OP_mm4wWfQts-EgwT6qanPK0q5a38C7sbI257a2Pnjw9hUrP5CzMPXxzvGzRWz49wTk3VRhiCUymGavqLGUU&cry=1&dbm_d=AKAmf-BG2JtF02njHEjX-w_hFesa0flM4bZNa4TzZ0hnwdN6PACR0Z7Z3jEAiyp7dK8U34JPCsPFs7mCBiwpY3xeyHLC6CBIAhiBj4qCt6q1n_qv7w2I9ZrEXT6VKYrHRWIziKe40rYLjDnv6tIQlysjInt10r5giD3a7vxL5aip7lnT1qF4UCDw8BzCDPRWNmoKsvBN1Eoef1SLMKiSw5Q8G5996YtflhU7OfAVbZ6Kr-89jRf1ZkMnO-5H5NZ1bIXhdnHqzq1c9DYQhGz99OJcc347W4Kj5Smv5rlfHo2qHNLsg3N-qEz1ZUkfZGOuY6Q9mrNchwJlhIL9AKbbwYmJI3dF7TkFc0LhPLroHA2E8LygrT0FMcljW88YxhPFSl63KVZ3HagEruZbdN3KiOkScu5jbnum94J83KG3HnoHwB4WyUPekZlFbe3lI-QF9xuWrZuKQWeH_JyvwJf0mHjWNn-doS4bfvi-0lKbGICTWl97RZBfk1lMQ8eS5_OFAk92kfAr2bvFx3bEyD_gF5JrMujMjcNbnmGx4HsJmLbuQxiVrFPMMWYlGXQr5ICYbGB936N_7Kocuh3VhpJzqw-ddkKpIp_W3qdKiu0wL-kYyZPCq68Wo7UR_Bh3VNcpTeW0QQ3J9pnmAI-Id8dTBS1vy5a-06R1LHlh4Tpv_8U7cYP6mpd1empdNzOIWLiKGH-EVTa5EZop7K3N5iWXgM4FJ0_KSZSd8Qd2ABtMo1OXCz7XOkYonprdLAg-mLaEWq5PJXreeqfVbNuUv3z6Gu9VrpfWHUNKlF_covf_WGCToMKJ9JELYcmYI0JYcJUAYsSCB7t-yg4TZZnS99oWjwT8OzBd0zMM7OAd0_kXSTQIA7-p39BxaAoK5aHAcdjxB7-JfrzCA8FebZi4kFvWpXHv4m3uyNbJUyoKud8jrS8Eel2U5GPJxvnxh5H2VBitDBYSICpGOdETLoc5JNnmvuaZr44LpNp6Sx9712SPLdaJ3Epdjs8rqWq3Zg4D22VX5MWsZmXCeb7FV5o0xFM0MDtkzxOwHS9__x0UPsYM1klcTZdNGuw_vSGXpshB4NfjBrE_QYCprP6v-JGG25gegKskmrBdrbTAWD4mGP3wUh6mYwn4nou0dSNtaQhUoJo00BubVCpjQvlpChWEJPjihuVkDpa5lTBBm3tUaiiwA_Q3hx-grQCCb-wGJCoKbbYatiwAkVA037vWn7yix2VxfIzIlKZf-FmIGLPKSLrglq-0XLorxFtfhSFV-7XPVZjiw8Mp-tNw0zKowwRhb0E1O6lXJ_x6Z47pieh1tfBTINLBQaGuSYJuQbqj90S4_w3KTfDTHwneLLKHEDr9FanyR8-mNSBthEOhgdDimmQIxLTZdhLeOZFejkyZ9wRuJkwC8R1SHgUBFeGXMsMi41s_lvTIWCy8mvsgHmdMar47vfppa0QRhYmDkyj4aguh47v2yeqcwsQqtpgGldEpJdjU9JbJZsY70jV2uJbsxLvNo_2gkN1BRFr-vbADFqv7du43qfkR37hW8E4TR0PXjOMnl1-Or0L_JFJ8DMbt2228RT1HXT0XQYJ9WdtU0wsIHeGhZEKacPi4Kz0zLMQvb7JaqHEDJBCli9fOlTLgPS3pCF2COjS_1VfVf5LARIEmLmX8pHx_BPRUCtHX5XC5vN6hovksslVA7eLtUgrK2MnL-0Ylj1CvO6y5Na-A8a41V7Vq-0kcLf1uVcqg2g2W5ZSqmhdper2rWZtRDa-UpCKq1XtFZGWa-u1ebnXLYt4beMgKu_jTsH6J39sNYZ857fSVqicaoRQSTSM5DEo6tlU1S0_iegGSbIt4rfBTP6wWPnYoh2djwcinReQ4tvdDKgdSsmL5kYwBCWgDmCLNPZd4W8BZxs66DbiLfwOwzY_abegxE02p2uOTmwbJQVWPKAlPCizoqcotZggh3iBMgozMX35Q5PMaSMOVuh-JnyfVrJW8JUVQ7rjmW0EjhTUmrIb57np0LS6xIdq-SHU3-5J-O0M-Iw_Qj1OU9Q_iexclanPLjkTrreauT6zrqnfFcxrIrVbnpcImpfCTXvMAPsUsivNIH9Av61opbLReCcwX3lEDw16LwpHKJnkBuYvTu14ennuZbViV5dzoIdwDmWrF8Q1xfOgayYgz2-hmkpZZsroUmgWNkMGEwZr_dBrl6ipQsYdDoWlouDlTgnrVHSdjEfAguGWKNJeY0F3CLRrF4l5S2RVtctrxKfMPZZ-S0xRu6Qn4twDMy1lWW0Mp30iNClTd6a5lda3HVvnBuFFUAjd1ekg6c16_MQsFYIVb0qLKJ8WVZaGI3QqUWO4YWo-z_LsYmpbyyWYJhTtbZSQjfWGjc8bbGqNUqlPlA-FN1fMdJWHCoFSevYvi20h19-W4a1MetibzsZajtmdpF4MECau7umTpidkW4hYQwaom5CMVqweE7KnNspsvCj613vTD56KZ8dLbioV-qzmVWIlVs6NYSqz0oo8-kws_4Nrz8jQHIl9j9INNWtU6D1x4xTYPuYIx9TeQyIdJOrNcNMulMfeFr7NJxnJIZGkfVpYfj6E7ZFmCap9hoQBOQUSLf76GyjH7QkTrc67VDr_u_7utrrgkXfZDmXzKqbITn1mUtXmH8gs4r1Rno8iadCCVJdIbUJRJR9c7P6vlDTAWq7FhRzJANRJCIEw6-INO4vo4iAOMlh5xqKcIDXgYy7mqYk_Lq2nrgLBEUnGnWZafHir6WC0KWIUdGEvc-PRuZwXsWvriKnbRIbHgbq4jCq4M2-YOSE1B4PeGYhQcsDxe3NcwO4pLv1RH29YNd9KO6PPZJDPx_BI01N-VrTlY8HbASPngvsmNMCKxyoQX0w9Tzsi0Z8LOB6LF8LztYYjMBdwwrOGQ4rkoQ1dAohXo8cbz7ImM8BHRPz9zsPwTYDuR7_P_CIEGGzsYp0gsvT3TBZ7RRCs6KM4l4Y8KUPTEQckNRb6yzvhDO0pZdVKJnK8mPy49OjVfWvbPBNkIFW5jWJeJTOJx_pYvig_LIWINlYG_sxnQWSq6noIIUrvmpd1NkjlTk3N8cQv0kM8UghwqDUfDg33ddpe-Qe8jbSpSnxk-NwGHj95_FUcXIShXVc-B_6lOwD2yBwpBEnzuaIi1stqDRnSDIt768iIGL3Loi8Ht77eIhfHvAnPZzesjNKrPEkm968fcdBTQXNxsJfoUNgCn20LN7RIE8KLgaoxOmJv388f_Ag-w8K-qOwGl-eQtJyZCC3JMYlpfzp_B0R3qN7ymIt9X4bKZOQGLaaoVTCDFOPLBFEiWsDlo0fsCWqRsT5G2RRrepnHXAW-QS1gsevrUNnCEtCSwxjR0vMte3OjrS7QIhyLiC04y-8PoJUZEzvKQX35EXOEmMzkJIxg9PuvGSkzXvBq_NqFYMz46y1Jr5ExqbfLeNw3H24imS7kIpbzH9k7ooX1pkSqknG9HpP2ZNtZhs4cpNbFTTjxejP1vTbbAT5_tqfDvgIRfTVAOFOHS5IQpaI-xafB6AKpe3QWiH8JRH7QfnQi-EXdyf5uldOkcL6SL0yocZxg6zPBU4FGFNjDZoFjYXNNsDVoY9XdYqBSXFnllmRVuAroMSahslSH-8kJqztp-NjoRsvlO3zJlerSIYjJRc0SFNV_Cwpz2EJGJIeNkHGdk4ePqbAdJxEnPGVsqmTEtl8v6914hV6teBQRwtsTwVuJfNWWpH-VZl6Ld5lrxfCuUem-ekB8ZovsJjNHYVqOTbd9ZDF4IAzDqdy4zj0akLMSnmo8cARrsnao6ugVl6Na4n3tFLHWFb_WIYkSPA18tnc5zggOgRbZqYa6a7MCJ5SzXOXQ1U0evc3gqaDfOGwkDy9k7YTbDzrdlN0wjSBF08w7FgJhlx4KCjqXHzGp5gaoR7V89RsQeHTIyD69IUoZxcvFvMBmLIzHvQEImixpFk9B87HtPAVlzYdc5Hg2K5_tLsmYPuOIzaRmPn056eqtMp2aRxOh-veDz_R20-2qRidLdlB6J7awDHEgyZkz4ccvKnYWNeMfOHGOMKTwJ0PJiv9Xjaw&cid=CAQSTABpAlJWFzze-18_MbgG_v73lTtX0wUqzhxx0AVAMyVWZLgszc53aKZA_wkMxNThzeUILrsD6NgN0oc3vjOZW0fvGUZdvHvYP1_OTTUYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.phoneworld.com.pk%2F&ds=l&xdt=1&iif=1&cor=2118599424577496000&adk=2228999115&idt=225&cac=0&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b27f659d7904360df7cce9db947261b2b193cc8763af5c2d0560ebf1b6e14054

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37382
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame AA13
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

71ms
71ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

date: Sun, 20 Aug 2023 14:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AA13 0
0 100ms
100ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CGOKIgiHiZLXPMJ6J9u8PnpSrsAq2lIOycu2avcfJEdrZHhABINvrhCdglfrwgYwHoAGl-8yuAsgBAuACAKgDAcgDCKoEvgJP0CHzeKAcdlOgy68cNJ2KThsziub-E58jWqO2uVlfHY0y3mybhc4d5suX7uyrwyYgprZLNp3fQrxotb1byO2wYXdSmuWWrGVZGI7KH7I-f6nJENX16ZjT98yGVMY8jyYRQHG5JCzN2Mrz9uDsT4hRKNaRTIXkX8dhIwOXcReksBF4bWciwKXK4shydT99rovGZW_RWbNreq6EFGdigmcYDOw0fkk1C9h-ml6r4vwUHWNF32Wr0pGCx4u7aIiPTfDaONsK75mz5K-bgQBLHMdkrD5sNMMsn0l44SToRVY5mJ4gZ8NZFVoTQ3KiGXnJtcbHZR2AR2LNO4VlWfbDBkQ6dM5kHHFJOcqbt06Mot59MdbMwShFg8EC62c9FZz0OSu74OEhazydy9jk3-6rYhCf4xwt6-Dv84a2pw4-VAnABOuxuJOyBOAEAZIFBAgEGAGSBQQIBRgEoAYCgAeSqIDWAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIjoB9IIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCbUBaHR0cHM6Ly93d3cud29ya2l2YS5jb20vdWsvP3V0bV9tZWRpdW09QWR2ZXJ0aXNpbmcmdXRtX3R5cGU9UHJvZ3JhbW1hdGljJnV0bV9zb3VyY2U9R0ROJnV0bV9jYW1wYWlnbj1CcmFuZCZ1dG1fY29udGVudD1EaXNwbGF5JnV0bV9zb2x1dGlvbj1QTFRGTSZ1dG1fZ2VvPUVNRUEtREFDSCZ1dG1fc2VnbWVudD1CcmFuZIAKAcgLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi03NDU3NTk3Njc4MTcyODM1GPvSHA&sigh=Omqc72JdnlQ&uach_m=[]&ase=2&cid=CAQSTABpAlJWNt43sm2UnwRKvNF3zd_zFRhVzT_Zlnsc4gr8k_JaFjk_JFpcMKinLEQPfWCfq8ce98OpkUbk7HzEL-bbteYAjK4qeKCd6TMYAQ&cbvp=2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame AE47 111 KB
39 KB 209ms
58ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
Origin: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 10:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12405
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 21 Aug 2023 10:55:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/ Frame AE47 11 KB
4 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DgKyF-0m3_rDTymoe2XVUVtT3jiuYHXLQBnggUp-WXutyM9cWTJFohNOQ2Nr8O8_XMHPgrsHpboLzykwoDFVibmniQxa_OP_mm4wWfQts-EgwT6qanPK0q5a38C7sbI257a2Pnjw9hUrP5CzMPXxzvGzRWz49wTk3VRhiCUymGavqLGUU&cry=1&dbm_d=AKAmf-BG2JtF02njHEjX-w_hFesa0flM4bZNa4TzZ0hnwdN6PACR0Z7Z3jEAiyp7dK8U34JPCsPFs7mCBiwpY3xeyHLC6CBIAhiBj4qCt6q1n_qv7w2I9ZrEXT6VKYrHRWIziKe40rYLjDnv6tIQlysjInt10r5giD3a7vxL5aip7lnT1qF4UCDw8BzCDPRWNmoKsvBN1Eoef1SLMKiSw5Q8G5996YtflhU7OfAVbZ6Kr-89jRf1ZkMnO-5H5NZ1bIXhdnHqzq1c9DYQhGz99OJcc347W4Kj5Smv5rlfHo2qHNLsg3N-qEz1ZUkfZGOuY6Q9mrNchwJlhIL9AKbbwYmJI3dF7TkFc0LhPLroHA2E8LygrT0FMcljW88YxhPFSl63KVZ3HagEruZbdN3KiOkScu5jbnum94J83KG3HnoHwB4WyUPekZlFbe3lI-QF9xuWrZuKQWeH_JyvwJf0mHjWNn-doS4bfvi-0lKbGICTWl97RZBfk1lMQ8eS5_OFAk92kfAr2bvFx3bEyD_gF5JrMujMjcNbnmGx4HsJmLbuQxiVrFPMMWYlGXQr5ICYbGB936N_7Kocuh3VhpJzqw-ddkKpIp_W3qdKiu0wL-kYyZPCq68Wo7UR_Bh3VNcpTeW0QQ3J9pnmAI-Id8dTBS1vy5a-06R1LHlh4Tpv_8U7cYP6mpd1empdNzOIWLiKGH-EVTa5EZop7K3N5iWXgM4FJ0_KSZSd8Qd2ABtMo1OXCz7XOkYonprdLAg-mLaEWq5PJXreeqfVbNuUv3z6Gu9VrpfWHUNKlF_covf_WGCToMKJ9JELYcmYI0JYcJUAYsSCB7t-yg4TZZnS99oWjwT8OzBd0zMM7OAd0_kXSTQIA7-p39BxaAoK5aHAcdjxB7-JfrzCA8FebZi4kFvWpXHv4m3uyNbJUyoKud8jrS8Eel2U5GPJxvnxh5H2VBitDBYSICpGOdETLoc5JNnmvuaZr44LpNp6Sx9712SPLdaJ3Epdjs8rqWq3Zg4D22VX5MWsZmXCeb7FV5o0xFM0MDtkzxOwHS9__x0UPsYM1klcTZdNGuw_vSGXpshB4NfjBrE_QYCprP6v-JGG25gegKskmrBdrbTAWD4mGP3wUh6mYwn4nou0dSNtaQhUoJo00BubVCpjQvlpChWEJPjihuVkDpa5lTBBm3tUaiiwA_Q3hx-grQCCb-wGJCoKbbYatiwAkVA037vWn7yix2VxfIzIlKZf-FmIGLPKSLrglq-0XLorxFtfhSFV-7XPVZjiw8Mp-tNw0zKowwRhb0E1O6lXJ_x6Z47pieh1tfBTINLBQaGuSYJuQbqj90S4_w3KTfDTHwneLLKHEDr9FanyR8-mNSBthEOhgdDimmQIxLTZdhLeOZFejkyZ9wRuJkwC8R1SHgUBFeGXMsMi41s_lvTIWCy8mvsgHmdMar47vfppa0QRhYmDkyj4aguh47v2yeqcwsQqtpgGldEpJdjU9JbJZsY70jV2uJbsxLvNo_2gkN1BRFr-vbADFqv7du43qfkR37hW8E4TR0PXjOMnl1-Or0L_JFJ8DMbt2228RT1HXT0XQYJ9WdtU0wsIHeGhZEKacPi4Kz0zLMQvb7JaqHEDJBCli9fOlTLgPS3pCF2COjS_1VfVf5LARIEmLmX8pHx_BPRUCtHX5XC5vN6hovksslVA7eLtUgrK2MnL-0Ylj1CvO6y5Na-A8a41V7Vq-0kcLf1uVcqg2g2W5ZSqmhdper2rWZtRDa-UpCKq1XtFZGWa-u1ebnXLYt4beMgKu_jTsH6J39sNYZ857fSVqicaoRQSTSM5DEo6tlU1S0_iegGSbIt4rfBTP6wWPnYoh2djwcinReQ4tvdDKgdSsmL5kYwBCWgDmCLNPZd4W8BZxs66DbiLfwOwzY_abegxE02p2uOTmwbJQVWPKAlPCizoqcotZggh3iBMgozMX35Q5PMaSMOVuh-JnyfVrJW8JUVQ7rjmW0EjhTUmrIb57np0LS6xIdq-SHU3-5J-O0M-Iw_Qj1OU9Q_iexclanPLjkTrreauT6zrqnfFcxrIrVbnpcImpfCTXvMAPsUsivNIH9Av61opbLReCcwX3lEDw16LwpHKJnkBuYvTu14ennuZbViV5dzoIdwDmWrF8Q1xfOgayYgz2-hmkpZZsroUmgWNkMGEwZr_dBrl6ipQsYdDoWlouDlTgnrVHSdjEfAguGWKNJeY0F3CLRrF4l5S2RVtctrxKfMPZZ-S0xRu6Qn4twDMy1lWW0Mp30iNClTd6a5lda3HVvnBuFFUAjd1ekg6c16_MQsFYIVb0qLKJ8WVZaGI3QqUWO4YWo-z_LsYmpbyyWYJhTtbZSQjfWGjc8bbGqNUqlPlA-FN1fMdJWHCoFSevYvi20h19-W4a1MetibzsZajtmdpF4MECau7umTpidkW4hYQwaom5CMVqweE7KnNspsvCj613vTD56KZ8dLbioV-qzmVWIlVs6NYSqz0oo8-kws_4Nrz8jQHIl9j9INNWtU6D1x4xTYPuYIx9TeQyIdJOrNcNMulMfeFr7NJxnJIZGkfVpYfj6E7ZFmCap9hoQBOQUSLf76GyjH7QkTrc67VDr_u_7utrrgkXfZDmXzKqbITn1mUtXmH8gs4r1Rno8iadCCVJdIbUJRJR9c7P6vlDTAWq7FhRzJANRJCIEw6-INO4vo4iAOMlh5xqKcIDXgYy7mqYk_Lq2nrgLBEUnGnWZafHir6WC0KWIUdGEvc-PRuZwXsWvriKnbRIbHgbq4jCq4M2-YOSE1B4PeGYhQcsDxe3NcwO4pLv1RH29YNd9KO6PPZJDPx_BI01N-VrTlY8HbASPngvsmNMCKxyoQX0w9Tzsi0Z8LOB6LF8LztYYjMBdwwrOGQ4rkoQ1dAohXo8cbz7ImM8BHRPz9zsPwTYDuR7_P_CIEGGzsYp0gsvT3TBZ7RRCs6KM4l4Y8KUPTEQckNRb6yzvhDO0pZdVKJnK8mPy49OjVfWvbPBNkIFW5jWJeJTOJx_pYvig_LIWINlYG_sxnQWSq6noIIUrvmpd1NkjlTk3N8cQv0kM8UghwqDUfDg33ddpe-Qe8jbSpSnxk-NwGHj95_FUcXIShXVc-B_6lOwD2yBwpBEnzuaIi1stqDRnSDIt768iIGL3Loi8Ht77eIhfHvAnPZzesjNKrPEkm968fcdBTQXNxsJfoUNgCn20LN7RIE8KLgaoxOmJv388f_Ag-w8K-qOwGl-eQtJyZCC3JMYlpfzp_B0R3qN7ymIt9X4bKZOQGLaaoVTCDFOPLBFEiWsDlo0fsCWqRsT5G2RRrepnHXAW-QS1gsevrUNnCEtCSwxjR0vMte3OjrS7QIhyLiC04y-8PoJUZEzvKQX35EXOEmMzkJIxg9PuvGSkzXvBq_NqFYMz46y1Jr5ExqbfLeNw3H24imS7kIpbzH9k7ooX1pkSqknG9HpP2ZNtZhs4cpNbFTTjxejP1vTbbAT5_tqfDvgIRfTVAOFOHS5IQpaI-xafB6AKpe3QWiH8JRH7QfnQi-EXdyf5uldOkcL6SL0yocZxg6zPBU4FGFNjDZoFjYXNNsDVoY9XdYqBSXFnllmRVuAroMSahslSH-8kJqztp-NjoRsvlO3zJlerSIYjJRc0SFNV_Cwpz2EJGJIeNkHGdk4ePqbAdJxEnPGVsqmTEtl8v6914hV6teBQRwtsTwVuJfNWWpH-VZl6Ld5lrxfCuUem-ekB8ZovsJjNHYVqOTbd9ZDF4IAzDqdy4zj0akLMSnmo8cARrsnao6ugVl6Na4n3tFLHWFb_WIYkSPA18tnc5zggOgRbZqYa6a7MCJ5SzXOXQ1U0evc3gqaDfOGwkDy9k7YTbDzrdlN0wjSBF08w7FgJhlx4KCjqXHzGp5gaoR7V89RsQeHTIyD69IUoZxcvFvMBmLIzHvQEImixpFk9B87HtPAVlzYdc5Hg2K5_tLsmYPuOIzaRmPn056eqtMp2aRxOh-veDz_R20-2qRidLdlB6J7awDHEgyZkz4ccvKnYWNeMfOHGOMKTwJ0PJiv9Xjaw&cid=CAQSTABpAlJWFzze-18_MbgG_v73lTtX0wUqzhxx0AVAMyVWZLgszc53aKZA_wkMxNThzeUILrsD6NgN0oc3vjOZW0fvGUZdvHvYP1_OTTUYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.phoneworld.com.pk%2F&ds=l&xdt=1&iif=1&cor=2118599424577496000&adk=2228999115&idt=225&cac=0&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 11:34:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 11:34:54 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame AE47 30 KB
11 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ae072b67edb6016f6425f5d59b9ffd393f38f1d631d108a6dd05339cc726835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 14:28:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11536
x-xss-protection: 0
server: cafe
etag: 2200807439755941123
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Sep 2023 14:28:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AE47 41 KB
13 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 03:22:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39561
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 19 Aug 2024 03:22:34 GMT

GET
DATA 200
OK truncated
/ Frame AE47 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a3f8eb176c341e402ff8e8c137e70723f6a49a4a06d662e329ce0d359f59a00

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DC17 22 KB
8 KB 55ms
54ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 159970
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 17:55:45 GMT
expires: Sat, 17 Aug 2024 17:55:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 -jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js Show response
pagead2.googlesyndication.com/bg/ Frame DC17 37 KB
14 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa377f05c276fe6b8779b9dae9a33eb78070009a8df373671778439bcdd13d9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 09:42:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14691
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 19 Aug 2024 09:42:51 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 161ms
160ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308150101&jk=3924240903733991&bg=!FBelF0PNAAZGPLJIZjw7ADkAdvg8Whe37tM-8oVzfKp0_P5n_ZoKk6A96gDOcos72TuJ0dA-DnxjWqbCRpD005tDHUdgMT_hCnwCAAAAu1IAAAAJaAEHCgCz3GgeXH6BelvSGEQSqlfetOkp_T31-0A52fhGIaBMxJluYHuIYaEyCC62ZyFoMJHG_t_AOE-LOfWLScyfVMJFfE1BDTJmv2PxUcSiK8ku2q7v3yI913Kc5s8uq8yQf_DyB5cIqtHX1-_qi6TPW291u2lUfY7w79cYwx0H4Hrr_Hc_XkriSx8Vc4g1FJ60XcMuwN7Jlggefpx0pmuCFPiiVfuTktfGe7W71uBftXHSNIh7SBKZAtBinpGIVjNd74Z8CGJxvhXwynn_RHBLQWRvmWp0cgPDXpHNQHuTWVvZh2Vq8nsMHkA43iXGGYV8-eiIReyXcv_NcLiIuZFfnFqFeNA1m_XBEcU3zmC-poNaNZmuR8VE1NoZeiG1J1Th4WKc7UkJqpRrAUPHP5fecmHUxJ3-dpBtVRuUUSmLXM5NWHehx2OFt_qS6TeKv3tTy9FS3o1wcIKCbYm-TS5soVgxkLodGQQakfQ8bKvJYjRSPSdy0KLGEUJHwpSvvH1jlJfieGYrAK0cz1mLBzrAEsM1uvvq5QUqyerhepW7CubU0DtGp3JNbIzizpxCl8hIVXURNJDyRajhnTRHOuCLorS9hGM88Up-v8I_FQvEx3_37aa20rYhgumDdbEFOM2ONHP7TGQ2RZAtXZQKKPK7Pv8gMsexgiJ2u1naY3-UH1vzHmyKKuVlgTK90AGmQH0rcHC_3TJDHQyCN86WKuY44b_kS39XK-VscPdCpmpbx8J5EIRdnAgPtzzdxAtuGdm8Jl9rrw33t6ml1GFZpFyOg7VpPX3SN1sun8GQ3djtzaTv5cgRnuJqNsQjuhckarukdZHAE6Er8QNwBNdP1v_eD3kyxd5yV1Vr180sr_qXNC69gIFSyytRd_jP5rxm5PwXdR9F7IacxpC2dY_5Ph2uTPis9Am_ott8Dyco3WuTocIjkIYUVeDAsNImKgIYcOXAXgi6Sak3GC8CbGSJf2_RfmwmK8SPDl4767Fs1eAjIU7x7UNBqx4jx5IKvWxdnpZV_6i1uIfhvl6eMoHeixz1ZSeZORLp924JsEI3KMelJlKVY0h1jEjlPtUlCss9mg5NZpSAgyTPqQ3ieUPeaEsgyeOAp-CZX6mpZvtiN4Ej0VMsWPPKV6aitKsN3DHSUGHukmGNfXK5ZcjPSRoalVbYyvl_4I7S6YDGTpgt_JxqL3BsrSRz_PLnwG4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 79 KB
20 KB 176ms
58ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c07b1e50faa9158886dac5e0e67c9faffc109683bf627774f220037d320f8f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 534137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20309
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 14 Aug 2023 09:59:38 GMT
expires: Tue, 13 Aug 2024 09:59:38 GMT
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE47 0
0 383ms
210ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvpqzuuV-pivAECeEvFdofvPQwhIgapJeflGgdcb9QyBY5PALToBf8eHLpz05o2VdIXd4KyiiSDZ-ifd7kQwRWWCf_QHGPS_xdLS-IjEu1SuJqi7X2snR_SHjAJQf3_73KZtKk2FnbRABx-jH9zsONLSu5sNKtXk5kKZL8hD8LZGHpiz6iMyd0GMmmq0EZSntelO754gKJBJPcmLv5Y35NH8qSpD8Blc431M4T885PYPHtSj1HT7BUAwij25kvYk9fyZBqcllXxwlCF2hADNIVR6E-dwOtLIp0LX6C4kJhKlsUeLGQkP1-knUMLohchyKmTHoTvkrogOa-nzdyuaBDZHYQg4lf45qlci1tLtopVqNWHdzcetGadlEYNuplweKZrU3nNP2ykU1-2cIP_9YO7UvcRoA66TtRnCAzJc17QYQRr4NM6V2Frzl8uhUj_lA5n_SA-6Ns_b8gfK8hP6lpL8imabxuvgflMJNn9HJK9fjkZKs-Fpo-yiSw4k_ZdHv06T0KgBlbcDVdOyBasBjt0AizMd1SR0hE_zs1zed9fQ9viuK3dH7YlfNDtmOnNTGxNTuMpP3IAot6VP90s5oEvhXQtBLuTQLEGOJEMMqYhgc4LP5PPDzffl7ZbTjVXp18PAqR3KbMGY6nFoKyqc9knexP0wqW7BN21KYBh0L-AqyzJhf404Y1vbnp-Sij26vXSq1-qvtHKfKYgBkq33rPCUm82Ly3l9H7m6WlNj0kuWNFEW-E7VqzLbFegLa6DzNMwfeCxlK2CGaaDk-Bd9xrIe0GkKq1sSPUCPdH83WWIOyHgBytIxkufpSy8mmJFvL2D6TTkh2zD5UiKS45lvU0sUb_Dj5PoZEJe6jeVelbE6drewjz6NOgSLDF4UVwUj4uKCAltezS-FpLU2TuULyuKReHRU2s5cDopMB_Eoph5Oo4oBkkD2rqIcBQdDLCr8bzX8k938Cb8aXzZVqPKk8sqmYsFQ-W6Q4kIm1TbQ1MtF0OywEBGvb0QXfXZhVHna0_-bSiKi6cym3swk_3eY5gv-557UnJDg48Asn6tBbmige4juc3ZX1IBO0CphvoOLF4VPLKVYvHZJqOsgJvmS6LuE2gXD7XDyxgyK9cwaNoO9Z0CADofN4htOcW9trJfkiySzIyqcR7tnIgukkbVcMf7H7nyfrbVBA_dYqL5NJo5RTMlwZki9fYGpCIfWx9TnnOYLxmyIfg5EHThyOunC7ohjbg--hJ5E5eHswC82NH8FskXQ2dQ6ivBc4CgHF-s4g0Vn8q7vsMmtg&sai=AMfl-YRY0DGrDAD92B2LXH1uLMMx4MVLxFdDp7w1Cn9bGYlnbB2H3Zr7ETjeC5gmpEwlkem1GmK2UorQApGDp7jQHBta3Nr7piHNnktNoxXXkfREyCwaGVcqABTRfE9QsfBhA3HzGJosXBn3lWGfzkZlAz918DEREIEUpQe3dVGK2Ap9Z2NTa9zFaT4alySOesLMzQPiYz8XTj_uYFCtWK4R--0PSaCyTvFfkIJTK3b9MzHLlfw60EIXrxcspSv0dtkYBQjoSVjWXi2aU6UyHQIlOSbdNiV1APO4PdXt&sig=Cg0ArKJSzJCliSJftmXSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=295&cbvp=1&cstd=292&cisv=r20230816.31883&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 20 Aug 2023 14:21:56 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 20 Aug 2023 14:21:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC17 0
20 B 162ms
162ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBhCmgyHiZODCEZ2LjuwP6cqw-AsAAAAAOAHgBAI&bg=!FRalFkLNAAZGPLJIZjw7ADkAdvg8Wm4SA48aRgEWdXU38oFGoQ8qgIm3vhcZuiJaoBJezaiMqyj9kMRPbdSQFn_VQ-G6RVfZs5sCAAAAelIAAAAGaAEHmQMXS8zNHlGNqdbPChobE0UCLims6G9YZLvlZB2Ag_kMTblP9lySA5yXG-lGo_aWPllKSHWs7TPWVKrs2nIeNlU9HLuFhdr9hrBwIa7m7AbbSVTz6xV7Q1lRDN3z6TdDFalRZ3mqWTfI_qr0gzFqlEWwWn1oQcYy7eMoPJRg2wsS9mLKrJXhkHex6ADb-fczms20q8GtRhx5ZYRm5uW2OL6acdAER0G9G3zwRRSbIqEDqbIxe1eP53McKPJYgSLKPLgGH8-hpjUBDM2nGYvrkawjunXvvotKSpWnY3H3HRJfzI1NjR11wSpOugvqYYYxIXX2cTLM2QOeQwEBEP68cSz_lqfSY3rj2Dx9Scc2DCZOwHzKknRB2KUIIvfQTU3W5H-gutAqUITkRm60JH1n-RFZ0Tep9NlzJRNqhNN7FAtXqCK39OcPn5M_9zmBCJCM1aJJyW9I8-sqPBTcF4Vu5RSWLK4jOELbpky16MnxU54wMRzxMXzEOTon8cL9dCSOtfZjO2omMCbl4QRhMXqcHeiV8CS1mL8dT79hxUgaUUkjXboNfnk3qEhC-JLLdgogMwhlgpfv_v2hIQWcZRm6obckmWPMqgjVeBAkB3XfS4Za46ptPY8NTS3wvDdF5LOPkzdaZVki5yRyboc1Cr6OxUkJ1rw0-4Eyv4rRM_SVmjyxdEN3U_Y6Fk5-71Gzig5WqRD2sDQMUff3OARE1be9G4a_en1t5Baa6VMq6tocuapGaftVDQyvJcYLKCLSCcGf--6EJow7hqt03NpvhvsW-GLxn8EE4LfDClitx1c9b3JlBAzQSkUZDgIJTMBg8e8O930qUxb0IWbGgY-9dIPz14bDVDT0BrdywUsqDgU2Vbje_JJvcYJ57VQK5tM8_iAtikdktOow9LsU-UQbzZFZ8rUmQ12ffAdMQEgCFJMwDQVsW40F7GG_nUbEvNqjCezhKfIsbBWpI78hf1aXAQUIl1kOIrrRRFg3n5GTWX0IciITa0FrbRioUTVyLrz0CgtfZuCZDpOzH_BJXXP_RcMO_vWSeeu2aHtTMt8

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame C28E 222 KB
61 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:31 GMT
age: 479184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:31 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame C28E 15 KB
5 KB 127ms
126ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:23 GMT
age: 479192
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:23 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame C28E 94 KB
28 KB 131ms
129ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 10:46:54 GMT
age: 444901
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 10:46:54 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame C28E 5 KB
2 KB 147ms
145ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508255
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame C28E 40 KB
13 KB 148ms
146ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508255
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C28E 2 KB
2 KB 55ms
54ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:26:59 GMT
x-content-type-options: nosniff
server: cafe
age: 60896
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:26:59 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C28E 295 B
319 B 56ms
55ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:40:34 GMT
x-content-type-options: nosniff
server: cafe
age: 60081
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:40:34 GMT

GET
DATA 200
OK truncated
/ Frame C28E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26c64d96f1e6b0bf39cfa0a07e9fa4097e7c2c187bc250fe2ee7a4542adc7b85

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 10539981081659393787
tpc.googlesyndication.com/simgad/ Frame C28E 49 KB
49 KB 55ms
55ms Image
image/gif 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10539981081659393787

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4516cc723dd9131ac3dcaaa82e7543f867d5318c291252460b9b2d1426a05028

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 11:12:46 GMT
x-content-type-options: nosniff
age: 97749
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49695
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 11:52:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Aug 2024 11:12:46 GMT

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 5E0F 32 KB
11 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 06:58:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26635
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 21 Aug 2023 06:58:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame CB1A 42 B
64 B 164ms
163ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsueSkFYbV9OL1TsnPf1u3b9mpje3OhtoIbFIQoHboO0lczv6gq-z432XYLK1a6ibmS7Lg1kp9rwIujfkXqQxpl2aslSoA0L1_usc2EIODg7CRHWMF498I-sardl7G52Gsy9pN5Bvo5alZl1&sai=AMfl-YSrfi5MMb7-WtE8eekbGwTIArpkrac5kfSIMtrO08CPF42Dmvg18YMFRgtcf_SMRIhFkSRZgu90nKrw8hIAjNRErfoFKghcRxsBq-Yhdz2pbUIjTQwPRz4m5q5M2opn-jr4Ddp2su0793xs&sig=Cg0ArKJSzLqO50Sv6ieHEAE&cid=CAQSSwBpAlJW82o6rjU_jgyW5Zr851_aNECO0dZEu6IOK45js6iSXvDs0trsOr1SVJU8RrZNIPq4UpM1PkmgMYNqy3ngzG9qiwN7Z6Q1bhgB&id=ampim&o=1050,241&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=579&tls=1579&g=100&h=100&tt=1579&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE47 0
0 196ms
195ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvpqzuuV-pivAECeEvFdofvPQwhIgapJeflGgdcb9QyBY5PALToBf8eHLpz05o2VdIXd4KyiiSDZ-ifd7kQwRWWCf_QHGPS_xdLS-IjEu1SuJqi7X2snR_SHjAJQf3_73KZtKk2FnbRABx-jH9zsONLSu5sNKtXk5kKZL8hD8LZGHpiz6iMyd0GMmmq0EZSntelO754gKJBJPcmLv5Y35NH8qSpD8Blc431M4T885PYPHtSj1HT7BUAwij25kvYk9fyZBqcllXxwlCF2hADNIVR6E-dwOtLIp0LX6C4kJhKlsUeLGQkP1-knUMLohchyKmTHoTvkrogOa-nzdyuaBDZHYQg4lf45qlci1tLtopVqNWHdzcetGadlEYNuplweKZrU3nNP2ykU1-2cIP_9YO7UvcRoA66TtRnCAzJc17QYQRr4NM6V2Frzl8uhUj_lA5n_SA-6Ns_b8gfK8hP6lpL8imabxuvgflMJNn9HJK9fjkZKs-Fpo-yiSw4k_ZdHv06T0KgBlbcDVdOyBasBjt0AizMd1SR0hE_zs1zed9fQ9viuK3dH7YlfNDtmOnNTGxNTuMpP3IAot6VP90s5oEvhXQtBLuTQLEGOJEMMqYhgc4LP5PPDzffl7ZbTjVXp18PAqR3KbMGY6nFoKyqc9knexP0wqW7BN21KYBh0L-AqyzJhf404Y1vbnp-Sij26vXSq1-qvtHKfKYgBkq33rPCUm82Ly3l9H7m6WlNj0kuWNFEW-E7VqzLbFegLa6DzNMwfeCxlK2CGaaDk-Bd9xrIe0GkKq1sSPUCPdH83WWIOyHgBytIxkufpSy8mmJFvL2D6TTkh2zD5UiKS45lvU0sUb_Dj5PoZEJe6jeVelbE6drewjz6NOgSLDF4UVwUj4uKCAltezS-FpLU2TuULyuKReHRU2s5cDopMB_Eoph5Oo4oBkkD2rqIcBQdDLCr8bzX8k938Cb8aXzZVqPKk8sqmYsFQ-W6Q4kIm1TbQ1MtF0OywEBGvb0QXfXZhVHna0_-bSiKi6cym3swk_3eY5gv-557UnJDg48Asn6tBbmige4juc3ZX1IBO0CphvoOLF4VPLKVYvHZJqOsgJvmS6LuE2gXD7XDyxgyK9cwaNoO9Z0CADofN4htOcW9trJfkiySzIyqcR7tnIgukkbVcMf7H7nyfrbVBA_dYqL5NJo5RTMlwZki9fYGpCIfWx9TnnOYLxmyIfg5EHThyOunC7ohjbg--hJ5E5eHswC82NH8FskXQ2dQ6ivBc4CgHF-s4g0Vn8q7vsMmtg&sai=AMfl-YRY0DGrDAD92B2LXH1uLMMx4MVLxFdDp7w1Cn9bGYlnbB2H3Zr7ETjeC5gmpEwlkem1GmK2UorQApGDp7jQHBta3Nr7piHNnktNoxXXkfREyCwaGVcqABTRfE9QsfBhA3HzGJosXBn3lWGfzkZlAz918DEREIEUpQe3dVGK2Ap9Z2NTa9zFaT4alySOesLMzQPiYz8XTj_uYFCtWK4R--0PSaCyTvFfkIJTK3b9MzHLlfw60EIXrxcspSv0dtkYBQjoSVjWXi2aU6UyHQIlOSbdNiV1APO4PdXt&sig=Cg0ArKJSzJCliSJftmXSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=617&vt=11&dtpt=322&dett=3&cstd=292&cisv=r20230816.31883&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 20 Aug 2023 14:21:56 GMT

GET
H3 200 728X90-frame7-button.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 3 KB
4 KB 59ms
59ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame7-button.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b29e8b1059c2d78ecd33ff1ecb321e1a273f2852380a58d63792c5f27b5dc62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 09:59:38 GMT
x-content-type-options: nosniff
age: 534138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3569
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Aug 2024 09:59:38 GMT

GET
H3 200 728X90-frame6-iban.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 6 KB
6 KB 60ms
59ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame6-iban.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd659262a82c92ee88bbabc0eeceba10620d4b44fe44596a5071d84acc93304d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 09:59:38 GMT
x-content-type-options: nosniff
age: 534138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5892
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Aug 2024 09:59:38 GMT

GET
H3 200 728X90-frame5-card.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 12 KB
12 KB 63ms
61ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame5-card.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

207b93ec2e2810009c99240d2ef634d038579a139cd8d918fdb1c852e5b2e990

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 09:59:38 GMT
x-content-type-options: nosniff
age: 534138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12389
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Aug 2024 09:59:38 GMT

GET
H3 200 728X90-frame4-phone.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 11 KB
11 KB 79ms
78ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame4-phone.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9adc0522c6782e4a8caaf6b59fa230d3dfec6b62833db257e10ef90995a70c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Wed, 16 Aug 2023 02:27:44 GMT
x-content-type-options: nosniff
age: 388452
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11676
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Aug 2024 02:27:44 GMT

GET
H3 200 728X90-frame3.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 5 KB
5 KB 103ms
101ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5fb5adab00e9f94b67f64699cd8770cb2b3ad364eed400e04250953e08776d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 09:59:38 GMT
x-content-type-options: nosniff
age: 534138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4628
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Aug 2024 09:59:38 GMT

GET
H3 200 728X90-frame2.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 7 KB
7 KB 93ms
92ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c2d603af8c23ee6c9951b1fdd859b2cb482310c88b56d5da74972e3e6d8b9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 09:59:38 GMT
x-content-type-options: nosniff
age: 534138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7069
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Aug 2024 09:59:38 GMT

GET
H3 200 728X90-frame1.png
s0.2mdn.net/sadbundle/13489784193996717068/ Frame 5E0F 3 KB
3 KB 108ms
107ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13489784193996717068/728X90-frame1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13c3e69e4153f8ffa3a72b1f9931ff2ad2a31fe8da270d4a4c15110e4bbf253b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13489784193996717068/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 09:59:38 GMT
x-content-type-options: nosniff
age: 534138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2864
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 13:04:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Aug 2024 09:59:38 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C28E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

71ms
71ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

date: Sun, 20 Aug 2023 14:21:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C28E 0
0 202ms
201ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CMZFwgyHiZK_HB6mn9u8Piv-0mA_0l7rObd7h6qWHDdrZHhABINvrhCdglfrwgYwHoAHzpbDJA8gBA6kC1abZCnpNaD7gAgCoAwHIAwiqBMICT9CtTu94JXbtmNBBNH_hKrFid7bDflKBE0lET3Hd3yMMs2mzg_53oHtu1Hr7lFNzkFUpvs2jnRLsuiNIx7xskbNEqzgnn7ypguk1BPY97aAZpuETRy4EV2cPsIt0AbPLl8cld_Hn2_ASvt4TC05Sv1Q0d7sMyDcXehFjuGxCWEz7hJ9ZBQhVoEXoaDDDLxBP4LpuR--pJdN1ZqtsHh3Hp-5lnw5_U87EAE4qLuF6DUHnecXJdy-u9yYNQCZQtPsVefxqu0JvmwnwLxrTNEVHqydBb890NZcA77FVLtMrhsvxYn9kB84fUtyvHh2YENHLk_lKTv3_zPOX9vXShc2-Y4fVd56AHd0P_kOS5LGQONqlUSZ57Soyx0M49tY4ZVQaHTYAxadNmt5cx4gKO7lys0spZmcQlRrgv1MN2x8NRPNmAcAE-b6y86gC4AQBkgUECAQYAZIFBAgFGASgBgOAB_XZzzaoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDx-QfSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6mgkdaHR0cHM6Ly93d3cudW5pcGkudGVjaG5vbG9neS-ACgHICwHYEwLQFQGYFgGAFwGyFx4KHAgAEhRwdWItNzQ1NzU5NzY3ODE3MjgzNRj70hw&sigh=9dhQL-_b6tQ&uach_m=[]&ase=2&cid=CAQSTABpAlJWSt1IYNDlwDxMQMO0Zt8o6Ojdj9ho4mpKpwtO5wlaRTQTGVliQUJ30NfqRW3nrlgIfT-CbPJ_OSEROrttDS0hHckDcDiiHwMYAQ&cbvp=2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame 2FDD 222 KB
61 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:31 GMT
age: 479185
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:31 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 2FDD 15 KB
5 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:23 GMT
age: 479193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:23 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 2FDD 94 KB
28 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 10:46:54 GMT
age: 444902
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 10:46:54 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 2FDD 5 KB
2 KB 84ms
83ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508256
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 2FDD 40 KB
13 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508256
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2FDD 8 KB
1 KB 189ms
66ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COpen%20Sans%3A300%2C400

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5cea5f5a79817996385a96e5a5337e95db241f0a33a9e46c26b24cde34ac1b9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 20 Aug 2023 14:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 20 Aug 2023 14:15:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 20 Aug 2023 14:21:56 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2FDD 295 B
319 B 55ms
54ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:40:34 GMT
x-content-type-options: nosniff
server: cafe
age: 60082
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:40:34 GMT

GET
H3 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2FDD 2 KB
2 KB 57ms
56ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 14:50:07 GMT
x-content-type-options: nosniff
server: cafe
age: 84709
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2471
x-xss-protection: 0
expires: Sun, 20 Aug 2023 14:50:07 GMT

GET
DATA 200
OK truncated
/ Frame 2FDD 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aaaf0b2c3bd11afe20e1902624db617c2131b3272fabebd1160cb2f53dfb3750

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2FDD 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e2d8aaf147be96cea7283c0b71c3201b4fe5635c9532e8f0d6f425ac106e4c9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 2FDD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

71ms
71ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Redirect headers

date: Sun, 20 Aug 2023 14:21:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2FDD 0
0 102ms
102ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ctu5NgyHiZOSsM4rI7_UP8uio6ArO8o23coayzurrEdrZHhABINvrhCdglfrwgYwHoAHH7q_aA8gBAakCPZodL7Y9sj7gAgCoAwHIAwqqBL4CT9BQuuxUhbHJceSB3pmGY0WTePuTD8_Yuzz8r2_wI-xCsncZ42zHKiZ5PIgqeJSDM3nZWMkuLfG5MHl9cF9FpoFVWGB4h4CrUZu86jUX5JK7WsqOuTuNj4Oag_iRcKfpXg3CD6rUJ-zEYZH2CVIX3kN_-OFO_fJGbtOaSoulxnc4nsLpQUc03j_SdFdrTeVJgDH1TJ2pQ7pXcBgLnCL6U7YiGmDVjSu7DFtkYg3PDzjlVyCP-_GhB6o0iH5xi2WpvKyq4qdpJNlgag6LpA22S3V5jYzO3MBnuX-2owG7tLY7P4uP5UPFZ7gdqMKYcPHJL8XUxvmz300gNavYoUChL98OHeFpg2vID1VDCZXCeFdrAj3tWXUcBk0tQZpeTe97bvWkaoBxVXakiHjOuW3p-wRUz6EGCJe3Xuv3m1ilwASIgJ3ssgTgBAGSBQQIBBgBkgUECAUYBIAHoZHQJagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIvgE9IIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCYUBaHR0cHM6Ly93d3cuY29tYXJjaC5jb20vdHJhZGUtYW5kLXNlcnZpY2VzL2RhdGEtbWFuYWdlbWVudC9yZXNvdXJjZXMvaG93LXRvLW5hdmlnYXRlLWVpbnZvaWNpbmctYW5kLWVyZXBvcnRpbmctcmVxdWlyZW1lbnRzLWZlYXQtcHdjL4AKAcgLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi03NDU3NTk3Njc4MTcyODM1GPvSHA&sigh=lC_0HNP0i60&uach_m=[]&ase=2&cid=CAQSTABpAlJWpcxmU_ug9E_ucgwm9HneJhmFzgDaJ4AkKEOeRpGr_tkYCdCAGz_zr4tP4wcqxmH8AbsA3rVVJnyufVYOsp_NWk83tDbOyNAYAQ&template_id=5028&cbvp=2
Requested by: Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ Frame 2FDD 47 KB
48 KB 185ms
56ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COpen%20Sans%3A300%2C400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.phoneworld.com.pk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 09:02:59 GMT
x-content-type-options: nosniff
age: 191937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 09:02:59 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AE47 42 B
64 B 161ms
161ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu5FzIEdbUrDo3Bjb3uaxyZxoEnGCgRqub0jxYEGgI-CfMmswROPm0espY6EkhqvQJPwhtVSHk3em-KQ4xvtDPqVH4uybdNJfV5DlgOV-Yk9KG40P4QTmUHnxZsg8hA3EtR8St0TsfMTQLt&sai=AMfl-YRsd0ZBJbd2E-E01atMj6C1qeXmQS4OpE1MFwI5KziYM0F5lzs5syQ1Z0YkVE-Cz8_GRo9MV0T8Q_KRYIYFX62Nytjn3eZEdAqVmOQxKYJ8UvfNMH1nqNZa3nWO9YVNfvRIOWmWstt2wRuVQA&sig=Cg0ArKJSzCBhmqZd4QntEAE&cid=CAQSTABpAlJWFzze-18_MbgG_v73lTtX0wUqzhxx0AVAMyVWZLgszc53aKZA_wkMxNThzeUILrsD6NgN0oc3vjOZW0fvGUZdvHvYP1_OTTUYAQ&id=lidar2&mcvt=1000&p=140,436,230,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1353347140&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692541314906&rpt=557&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2B1D 6 KB
3 KB 58ms
57ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.phoneworld.com.pk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:54 GMT
expires: Mon, 19 Aug 2024 14:21:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 2B1D 14 KB
1 KB 66ms
65ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 20 Aug 2023 14:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 20 Aug 2023 14:08:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 20 Aug 2023 14:21:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 2B1D 2 KB
897 B 54ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 13:28:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 13:28:25 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame 2B1D 23 KB
9 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 13:47:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2075
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9092
x-xss-protection: 0
server: cafe
etag: 9312205082594545078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 13:47:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4B13 143 B
166 B 58ms
57ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3494
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 13:23:43 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 2B1D 3 KB
1 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 11:18:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 11:18:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 2B1D 20 KB
8 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 13:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 13:28:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2B1D 180 KB
56 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Aug 2023 14:21:57 GMT

GET
H2 200 e822d7071992e030a786d1a51b1f59a7.js Show response
www.gstatic.com/mysidia/ Frame 2B1D 35 KB
15 KB 180ms
57ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e822d7071992e030a786d1a51b1f59a7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0cbbfe7e06fd7a9274bcdf96bde690f294cdef1ba01f2f20c9a9bd09eb1502b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Wed, 16 Aug 2023 00:17:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14926
x-xss-protection: 0
last-modified: Wed, 16 Aug 2023 00:01:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 14 Nov 2023 00:17:18 GMT

GET
DATA 200
OK truncated
/ Frame 2B1D 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE47 0
20 B 156ms
155ms Ping
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=798940765117&version=m202307240101&ct=119&x=1&cor=2118599424577496000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2B1D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fe533cb9cc7ba529598f0340fd578061779f6b1507900ba3749ca5bd0f5a932

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4B13
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

72ms
72ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
URL: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:57 GMT
expires: Sun, 20 Aug 2023 14:21:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 20 Aug 2023 14:21:57 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 2B1D 33 KB
33 KB 55ms
55ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 05:04:01 GMT
x-content-type-options: nosniff
age: 119876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Aug 2024 05:04:01 GMT

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 208ms
92ms Preflight
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=C88E2hCHiZI7JBsS89u8P0t-juAXO8o23ct6xzurrEdrZHhABINvrhCdglfrwgYwHoAHH7q_aA8gBAakCPZodL7Y9sj7gAgCoAwHIA8sEqgS3Ak_QQJpX5yQlakPK8KbyaNyJFzbyvfIQcUwLv3vFfiAWpBoPqrLoD3GPWFltJDb_gElRc2dHJFqjTTnnixY2SMbrzWHjyoMcXOgduHLnM1Ro6hi_zhpl-j3P9w4Il5KlgvJ7yPO3an9JWwFe6fy5PF2pnYrUyAvFEzMT_vinRGyD39KxXg3LQDoxSWx6_lg8u98JSs7OJYZMvLSkD5DCiFawvCPmo_sf7L7APywxIoptzkwqLFH4v0IiumWL3CXynBWYhIH0slhovJbsP0UfUGNHw7kUf6Uf8oCTsrOpxusBnSq0YcVVCvv-5l2_HBNXy2dBeVITgxAgHKvYCvXOdrTxPdIv0U4wyzkloee5V5c50Ad93WcJqx3qnrLb9HF7Q0Fc4RY3JZOSGZigXuLh49u9CgaUf96cwATo_pzssgTgBAGSBQQIBBgBkgUECAUYBIAHoZHQJagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEO_0A9IIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCYUBaHR0cHM6Ly93d3cuY29tYXJjaC5jb20vdHJhZGUtYW5kLXNlcnZpY2VzL2RhdGEtbWFuYWdlbWVudC9yZXNvdXJjZXMvaG93LXRvLW5hdmlnYXRlLWVpbnZvaWNpbmctYW5kLWVyZXBvcnRpbmctcmVxdWlyZW1lbnRzLWZlYXQtcHdjL4AKAcgLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi03NDU3NTk3Njc4MTcyODM1GPvSHA&sigh=cP7AjBoDwbY&uach_m=[UACH]&ase=2&cid=CAQSSwBpAlJWMEtslk2YNU_6-GeFDGVd_9VRqRtJAnOUlj3kNh9yk2q1a7nBR93irxBTHiqsUtBlyKXKqBBowZP-5jr_OMFbkG41-6fejRgB&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 20 Aug 2023 14:21:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2B1D
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=C88E2hCHiZI7JBsS89u8P0t-juAXO8o23ct6xzurrEdrZHhABINvrhCdglfrwgYwHoAHH7q_aA8gBAakCPZodL7Y9sj7gAgCoAwHIA8sEqgS3Ak_QQJpX5yQlakPK8KbyaNyJFzbyvfIQ...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211715374250312878314%22,%22debug_reporting%22:true,%22destination%22:%22https://comarch.com%22,%22event_report_window%22:%...

0
0

208ms
91ms

Fetch
text/css

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211715374250312878314%22,%22debug_reporting%22:true,%22destination%22:%22https://comarch.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22994834247%22],%224%22:[%2208-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213202090174764445681%22}&andc=true

Protocol

Server

142.250.181.226 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 14:21:58 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11715374250312878314","debug_reporting":true,"destination":"https://comarch.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["994834247"],"4":["08-20"],"6":["true"]},"priority":"500","source_event_id":"13202090174764445681"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 20 Aug 2023 14:21:58 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 20 Aug 2023 14:21:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11715374250312878314","debug_reporting":true,"destination":"https://comarch.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["994834247"],"4":["08-20"],"6":["true"]},"priority":"500","source_event_id":"13202090174764445681"}&andc=true
access-control-allow-origin: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 -jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js Show response
pagead2.googlesyndication.com/bg/ Frame 379C 37 KB
14 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-jd_BcJ2_muHebna6aM-t4BwAJqN83NnF3hDm83RPZ4.js

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa377f05c276fe6b8779b9dae9a33eb78070009a8df373671778439bcdd13d9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 09:42:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14691
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 19 Aug 2024 09:42:51 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 292ms
110ms Preflight
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 20 Aug 2023 14:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame 0912 222 KB
61 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:31 GMT
age: 479186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:31 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0912 15 KB
5 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 01:15:23 GMT
age: 479194
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 01:15:23 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0912 94 KB
28 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 15 Aug 2023 10:46:54 GMT
age: 444903
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 14 Aug 2024 10:46:54 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0912 5 KB
2 KB 80ms
80ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508257
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0912 40 KB
13 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 14 Aug 2023 17:11:00 GMT
age: 508257
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 13 Aug 2024 17:11:00 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0912 295 B
325 B 55ms
54ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js?cb=31077163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:40:34 GMT
x-content-type-options: nosniff
server: cafe
age: 60083
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:40:34 GMT

GET
H3 200 13906966975912380290
tpc.googlesyndication.com/daca_images/simgad/ Frame 0912 13 KB
13 KB 55ms
55ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/13906966975912380290?w=300&h=250

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7d7795d9ba0ba56c83bcfd839af42c400cec66584b5b5098c10a450e0f62372

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 20:01:42 GMT
x-content-type-options: nosniff
age: 238815
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13489
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 08:00:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 20:01:42 GMT

GET
DATA 200
OK truncated
/ Frame 0912 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ccedc44dfd4216c84317fd1be05bc9e78c66d8a7b9b9b72787f2f5ef1609a961

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 en_tl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0912 2 KB
2 KB 55ms
55ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_tl.png

Requested by

Host: www.phoneworld.com.pk
URL: https://www.phoneworld.com.pk/nofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4be294fb0b2af518c400655811766e73d1a31b62033ffe25aede8a1e4822b4ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 18:43:02 GMT
x-content-type-options: nosniff
server: cafe
age: 70735
etag: 17598104052742324596
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2475
x-xss-protection: 0
expires: Sun, 20 Aug 2023 18:43:02 GMT

GET
H3 200 en_tl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0912 2 KB
2 KB 58ms
57ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_tl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4be294fb0b2af518c400655811766e73d1a31b62033ffe25aede8a1e4822b4ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 18:43:02 GMT
x-content-type-options: nosniff
server: cafe
age: 70735
etag: 17598104052742324596
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2475
x-xss-protection: 0
expires: Sun, 20 Aug 2023 18:43:02 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0912 295 B
325 B 58ms
58ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 21:40:34 GMT
x-content-type-options: nosniff
server: cafe
age: 60083
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sun, 20 Aug 2023 21:40:34 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2FDD 42 B
64 B 161ms
161ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssm2S2W_2Ix7v5BZvq9JkD4cVgbefrBH3fCtQpQlOZ3jdDf7oMehPL_4zUuyGnIimd2cTniYwu0SQTRtdtM8Ot6YWh-HYOtvpmc1UaZ8RqS0Q9wZozNvg2VkENdF-aQE0CZlvKsEtSH2qz5YLFvWwHmFJMvguY4aDJAlZiG17M&sai=AMfl-YScOFofLS4mJmIIr3gcRQQ6y3e6ex6Hr6Z5y7239tsuykhSM7c-KGjwVZXRGphwLi6Fcb7Y9_9luOpAj4maV4D_NQyDpLU3xCKXxW8fCqA1SZjZDFDfZaEtzxmA77Y0rWxdie6SLGgTNshXjg&sig=Cg0ArKJSzDf5NB6xakCqEAE&cid=CAQSTABpAlJWpcxmU_ug9E_ucgwm9HneJhmFzgDaJ4AkKEOeRpGr_tkYCdCAGz_zr4tP4wcqxmH8AbsA3rVVJnyufVYOsp_NWk83tDbOyNAYAQ&id=ampim&o=456,1057&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1467,0,0&tfs=139&tls=1616&g=57.200002670288086&h=57.200002670288086&tt=1616&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0912 0
0 100ms
100ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cj7NBhCHiZOGBK8e99u8P-pCisA7C4-uEcdjjxPDyEdrZHhABINvrhCdglfrwgYwHoAHw65TqA8gBAeACAKgDAcgDCKoEvgJP0GskfzruqdC7p0dNmM_BnY8pMARD8yeJ5gLj0hHU-YMvIF9pb09nhdnZKKFC8dME4K4Fp5-MBoezwbmXaSWJNIAqXhj2s9_IBQ7Av91tPD8MegMtzgc5l7tyT3VrAVW0_8TOm8zEqw9qdWH2icFlG4T8CXurJTTuGaIXzhHuX0cZUyGmiH9K0z2UMO7TW6eQjD-M7pLhoZq_d6EguHx0H8CenkugDUCY4weE7AxKYm5ejKkVP0Ndj9WNYZXYermdhH7p0Kd6MxbgjLJN3ZuNinF_O3AiS91BoeZCgzaFx2OvgbwDNnKeeVz8OaZ6ZF8DZw74qvSJbeqXv5IsYi07LlgtbLhPHnMl5GjyeI5AOEt6lq3TpXIIHSz8xJo0DA76B_oQojg7iPtcXnGZZnrSxp1qT3nG2-d2aVCvsYjABPCVre-yBOAEAZIFBAgEGAGSBQQIBRgEoAYCgAf4k-sVqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQgN4S0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOpoJJ2h0dHBzOi8vd3d3LnZpc3Vpbm8uZXUvd2hhdC1pcy12aXN1aW5vL4AKAcgLAdgTDYgUAtAVAYAXAbIXHgocCAASFHB1Yi03NDU3NTk3Njc4MTcyODM1GPvSHA&sigh=VY_A8gx9gQo&uach_m=[]&ase=2&cid=CAQSSwBpAlJWLO4g6QXzl6iyJ4YEGUQDiSjhOv8IrQkEAa0GsJFnHO8LoGfOgf_cfa59CLoj4Qbao9l0FB1gMhJBcC8WJuVOfDHVeOPIFxgB&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.phoneworld.com.pk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2B1D 42 B
64 B 162ms
162ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst3em5lJYZcyD523cQ777896oaiKDFEdMvYebn7nCXCwf0C4Wg0K296tyjrKe9I59gtUwXyBlkjtilIqYkZaZUQgrDxQeZ4qPZt6dKITLpRPD5N8B2-aTqQDKkkb9Ao0C1Meia5EmDFt1LraLbhBIEoBeWVMnQ4Ilb5xN3sx2o&sai=AMfl-YS_df8xmLjMXHWYP4xr7NziaTnDHhP3AKh8OStxj90W9_r5cvpJGH9y35MP8qpnxH3yCjWymCyzcrSpQL2DTN1yP4c4pNcMJoBnwh9hgKmWr-k9olPdHYOUQBu7m8ajETAZO-b_XHh8bcBu&sig=Cg0ArKJSzO-6MPhqoJnmEAE&cid=CAQSSwBpAlJWMEtslk2YNU_6-GeFDGVd_9VRqRtJAnOUlj3kNh9yk2q1a7nBR93irxBTHiqsUtBlyKXKqBBowZP-5jr_OMFbkG41-6fejRgB&id=lidar2&mcvt=1000&p=1109,436,1199,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1497981685&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692541316826&rpt=428&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 34ms
34ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7QWBTY4Y25&gtm=45je38g0&_p=12866460&cid=1774754590.1692541313&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1692541313&sct=1&seg=0&dl=https%3A%2F%2Fwww.phoneworld.com.pk%2Fnofilter-attack-sneaky-privilege-escalation-method-bypasses-windows-security%2F&dt=NoFilter%20Attack%3A%20Sneaky%20Privilege%20Escalation%20Method%20Bypasses%20Windows%20Security&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7QWBTY4Y25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.phoneworld.com.pk/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 14:21:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.phoneworld.com.pk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

221 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.phoneworld.com.pk/	1970-01-20 14:52:13	Name: advanced_ads_browser_width Value: 1600
.phoneworld.com.pk/	1970-01-20 23:45:01	Name: _ga Value: GA1.3.1774754590.1692541313
.phoneworld.com.pk/	1970-01-20 14:10:27	Name: _gid Value: GA1.3.1705360363.1692541313
.phoneworld.com.pk/	1970-01-20 14:09:01	Name: _gat_gtag_UA_23026382_1 Value: 1
www.phoneworld.com.pk/	1970-01-20 22:56:03	Name: tve_secret Value: d205643b385106b3134e253a0af01eb3
.doubleclick.net/	1970-01-20 14:09:04	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 23:30:37	Name: IDE Value: AHWqTUlKHatK_r4EYrxBBmSgJL6uAx9c5J4Zv65mpCTZfT5ehQsEU_QZEk7DslcO4cA
.doubleclick.net/	1970-01-20 14:09:02	Name: test_cookie Value: CheckForPermission
.casalemedia.com/	1970-01-20 22:54:37	Name: CMID Value: ZOIhgwa5bg-DQV3NjcoMeAAA
.casalemedia.com/	1970-01-20 16:18:37	Name: CMPS Value: 5229
.casalemedia.com/	1970-01-20 16:18:37	Name: CMPRO Value: 5229
.adnxs.com/	1970-01-20 16:18:37	Name: uuid2 Value: 7383410441252122336
.adnxs.com/	1970-01-20 16:18:37	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb^5]vhN!1yIE`fS1ueD1W-044)d+]Uey)b@ejWr4Hl@fdA8[BkVfB('M^1.!DSDqc#b9RFMZ9T5_m!x'Fz)I's5
.doubleclick.net/	1970-01-20 18:28:13	Name: APC Value: AfxxVi6-130Npxj5L1m0EA7sH4PBEj_EBOZkXQFuhKOQaH8myHaEpA
.phoneworld.com.pk/	1970-01-20 23:30:37	Name: __gads Value: ID=55bb729e71a59c27:T=1692541313:RT=1692541313:S=ALNI_MZ5M9bWNdfbDz0Iloa4UzfEn0lHmg
.phoneworld.com.pk/	1970-01-20 23:30:37	Name: __gpi Value: UID=00000c64951ff3b2:T=1692541313:RT=1692541313:S=ALNI_MZZiIQTb45Z0aEZGdGeEFVO5bqaTQ
.phoneworld.com.pk/	1970-01-20 23:45:01	Name: _ga_7QWBTY4Y25 Value: GS1.1.1692541313.1.0.1692541317.56.0.0
.googleadservices.com/	1970-01-20 16:18:37	Name: ar_debug Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
analytics.webpushr.com
avads.live
bot.webpushr.com
cdn.ampproject.org
cdn.webpushr.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fc9f99334d594fec8568ea08e9ada3e7.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
pixel.wp.com
region1.analytics.google.com
s0.2mdn.net
secure.gravatar.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
stats.wp.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.phoneworld.com.pk
104.26.6.106
142.250.181.226
142.250.185.98
157.230.100.179
167.172.183.24
167.71.54.9
172.64.148.101
175.110.113.114
192.0.76.3
2001:4860:4802:32::36
216.58.206.34
2a00:1450:4001:800::2002
2a00:1450:4001:800::200a
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:811::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2006
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c04::9b
2a04:fa87:fffe::c000:4902
37.252.171.21
04a59f4b56d8d14ed7c127db4cfedf8caa618594e00b14bb9a6150182e7c31d3
06684ef23bf7efa9b16e44669ac0986788be53136be89e89857a473b32ed5374
07556f378e5523136e2c6e0197ed545fa18f9f7022c83a93eac10ea24533bcfa
092010a00a9ad9ec13a15cc1de1dcd925b30c743c6cf49a38097389ed3a07f2c
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba2a0da5c4bbb91065d70e8d6e9e22b1eb1c2e066ac876e261efcc96036b031
0c2e7fe102b728b4b71880c7bbcb0436077012be559ce02ccad1b62bd00d386e
0c9aca2a71cdfe5e8e4eeed187dc802909e67482e63d1c3642d75e9f3067c8e7
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13c3e69e4153f8ffa3a72b1f9931ff2ad2a31fe8da270d4a4c15110e4bbf253b
15d51a96c00f46c89828a7e962637d786edd66bd3ddde40c395f8647649d958b
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16a3f96d874fd924e26c49252372ba799d2f3d3edc6d8ae458d1bbdf7dbd6901
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19e74de7f937e68df090c1ed7358e1a8b65955bd64bb747caa5a5439890a7d52
1a4dd11c3764a3be7caee75eeb660be2d9f01fc3ba61f95990d8f64e5e441875
1b042e22311586cd062be12e91361664872b12c8f76e55d47e792a8015651851
1e2d8aaf147be96cea7283c0b71c3201b4fe5635c9532e8f0d6f425ac106e4c9
207b93ec2e2810009c99240d2ef634d038579a139cd8d918fdb1c852e5b2e990
24121647cc448082299e345c46eadb6f1e488fcf6a0e11302fc8e7d67df711be
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26c64d96f1e6b0bf39cfa0a07e9fa4097e7c2c187bc250fe2ee7a4542adc7b85
271ab017788515ea1f86ec3f56fc3690fea086535affbe0d5c9ec5d4bfac79d4
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2ae072b67edb6016f6425f5d59b9ffd393f38f1d631d108a6dd05339cc726835
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2ec2a3925aab30db5b9aa975a1eefee359610555e16046cd68d4133263d4d283
2f0b4687e17b9737ae13310042b476079b5b8241317984eba3641711c80a1bcd
2f835251502d0276039438a188ee26c22c413b4e2f9a061b45e634b831a924a4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37ae5e7eb18f5756a613e19c5709e7b6b26fa3c5cde995ee431b068aef2f13ba
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c
4516cc723dd9131ac3dcaaa82e7543f867d5318c291252460b9b2d1426a05028
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918
4a65632f160cf5bfc65a7555220876eeab940e61a21bbe7ae926e4c5a6c3d0f1
4aedd618e5afdcceeaeb82c1d6926175a4bb43dd363e9c64eacfca2ae80c9b60
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
4be294fb0b2af518c400655811766e73d1a31b62033ffe25aede8a1e4822b4ea
4bf862f3586f612ddb5751eb35d4e67ea6719bd5049fd103a606f303a025ca1e
4ff3e92f7890ba5bbd26d3a9dfb4e3731506154a4703c3c57775b21fe869a979
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
525ef40a0ed25fd866873cfafe160a444dab62cf34d2fa53221e1a95c73dfb0b
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58ab1f1090e861ac8b6dd1c89deee12ed25d6b2132947aa81bb64c19f8c86c59
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5cea5f5a79817996385a96e5a5337e95db241f0a33a9e46c26b24cde34ac1b9e
5dacc133c4cc7896cc68c0ea692d37322832c5104ff413e60f72b39055e58de1
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
610a5e6378dcc7f3e05755de99d87d2b8ed9de0b20595275d08dca78e489d714
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c777899dc0d591a388376fda737aa4e51aad81d05fab82a7b91f4ceff227f2
6218fad6f0bfdab65ed936f74cb3608dd4465d97cbe703bc2f56468308fe43fc
622d4e2da39f5ea961864441f76065bb203bb9053bc3f03c256f42fc5ab1b57b
633f04c0bde0e94e5a4e742b390b01f13b8663e494648ea90ab8c421f71908d5
638a34db1d7b3f386cf2f8e7544101985f7982921d317c59338e3f6f981bb81e
64b55be244048bf05a8a204b5799e7602ae7f715de3f18865ffc3a053fc9fe19
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
68a84433a9939762eaac536834e7e8c2470d867a6108cf1022831b8509d55caf
6a3f8eb176c341e402ff8e8c137e70723f6a49a4a06d662e329ce0d359f59a00
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cf029544aa224ba5dffae3a9cda7880ca66eee47812b54d65ed79a047c04f79
6f2a22bd06f529e168758f23d73b5f44a95ceb718552e4356ee5e250a8ca1bd3
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
72bda989d376fa49ec87c8847f5e41ec792d4f4502842481f4cc4e1bb8f61a15
7444c52b3e982d5b014c0d34546cafd91598ed406a6ee0cbd82f705236114d42
75cabc24bf21015cd44fc8329fd6070558e9503cf50eadfa65b8d20504bb803f
786653ab0e3afb34ce8cd74298fa7140e8c6f85f62da78617634009e09ed4768
78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7
79e81da30841273cf6c088ca06dc5e1b66c54c732c9c967485939bbb9833534a
79e851404657dac2106b3d22ad256d47824a9a5765458edb72c9102a45816d95
7a86bb0af999aabf8f5e1a5c7afd2844f81aa92c972ee8a3485fb426811d6309
7a976760768b0be95005812deac4f09c1721505c5d631532efe5bd80352ed295
7b29e8b1059c2d78ecd33ff1ecb321e1a273f2852380a58d63792c5f27b5dc62
7b8c2ccf7b77791954f5f71ed5f5336193d56eea3dc654da9afb06dbfabcafab
7c07b1e50faa9158886dac5e0e67c9faffc109683bf627774f220037d320f8f9
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
7f848cd3f3072b5793df1b5acd706e12f0883e3f1c2458b883a852631cf0be2a
7fa884a8a3b751aa489d13d81f23d5cf4e1a3aabb9c5dbd622ba5b839db0c7f5
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
819927e0e18e2f640b5bfa61728e9080e2c92edec215022a6ad6f03c51434efc
81baa92972e5a729cbf915fe4187a3e63d17b0f9c078f7ea14a291d8a4571171
821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b
8276d99808a3a111dcb2dc61c895388c21341d48be9c3f87d905787a49c2b832
832888005cc3bbe4a7c6d803b944c7fb9ff64f4d0c9bfcc490aa62f10dae3be6
90c86a8cf50c843fdfee59fe9bbecaf3aef7349b05d6469b959c919356788a16
9185695205d36a986b6fbd479932766b7c33012cce3cb61ef8bafb7db22d6884
922f7310455a01a1cc789155c95eed771508f7cf31cf38b176a934147e26c7af
95d19d87f29a6ea4e274e3681e839eac392e30647f4d373841c3c9c30749b64b
984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6
9a520b81ffd7648d0ecebde7fb82e3c1c061dbb328eb4da1cf823a216c11815b
9adc0522c6782e4a8caaf6b59fa230d3dfec6b62833db257e10ef90995a70c42
9b6009d6ec002db5cdf4fcdffb0768b0e8cb0339b63cb18f0c1fa9e0d90f099d
9c2d603af8c23ee6c9951b1fdd859b2cb482310c88b56d5da74972e3e6d8b9d4
9e7ae6c6e13ced8756e3f36d8d3857976b5ceab11e08588adbafc70211889d0c
9fe533cb9cc7ba529598f0340fd578061779f6b1507900ba3749ca5bd0f5a932
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a07b6d8c65b2b0da62f2b1ab3f6ed501b12c09ab385829c44cb8af2e5ca53084
a14ea03c678fe3a3ac453e1778b500e39bd693d46843141ad49536f0760012d2
a56bbb4199232f466109c81aad2004410c5d35567ebb59c1a0aef0f9f79b91dd
a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a
a6cf68980ebfec488f70450492f520b9bfcfe235c117fda6c559940717e15091
a6eda84e469463424ebf458949c409a82ee31d042cf3c8e84978658832f634c5
aaaf0b2c3bd11afe20e1902624db617c2131b3272fabebd1160cb2f53dfb3750
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abaac68efd8c6ee70ad14c253173170c57a409b87aef98a418534e38d9d57d5d
b0cbbfe7e06fd7a9274bcdf96bde690f294cdef1ba01f2f20c9a9bd09eb1502b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b27f659d7904360df7cce9db947261b2b193cc8763af5c2d0560ebf1b6e14054
b341c158e215ce2daecaad07657606b00cdf6436ccc8a2ab1868cd9438d85547
b4204303e05bf16a93b212c146d3e9a248d7abed958e6a3846910148e5b78d9d
b50003b26f8af6ab292c2d3f6b8295f2f3011d343aa1e57ec1531972abf6d90e
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b99993143ef5c98b746267c0a19fd2c2f4a6d64af3e1dae82a87573c4b9b1572
bbe318c16dc831941c721c67adc2740f0dda25681d9ed9070c517dedc5cce975
bd659262a82c92ee88bbabc0eeceba10620d4b44fe44596a5071d84acc93304d
ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ccedc44dfd4216c84317fd1be05bc9e78c66d8a7b9b9b72787f2f5ef1609a961
cdae6ec5705a433fbe45f34fc46a72d387bc8315a9cd377a530f0a31900459a2
cdf072b797353602918996980c44cfe88d0067ac8bc2582aa01d55ba11fd8ecf
d7d7795d9ba0ba56c83bcfd839af42c400cec66584b5b5098c10a450e0f62372
db13b35dba933986b3d5b3f045f17fae683a1e7d35aba413ae32498056f8f172
dd07bcd3439000568c9bcdb21b794a36c897c9101102e11a3cee14e55cb0f1ad
dd37e2cd931803994ea8f76c16d3d81aa0aa6d6488a049df19c78a078043c8bb
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0189a3aa1849fa14a8f71c8cdcab924adc6c95462c4af61078ad8727335d000
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b8509c9251f39204d1f99494791c629dd45ad45ae21f4d7c134f4a86af56a3
e3f99872ceadfc1f744644d6b6df26a3d2e7aaca0c9f763d71cdd3e8db5a06f4
e5fb5adab00e9f94b67f64699cd8770cb2b3ad364eed400e04250953e08776d7
e60d8e5aa1e9414a1312403dc47e1f0e93aab527dcbff70cc861bf4e89c23c11
eb65a83aaae58dccda5d5835357f7c852446491cadfb7b375555d78885723683
ed77fc2cbbcf4cd716fbf7f4ace9c8d1612bf6140a5996e4f38f8caa142edcb8
ee17e0e2ab2e750502467ce4fdeffbc3979d6677bfd81ebe98e1a6669f53ccf4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1672b6adb575ab5321d426ebcca1e8b00217bfb2704fb41797f0dc91f5f5061
f1838dde7622a453a5c1b3d8a326be5c309a07ab92c946f981d9d2d47f3ef129
f1bc17112f84d3e3b9e381a292e9ee6263cfb0706f07e34501396dee3a7c8a2a
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f42b94d099916980fb192ffa1aad0920a000d28fd9d718015f4e6ad7a4d080f9
f52ec3f4d0b043a36683a54caef45ae1158780aede5f886a6a1b63b61668e0d3
f731ebe4dbcb9350959ba58c97711b0a5a25adf8a63b6ad1244c17f8ac8b708b
f8d778efc7dc25944147ff00bbea3cda6aa4a92da1b7e997b48830d4e051d31a
fa377f05c276fe6b8779b9dae9a33eb78070009a8df373671778439bcdd13d9e
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
fd52521af5ceb8f50b7acb0245fd2278e761ab56b876ca33ae16012f384468a3

www.phoneworld.com.pk Open in urlscan Pro 104.26.6.106 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

212 Requests

96 %HTTPS

62 %IPv6

19 Domains

31 Subdomains

30 IPs

6 Countries

2656 kBTransfer

7143 kBSize

18 Cookies

15 Outgoing links

Redirected requests

212 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.phoneworld.com.pk Open in urlscan Pro
104.26.6.106 Public Scan

Screenshot
Live screenshot

Full Image

212
Requests

96 %
HTTPS

62 %
IPv6

19
Domains

31
Subdomains

30
IPs

6
Countries

2656 kB
Transfer

7143 kB
Size

18
Cookies

212 HTTP transactions
17 data transactions