URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Submission: On March 26 via api from US

Summary

This website contacted 23 IPs in 5 countries across 16 domains to perform 112 HTTP transactions. The main IP is 104.18.234.86, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.theregister.co.uk.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 4th 2019. Valid for: a year.
This is the only time www.theregister.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 37 104.18.234.86 13335 (CLOUDFLAR...)
8 172.217.22.2 15169 (GOOGLE)
17 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 95.101.185.159 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.224.194.122 16509 (AMAZON-02)
7 93.184.220.66 15133 (EDGECAST)
9 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 104.244.42.8 13414 (TWITTER)
1 2606:2800:134... 15133 (EDGECAST)
1 2606:2800:134... 15133 (EDGECAST)
1 72.247.226.107 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a02:6ea0:c71... 60068 (CDN77)
1 107.23.24.158 14618 (AMAZON-AES)
3 64.202.112.127 22075 (AS-OUTBRAIN)
1 151.101.114.2 54113 (FASTLY)
112 23
Domain Requested by
25 www.theregister.co.uk www.theregister.co.uk
17 regmedia.co.uk www.theregister.co.uk
10 cdn.ampproject.org securepubads.g.doubleclick.net
9 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.theregister.co.uk
tpc.googlesyndication.com
cdn.ampproject.org
8 securepubads.g.doubleclick.net www.theregister.co.uk
securepubads.g.doubleclick.net
7 forms.theregister.co.uk securepubads.g.doubleclick.net
forms.theregister.co.uk
7 platform.twitter.com www.theregister.co.uk
platform.twitter.com
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
4 nir.theregister.co.uk www.theregister.co.uk
3 log.outbrainimg.com widgets.outbrain.com
3 widgets.outbrain.com www.theregister.co.uk
widgets.outbrain.com
2 www.googletagservices.com securepubads.g.doubleclick.net
2 syndication.twitter.com 1 redirects www.theregister.co.uk
2 www.google-analytics.com www.theregister.co.uk
1 odb.outbrain.com widgets.outbrain.com
1 go.theregister.co.uk 1 redirects
1 obs.cheqzone.com ob.cheqzone.com
1 ob.cheqzone.com widgets.outbrain.com
1 tcheck.outbrainimg.com widgets.outbrain.com
1 pbs.twimg.com www.theregister.co.uk
1 cdn.syndication.twimg.com platform.twitter.com
1 www.google.de www.theregister.co.uk
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 pj.l.admedo.com www.theregister.co.uk
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.co.uk securepubads.g.doubleclick.net
112 27
Subject Issuer Validity Valid
theregister.co.uk
CloudFlare Inc ECC CA-2
2019-10-04 -
2020-10-03
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
ssl909866.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-10-31 -
2020-05-08
6 months crt.sh
*.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.outbrain.com
DigiCert SHA2 Secure Server CA
2020-03-09 -
2021-06-08
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
pj.l.admedo.com
Amazon
2019-07-05 -
2020-08-05
a year crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA
2019-11-12 -
2020-11-18
a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
www.google.de
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
syndication.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-01-02 -
2020-12-24
a year crt.sh
*.outbrainimg.com
DigiCert SHA2 Secure Server CA
2019-02-24 -
2020-05-25
a year crt.sh
misc-sni.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
ob.cheqzone.com
Let's Encrypt Authority X3
2020-03-16 -
2020-06-14
3 months crt.sh
obs.cheqzone.com
Let's Encrypt Authority X3
2020-02-22 -
2020-05-22
3 months crt.sh
f2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-03-03 -
2020-07-25
5 months crt.sh

This page contains 11 frames:

Primary Page: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Frame ID: D553E10865EF423B32ED7C7C93EDD122
Requests: 83 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d0f13be8321eb432fba28cfc1c3351b1.html?origin=https%3A%2F%2Fwww.theregister.co.uk
Frame ID: 7D47B2653F06EB6FC2365D1157176198
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Frame ID: E1CD0C4D598A0B5B85DC20FEFC014629
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: DCB55032EF476343437468C226233B15
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: 0FEDBD61FCAC5472A37B3EEF0EE7510C
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss-GzxQgidPWfz0JDuiBh1Mha4WxVSUeAYmPvcedkiGsQUFkWwDf3TBJHfeKGnuM-0v-fK7d-SQRnX3C4HzqWBH_rVW8bMsYkPUcTm64GW8LTi8M9VXnnjr0bq4jiS-A_RCIVdAoXdf6uYm5yE2_IODFCuETnOsIWkNUnqOYza3Lo967UyKBSyxZkiWmsHll-YCAnH6NRqKkPhpuJyhOk7u-zZmNiaqelq9a87Y_hzJ266SamS3370M4ua8ns0ozZ11vLYpxH5bcwtpMLORbfTGH4-j98cnSyFASho&sai=AMfl-YQ7nP46kGl9Q5VHKx8iU1vxG168ssP8Uib6yCXZEkI2kjXxIT-syK1VS83FoqPA5lXLIvu5GHTfAZLngG8W-rGJPK0-rP9B-dlBBF6ejQ&sig=Cg0ArKJSzGHKcNQxEI4tEAE&urlfix=1&adurl=
Frame ID: 3C049E54051C2DC83D0B141E5C0EE940
Requests: 4 HTTP requests in this frame

Frame: https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
Frame ID: C67CFA9A186FB994DA75145357F81E1F
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: FFB801528BFD35124FF5208D170B4310
Requests: 7 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 455613E395A968B7D92920137587E3BD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 1331BA634FAD8866D3670D7A5DF8D400
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 11ACBCB7FE3B62F51F0B6A5BB65E4A2B
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

112
Requests

100 %
HTTPS

58 %
IPv6

16
Domains

27
Subdomains

23
IPs

5
Countries

1647 kB
Transfer

3799 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&gjid=2000893452&_gid=595436902.1585232600&_u=YChAiAABB~&z=1836569229 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&_v=j81&z=1836569229 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&_v=j81&z=1836569229&slf_rd=1&random=2711213677
Request Chain 98
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html
Request Chain 109
  • https://go.theregister.co.uk/k/abt_a HTTP 302
  • https://regmedia.co.uk/2007/09/13/tp.gif

112 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
64 KB
15 KB
Document
General
Full URL
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f15b8e98ab44adba694ee8464bd8cb33ed2f5f3865b7c9f6473faaa9f496cba

Request headers

:method
GET
:authority
www.theregister.co.uk
:scheme
https
:path
/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Thu, 26 Mar 2020 14:23:20 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d7cf43d278575f7a5e5feb6bdfea7eedf1585232600; expires=Sat, 25-Apr-20 14:23:20 GMT; path=/; domain=.theregister.co.uk; HttpOnly; SameSite=Lax
cache-control
max-age=0
expires
Thu, 26 Mar 2020 14:23:20 GMT
vary
Accept-Encoding
x-reg-bofh
pfy03gb
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57a1876629eddbd3-LHR
content-encoding
br
scaffolding.css
www.theregister.co.uk/css_picker/webkit/59d8520414350f976af1393738a6ede150b34b00/
19 KB
4 KB
Stylesheet
General
Full URL
https://www.theregister.co.uk/css_picker/webkit/59d8520414350f976af1393738a6ede150b34b00/scaffolding.css
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11b10fdb2a5de2bc29f16503b2ee10492c9441b12e7d1d0248ff764f62a0206d

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Sat, 21 Mar 2020 00:31:04 GMT
server
cloudflare
age
3604
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
x-reg-bofh
pfy03gb
cache-control
public, max-age=33696000
cf-ray
57a18766cb56dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
design.css
www.theregister.co.uk/css_picker/webkit/59d8520414350f976af1393738a6ede150b34b00/
52 KB
11 KB
Stylesheet
General
Full URL
https://www.theregister.co.uk/css_picker/webkit/59d8520414350f976af1393738a6ede150b34b00/design.css
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01b11642a8412e8a9818456c26a2f355a437a2b3d87e8fca40d716cd1fec0785

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 05 Mar 2020 14:40:15 GMT
server
cloudflare
age
3604
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
x-reg-bofh
pfy02gb
cache-control
public, max-age=33696000
cf-ray
57a18766cb58dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
_.js
www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/
207 KB
59 KB
Script
General
Full URL
https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95f0b8a588ddfbf5b37b38fcb1e50f745648419e25cc7ee2e503efc3ba93c990

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Mon, 16 Mar 2020 16:05:34 GMT
server
cloudflare
age
857851
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
x-reg-bofh
pfy02gb
cache-control
public, max-age=33696000
cf-ray
57a18766cb59dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
43 KB
14 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
sffe /
Resource Hash
0c8abddf034c71ee4a87ff140cf18b45f2a03fbbf1aaae9d5efaf99e4a30809c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"467 / 421 of 1000 / last-modified: 1585081309"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14460
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:20 GMT
reg_logo.svg
www.theregister.co.uk/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/
15 KB
5 KB
Image
General
Full URL
https://www.theregister.co.uk/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363edeba1963685d08a885c613f43fd3c94fa0ba6cea87de6036f960c9d38717

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 26 Sep 2019 14:47:16 GMT
server
cloudflare
age
12131646
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy02
cache-control
public, max-age=33696000
cf-ray
57a18766cb5bdbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
search.svg
www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/
609 B
424 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/search.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d12f905bb706cb8acf0335b6a160a16f345f07202ea4130402aea6e26f6c211

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
11610967
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03
cache-control
public, max-age=33696000
cf-ray
57a187671bfbdbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
vulture.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
2 KB
883 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/vulture.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d98d5c33034b7a0b5f829b1c833eb2ea440a63a631a37694778ef4af996b33

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
age
1759940
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03gb
cache-control
public, max-age=33696000
cf-ray
57a187674c6ddbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
search.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/
609 B
401 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/search.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d12f905bb706cb8acf0335b6a160a16f345f07202ea4130402aea6e26f6c211

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
15157713
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy04
cache-control
public, max-age=33696000
cf-ray
57a187674c97dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
dl.gif
regmedia.co.uk/2016/04/14/
35 B
197 B
Image
General
Full URL
https://regmedia.co.uk/2016/04/14/dl.gif
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62b658bca472f4eb438c6384ed624f42a08b19472b29f34cedaad0e2a6372ace

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
1999950
cf-polished
origSize=43, status=webp_bigger
cf-ray
57a187678e0ed6d9-FRA
status
200
cf-bgj
imgq:85
content-length
35
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Thu, 14 Apr 2016 13:41:38 GMT
server
cloudflare
etag
"2b-530720dc4f2ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy01
expires
Tue, 20 Apr 2021 14:23:20 GMT
rect_comment_bubble_white.svg
www.theregister.co.uk/design_picker/029b461aa66d73b1e8cb351f99212507d4da660c/graphics/icon/
496 B
358 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/029b461aa66d73b1e8cb351f99212507d4da660c/graphics/icon/rect_comment_bubble_white.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c6500b5aab10820ef921c16a696a612a905098ebdbcc71b056502e86e591093

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
age
2105659
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03gb
cache-control
public, max-age=33696000
cf-ray
57a187676cd2dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
reddit.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
1 KB
648 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/reddit.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da0f3b621d72a405022d2d693d4e357133538d8dd7bda42e710fe6afb6f63a08

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
15145688
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03
cache-control
public, max-age=33696000
cf-ray
57a187676cd3dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
twitter.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
745 B
468 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/twitter.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e889bf6150aeb787b33b725434356ffbd348744af5089a5084a126015370029a

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
15157713
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03
cache-control
public, max-age=33696000
cf-ray
57a187676cd6dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
facebook.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
311 B
271 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/facebook.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce30d5aea49ad6115164a99e5638a387c606885ed02bbbdfab77d3ffbe17aff7

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
age
1488098
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03gb
cache-control
public, max-age=33696000
cf-ray
57a187676cd9dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
linkedin_alt.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
363 B
287 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/linkedin_alt.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cf635372dffcbc9a23d1cb895e5f038a4c573e863044b8525e17f011c6dea15

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
10397979
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy02
cache-control
public, max-age=33696000
cf-ray
57a187676cdadbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
weleakinfo_takedown.jpg
regmedia.co.uk/2020/01/17/
27 KB
27 KB
Image
General
Full URL
https://regmedia.co.uk/2020/01/17/weleakinfo_takedown.jpg?x=442&y=293&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94c547ff2a7522ae49bc84e838caa6f41524248d84a934c3c0ed9264d45cbf63

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
MISS
status
200
content-length
27482
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Fri, 17 Jan 2020 14:32:56 GMT
server
cloudflare
etag
"6b5a-59c56d150efde"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-reg-bofh
pfy02gb
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a187678e13d6d9-FRA
expires
Tue, 20 Apr 2021 14:23:20 GMT
weleakinfo_takedown.jpg
regmedia.co.uk/2020/01/17/
53 KB
53 KB
Image
General
Full URL
https://regmedia.co.uk/2020/01/17/weleakinfo_takedown.jpg?x=648&y=483&infer_y=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6b42c0d7dcf6b6bc21fca18a8e47363237ef0b55a575897226960937b32d7ab

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
MISS
status
200
content-length
54054
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Fri, 17 Jan 2020 14:33:20 GMT
server
cloudflare
etag
"d326-59c56d2be1e03"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-reg-bofh
pfy01gb
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a187678e16d6d9-FRA
expires
Tue, 20 Apr 2021 14:23:20 GMT
shutterstock_cloud_uk.jpg
regmedia.co.uk/2019/02/05/
11 KB
12 KB
Image
General
Full URL
https://regmedia.co.uk/2019/02/05/shutterstock_cloud_uk.jpg?x=200&y=200&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee2fd813fd9cfaff970009ec85bd66e78b38691433b25111dfd7e73f9b0bc4bb

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
137201
cf-polished
degrade=85, origSize=12444, status=webp_bigger
cf-ray
57a187678e19d6d9-FRA
status
200
cf-bgj
imgq:85
content-length
11663
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 24 Mar 2020 14:38:54 GMT
server
cloudflare
etag
"309c-5a19ab60b7ace"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy01gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
shutterstock_cancelled.jpg
regmedia.co.uk/2020/03/24/
8 KB
9 KB
Image
General
Full URL
https://regmedia.co.uk/2020/03/24/shutterstock_cancelled.jpg?x=200&y=200&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c992dd3825c780cdbb4e11ea975fe529efb2dba73309e7d76ab55e938e0f323

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
25864
cf-polished
qual=85, origFmt=jpeg, origSize=10542
cf-ray
57a187678e1cd6d9-FRA
status
200
content-disposition
inline; filename="shutterstock_cancelled.webp"
cf-bgj
imgq:85
content-length
8588
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 24 Mar 2020 16:31:11 GMT
server
cloudflare
etag
"292e-5a19c4797b07c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
shutterstock_diskwipe.jpg
regmedia.co.uk/2020/03/24/
4 KB
4 KB
Image
General
Full URL
https://regmedia.co.uk/2020/03/24/shutterstock_diskwipe.jpg?x=200&y=200&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d501e93d6f8d633677b0d71b23bd3bc4b7eb31ee5e7c49320218a6b5498cd27

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
54656
cf-polished
qual=85, origFmt=jpeg, origSize=5057
cf-ray
57a187678e1ed6d9-FRA
status
200
content-disposition
inline; filename="shutterstock_diskwipe.webp"
cf-bgj
imgq:85
content-length
4254
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Wed, 25 Mar 2020 23:12:13 GMT
server
cloudflare
etag
"13c1-5a1b5ffa51d2d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
british_library_shelves_st_pancras.jpg
regmedia.co.uk/2015/06/17/
16 KB
16 KB
Image
General
Full URL
https://regmedia.co.uk/2015/06/17/british_library_shelves_st_pancras.jpg?x=200&y=200&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79476979f0dd352eede0c7a570e4c48648367be7d5b97fb5e1363e19f2462885

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
7848
cf-polished
degrade=85, origSize=18826, status=webp_bigger
cf-ray
57a187679e6ed6d9-FRA
status
200
cf-bgj
imgq:85
content-length
16038
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Thu, 26 Mar 2020 12:12:12 GMT
server
cloudflare
etag
"498a-5a1c0e51358fb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
shutterstock_samurai.jpg
regmedia.co.uk/2020/03/26/
7 KB
7 KB
Image
General
Full URL
https://regmedia.co.uk/2020/03/26/shutterstock_samurai.jpg?x=200&y=200&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
508eaa55e9df71fb9daf249826540f803223f1931214ae738fae39ff11b60fe6

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
662
cf-polished
status=not_needed
cf-ray
57a187679e72d6d9-FRA
status
200
cf-bgj
imgq:85
content-length
7015
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Thu, 26 Mar 2020 14:12:12 GMT
server
cloudflare
etag
"1b67-5a1c2923d5182"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
vulture_16bits_half.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
7 KB
1 KB
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/vulture_16bits_half.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1bc9eeec7ba19c97ba1d50c10195c3f74302af5e712409e51e5b8d35b6f46eb8

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Tue, 01 Oct 2019 14:16:02 GMT
server
cloudflare
age
15145688
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy02
cache-control
public, max-age=33696000
cf-ray
57a187676cdfdbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
russian_soldier_shutterstock.jpg
regmedia.co.uk/2017/03/15/
4 KB
4 KB
Image
General
Full URL
https://regmedia.co.uk/2017/03/15/russian_soldier_shutterstock.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57f36532aa65a31fbd3a65491ec6d5c035b5cd54a946b180b7b72e6b3d82bf2c

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
10097172
cf-polished
qual=85, origFmt=jpeg, origSize=3717
cf-ray
57a187679e77d6d9-FRA
status
200
content-disposition
inline; filename="russian_soldier_shutterstock.webp"
cf-bgj
imgq:85
content-length
3666
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Wed, 15 Mar 2017 18:48:19 GMT
server
cloudflare
etag
"e85-54ac96355dbbc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02
expires
Tue, 20 Apr 2021 14:23:20 GMT
internet_anonymity.jpg
regmedia.co.uk/2016/03/29/
4 KB
5 KB
Image
General
Full URL
https://regmedia.co.uk/2016/03/29/internet_anonymity.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c5f5cec4d6bfa8946d9e3130163538e9e175f922a2181d7e6d3895f7edb5409

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
5592711
cf-polished
status=not_needed
cf-ray
57a187679e7ad6d9-FRA
status
200
cf-bgj
imgq:85
content-length
4347
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Mon, 15 Oct 2018 14:20:16 GMT
server
cloudflare
etag
"10fb-5784522dbdd1e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
ransomware_shutterstock.jpg
regmedia.co.uk/2018/08/06/
4 KB
4 KB
Image
General
Full URL
https://regmedia.co.uk/2018/08/06/ransomware_shutterstock.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca5b99a94945b7611b508996bc5fd683cac61777ab3e68ea5efd12a718a38463

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
13378623
cf-polished
qual=85, origFmt=jpeg, origSize=4567
cf-ray
57a187679e80d6d9-FRA
status
200
content-disposition
inline; filename="ransomware_shutterstock.webp"
cf-bgj
imgq:85
content-length
4414
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 08 Oct 2019 20:20:53 GMT
server
cloudflare
etag
"11d7-5946be7b6a362"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02
expires
Tue, 20 Apr 2021 14:23:20 GMT
shutterstock_wv_mountains.jpg
regmedia.co.uk/2019/10/02/
8 KB
8 KB
Image
General
Full URL
https://regmedia.co.uk/2019/10/02/shutterstock_wv_mountains.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ae3e59390288ee537444aa4d7ba31142e603237ed73697c29a1dca36dc8d556

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
6474409
cf-polished
status=not_needed
cf-ray
57a187679e84d6d9-FRA
status
200
cf-bgj
imgq:85
content-length
8036
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 08 Oct 2019 20:20:54 GMT
server
cloudflare
etag
"1f64-5946be7cd7fd0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
cook_shutterstock.jpg
regmedia.co.uk/2020/01/14/
5 KB
5 KB
Image
General
Full URL
https://regmedia.co.uk/2020/01/14/cook_shutterstock.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5343483e97f0966808f65d241b143323c149e4d5370b39c8c06454db918f2fcb

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
6150265
cf-polished
status=not_needed
cf-ray
57a187679e87d6d9-FRA
status
200
cf-bgj
imgq:85
content-length
5244
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 14 Jan 2020 22:52:26 GMT
server
cloudflare
etag
"147c-59c2172278c33"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
shutterstock_673956757.jpg
regmedia.co.uk/2018/05/22/
8 KB
8 KB
Image
General
Full URL
https://regmedia.co.uk/2018/05/22/shutterstock_673956757.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ab8e828a3861e0d765664f2151abe2c5a747cbdd21fef3433a3c48566dd7898

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
1047154
cf-polished
qual=85, origFmt=jpeg, origSize=11713
cf-ray
57a187679e8cd6d9-FRA
status
200
content-disposition
inline; filename="shutterstock_673956757.webp"
cf-bgj
imgq:85
content-length
7860
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 08 Oct 2019 22:05:44 GMT
server
cloudflare
etag
"2dc1-5946d5ea97a13"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy02gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
shuttrstock_fbi_agent.jpg
regmedia.co.uk/2019/08/05/
5 KB
5 KB
Image
General
Full URL
https://regmedia.co.uk/2019/08/05/shuttrstock_fbi_agent.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68f069b0e283a4b26bb5428efc09374b729d1aa2edefbd169ff4a0e1016e386e

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
20163596
cf-polished
qual=85, origFmt=jpeg, origSize=5124
cf-ray
57a187679e91d6d9-FRA
status
200
content-disposition
inline; filename="shuttrstock_fbi_agent.webp"
cf-bgj
imgq:85
content-length
4952
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 06 Aug 2019 00:17:54 GMT
server
cloudflare
etag
"1404-58f67c17bd10d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy04
expires
Tue, 20 Apr 2021 14:23:20 GMT
skeptical-man.jpg
regmedia.co.uk/2017/01/27/
5 KB
5 KB
Image
General
Full URL
https://regmedia.co.uk/2017/01/27/skeptical-man.jpg?x=198&y=131&crop=1
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f84ac75c1acd05be4f3ccb7affe3f4ab364b237d020219e5849a20a08cb5e43a

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
461350
cf-polished
qual=85, origFmt=jpeg, origSize=5745
cf-ray
57a187679e93d6d9-FRA
status
200
content-disposition
inline; filename="skeptical-man.webp"
cf-bgj
imgq:85
content-length
5028
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 17 Mar 2020 12:18:14 GMT
server
cloudflare
etag
"1671-5a10bee12abd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
expires
Tue, 20 Apr 2021 14:23:20 GMT
whitepaper_book.png
www.theregister.co.uk/design_picker/4ee431b84ac2d23c13376f753522acd7ecbb9b47/graphics/icon/
1 KB
1 KB
Image
General
Full URL
https://www.theregister.co.uk/design_picker/4ee431b84ac2d23c13376f753522acd7ecbb9b47/graphics/icon/whitepaper_book.png
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f33bf25e603b71f1bad657b2b4411f98dfb16dd6e426c3891c2dcf5d798ab31c

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
10742719
cf-ray
57a187676ce2dbd3-LHR
status
200
content-length
1119
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Fri, 17 Feb 2017 15:08:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy01
expires
Tue, 20 Apr 2021 14:23:20 GMT
footer_mob_nav_arrow_black.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
331 B
261 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ecf4699152194c23f91bb5d0ab9be888c79f202ddb91b71c72fbe069ad10892

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
15157713
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy02
cache-control
public, max-age=33696000
cf-ray
57a187676ce4dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
sitpub_footer.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
8 KB
3 KB
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/sitpub_footer.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f72263862a57ea2620bb3f68688f9a283ae02af459f55ecc4e266b93e1a45d27

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
10985086
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy02
cache-control
public, max-age=33696000
cf-ray
57a187676ce6dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
footer_mob_nav_arrow_white.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
328 B
266 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_white.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96a19aca5f40d0503e2d7ff108531054c2b5bc5f28ae40d5e1859601065c7b1d

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
age
802250
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy03gb
cache-control
public, max-age=33696000
cf-ray
57a187676ce9dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
linkedin_white.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
371 B
292 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/linkedin_white.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1a0f94ae5b6f452bde76f436981f11c6a667c4ab2452713a44c56a6114ffaae

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
age
2191834
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy02gb
cache-control
public, max-age=33696000
cf-ray
57a187676ceadbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
rss.svg
www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/
400 B
311 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/rss.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e6c82e4f1117b4e2adb58f15170c07257e6203719ed24e4ef6525ed9b346151

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
23108946
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy01
cache-control
public, max-age=33696000
cf-ray
57a187676cebdbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
/
nir.theregister.co.uk/
98 B
684 B
Script
General
Full URL
https://nir.theregister.co.uk/?g=vk&g=c&g=sa&g=vvfc&s=c/sec.front&s=vk/fbi&s=vk/national%20crime%20agency&s=vvfc/d1d64e277cec640be98285e62fa9252d&s=vvfc/d1d64e277cec640be98285e62fa9252d&s=vvfc/d1d64e277cec640be98285e62fa9252d
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5e984fb4941889b3248d20d4d9b34d56ae0555b08158c529bc7dcf3642391b2

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
57a187679d64dbd3-LHR
content-type
application/x-javascript
status
200
cache-control
no-cache
x-reg-bofh
pfy01gb
expires
Thu, 01 Jan 1970 00:00:00 GMT
integrator.js
adservice.google.co.uk/adsid/
109 B
839 B
Script
General
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.theregister.co.uk
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.theregister.co.uk
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020030501.js
securepubads.g.doubleclick.net/gpt/
165 KB
60 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
sffe /
Resource Hash
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Mar 2020 14:08:10 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
61481
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:20 GMT
arimo-400.latin.woff2
www.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/
26 KB
26 KB
Font
General
Full URL
https://www.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9

Request headers

Referer
https://www.theregister.co.uk/css_picker/webkit/59d8520414350f976af1393738a6ede150b34b00/scaffolding.css
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
1500695
status
200
content-length
26144
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 04 Feb 2020 15:35:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
https://www.theregister.co.uk
x-reg-bofh
pfy03gb
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a187679d69dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
arimo-700.latin.woff2
www.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/
25 KB
25 KB
Font
General
Full URL
https://www.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a

Request headers

Referer
https://www.theregister.co.uk/css_picker/webkit/59d8520414350f976af1393738a6ede150b34b00/scaffolding.css
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
4401218
status
200
content-length
25628
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Tue, 04 Feb 2020 15:35:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
https://www.theregister.co.uk
x-reg-bofh
pfy01gb
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a187679d6cdbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
envelope.svg
www.theregister.co.uk/design_picker/abc3c5e243ee56667184d6134cd9d346f5cd5b59/graphics/icons/
454 B
413 B
Image
General
Full URL
https://www.theregister.co.uk/design_picker/abc3c5e243ee56667184d6134cd9d346f5cd5b59/graphics/icons/envelope.svg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94edbc0ddc240376874a7449e6ba2c0e0429c26777b20d9a6a8a93b43846b824

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
HIT
last-modified
Thu, 09 Aug 2018 12:44:14 GMT
server
cloudflare
age
10397979
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
x-reg-bofh
pfy01
cache-control
public, max-age=33696000
cf-ray
57a18767ad81dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:20 GMT
outbrain.js
widgets.outbrain.com/
127 KB
43 KB
Script
General
Full URL
https://widgets.outbrain.com/outbrain.js?_=1585232600208
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.159 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-159.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4db16433a1f26ff7f90e3525190e9debe2ac5545309ab47e5a06133e06f9f128

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 14:23:20 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 08:30:47 GMT
ETag
W/"1fbb3-KoHnezOYyT0SUusJEB8aDSXQE/s"
Vary
Accept-Encoding
Edge-Cache-Tag
widget-cheetah
Content-Type
application/x-javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=14400
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,POST
Connection
keep-alive, Transfer-Encoding
Access-Control-Allow-Credentials
false
Timing-Allow-Origin
*
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6285
date
Thu, 26 Mar 2020 12:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Thu, 26 Mar 2020 14:38:35 GMT
admtracker.lib.min.js
pj.l.admedo.com/
6 KB
3 KB
Script
General
Full URL
https://pj.l.admedo.com/admtracker.lib.min.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.194.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8db699e718814dce4d71b8c7d981df5aed9df3d3b49eb5d8970c3f75c2547ad

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:12:18 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 16:09:45 GMT
server
AmazonS3
age
663
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public,max-age=900
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
AUkogSeI9Wb7nx-F4ZJbiLB9SfMkd35Vnnogq6s9cB7BBXOt9gfE6A==
via
1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront)
widgets.js
platform.twitter.com/
96 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D4B) /
Resource Hash
198c88313d65f4d2b30b218566c00f96002f78ae125643d5a73a669b46cab112

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 14:23:20 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Mar 2020 21:21:21 GMT
Server
ECS (lcy/1D4B)
Age
581
Etag
"3ce571864e8afdda3bc0a81ffbebe447+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Cache-Control
public, max-age=1800
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
29105
ads.js
www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/
27 B
143 B
XHR
General
Full URL
https://www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ads.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Sec-Fetch-Dest
empty
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
cf-cache-status
HIT
age
14714600
cf-ray
57a187688ff0dbd3-LHR
status
200
content-length
27
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Thu, 05 Apr 2018 12:48:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy04
expires
Tue, 20 Apr 2021 14:23:20 GMT
ads
securepubads.g.doubleclick.net/gampad/
56 KB
10 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1868477821477879&correlator=2208555282235579&output=ldjh&impl=fifs&adsid=NT&eid=21062452%2C21064372%2C21065516&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200326&iu_parts=6978%2Creg_security%2Cfront&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1x1%2C970x91%7C970x90%7C970x250%7C970x251%7C728x90%7C728x91%7C468x60%7C468x61%2C970x250%7C970x90%7C728x90%7C468x60%2C300x1050%7C300x600%7C300x250%7C300x252%2C300x601%7C300x250%7C300x251%7C300x100%7C300x50%2C300x250%7C300x1%7C300x50&ists=32&prev_scp=pos%3Dtop%26raptor%3Dkite%26unitnum%3D1%7Cpos%3Dtop%26raptor%3Dcondor%26unitnum%3D2%7Cpos%3Dbtm%26raptor%3Dhawk%26unitnum%3D3%7Cpos%3Dtop%26raptor%3Deagle%26unitnum%3D4%7Cpos%3Dmid%26raptor%3Dfalcon%26unitnum%3D5%7Cpos%3Dbtm%26raptor%3Dowl%26unitnum%3D6&cust_params=test%3D0%26protocol%3Dhttps%253A%26li%3Dnull%26uid%3Dnull%26sc%3D1%26bwidth%3D15%26bheight%3D12%26orientation%3Dlandscape%26mm_segments%3D%26pid%3D206570%26pt%3Da%26axc%3Dnull%26kw%3Dfbi%252Cnational%2520crime%2520agency%26cat%3Dnews%26tag%3Dnull%26author%3DGareth%252520Corfield%26year%3D2020%26nsfw%3Dnull%26vid%3Dnull%26ct%3Ds-async&cookie_enabled=1&bc=31&abxe=1&lmt=1585232600&dt=1585232600403&dlt=1585232600114&idt=252&frm=20&biw=1585&bih=1200&oid=3&adxs=-12245933%2C308%2C293%2C978%2C978%2C331&adys=-12245933%2C129%2C3005%2C234%2C2073%2C4275&adks=1331772189%2C284626583%2C1390360203%2C2610646818%2C8582313%2C3059020159&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Fwww.theregister.co.uk%2F2020%2F01%2F17%2Fweleakinfo_takedown_nca_fbi_operation%2F&dssz=27&icsg=15008&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1000x4870%7C1000x4870%7C1000x279%7C315x2703%7C315x2703%7C924x1256&msz=1x1%7C1000x105%7C1000x278%7C300x1050%7C300x601%7C924x250&ga_vid=1798176742.1585232600&ga_sid=1585232600&ga_hid=1639428114&fws=132%2C4%2C4%2C4%2C4%2C4&ohw=1000%2C1000%2C1000%2C1000%2C1000%2C1000
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
f2fd8ef146cca0f0cd6d99c2b1880e9c27bce8005b2995f710c5032f6672de96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
10121
x-xss-protection
0
google-lineitem-id
61995219,5329618998,5321539816,5335643672,5321539816,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
35665517499,138307041493,138305595797,138307569172,138305596220,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.theregister.co.uk
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020030501.js
securepubads.g.doubleclick.net/gpt/
69 KB
25 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
sffe /
Resource Hash
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Mar 2020 14:08:10 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
25689
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:20 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

collect
www.google-analytics.com/
35 B
99 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&aip=1&a=1639428114&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theregister.co.uk%2F2020%2F01%2F17%2Fweleakinfo_takedown_nca_fbi_operation%2F&ul=en-us&de=UTF-8&dt=Stolen%20creds%20site%20WeLeakInfo%20busted%20by%20multinational%20cop%20op%20for%20data%20reselling%20%E2%80%A2%20The%20Register&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YChAiAABB~&jid=1559983136&gjid=2000893452&cid=1798176742.1585232600&tid=UA-33330076-1&_gid=595436902.1585232600&cd2=Gareth%20Corfield&cd3=&cd4=www%20story&cd5=news&cd8=none&cd9=&cd10=&z=838908914
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Tue, 25 Feb 2020 02:05:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2636249
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&gjid=2000893452&_gid=595436902.1585232600&_u=YChAiAABB~&z=1836569229
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&_v=j81&z=1836569229
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&_v=j81&z=1836569229&slf_rd=1&random=2711213677
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&_v=j81&z=1836569229&slf_rd=1&random=2711213677
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:20 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33330076-1&cid=1798176742.1585232600&jid=1559983136&_v=j81&z=1836569229&slf_rd=1&random=2711213677
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget_iframe.d0f13be8321eb432fba28cfc1c3351b1.html
platform.twitter.com/widgets/ Frame 7D47
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.d0f13be8321eb432fba28cfc1c3351b1.html?origin=https%3A%2F%2Fwww.theregister.co.uk
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D3F) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
577505
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 26 Mar 2020 14:23:20 GMT
Etag
"9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified
Thu, 19 Mar 2020 21:12:59 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (lcy/1D3F)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5825
moment~timeline~tweet.99ce5e0e4617985354c5c426d7e1b9f4.js
platform.twitter.com/js/
24 KB
8 KB
Script
General
Full URL
https://platform.twitter.com/js/moment~timeline~tweet.99ce5e0e4617985354c5c426d7e1b9f4.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D52) /
Resource Hash
f13585ddb86f9ec0432f36eae40bcaabe3aad166eff8424b27082c2b8174a3a2

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 14:23:20 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Mar 2020 21:12:51 GMT
Server
ECS (lcy/1D52)
Age
577506
Etag
"e137faa829d69782b030b8ae591989d1+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
7864
tweet.9aa9eda3c163ec539c16aef0d822d807.js
platform.twitter.com/js/
16 KB
6 KB
Script
General
Full URL
https://platform.twitter.com/js/tweet.9aa9eda3c163ec539c16aef0d822d807.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D6A) /
Resource Hash
f42a719c42729853609255c0f4e029aa6ae44a9a9925743394343a8a0265a110

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 14:23:20 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Mar 2020 21:12:51 GMT
Server
ECS (lcy/1D6A)
Age
577505
Etag
"f87f962919a6220b09193a0007706785+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Content-Type
application/javascript; charset=utf-8
Content-Length
5434
syndication
syndication.twitter.com/i/jot/
43 B
338 B
Image
General
Full URL
https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1585232600559%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%7D%7D
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
65
x-xss-protection
0
x-response-time
116
pragma
no-cache
last-modified
Thu, 26 Mar 2020 14:23:20 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
cc4396641d4eced029b1a6df08fbdbdb
x-transaction
00053e7e004f6557
expires
Tue, 31 Mar 1981 05:00:00 GMT
tweets.json
cdn.syndication.twimg.com/
6 KB
2 KB
Script
General
Full URL
https://cdn.syndication.twimg.com/tweets.json?callback=__twttr.callbacks.cb0&ids=1217559098880712704&lang=en&suppress_response_codes=true&theme=light&tz=GMT%2B0100
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ab9ea72073a4869c5cd8d0e8a6b014e9cea3f85b94e6c06bd3a8717f15454689
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-disposition
attachment; filename=jsonp.jsonp
strict-transport-security
max-age=631138519
content-length
1546
x-xss-protection
0
x-response-time
130
last-modified
Thu, 26 Mar 2020 14:23:20 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://ton.smf1.twitter.com, https://ton.smf1.twitter.com
cache-control
must-revalidate, max-age=60
x-connection-hash
fcdba2dbf893e2dd2ccc4d51af85275d
timing-allow-origin
*
x-transaction
00c1edf400aa2835
expires
Thu, 26 Mar 2020 14:24:20 GMT
tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
platform.twitter.com/css/
52 KB
12 KB
Stylesheet
General
Full URL
https://platform.twitter.com/css/tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D67) /
Resource Hash
ca4627707c434a5db3dca160e8883c09864ddb7ab4b28af47dd302d47062fef6

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Thu, 26 Mar 2020 14:23:20 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Mar 2020 21:12:48 GMT
Server
ECS (lcy/1D67)
Age
577506
Etag
"1668dde994ebdac8e42a2bdbba968e61+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Content-Type
text/css; charset=utf-8
Content-Length
11585
tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
platform.twitter.com/css/
9 KB
9 KB
Image
General
Full URL
https://platform.twitter.com/css/tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D67) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 14:23:20 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Mar 2020 21:12:48 GMT
Server
ECS (lcy/1D67)
Age
577506
Etag
"1668dde994ebdac8e42a2bdbba968e61+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Content-Type
text/css; charset=utf-8
Content-Length
11585
DgNO1jYN_normal.jpg
pbs.twimg.com/profile_images/947799777294585856/
2 KB
3 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/947799777294585856/DgNO1jYN_normal.jpg
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40FB) /
Resource Hash
536f8526c0016c55cb1d21053809101b437b8d1a513076905636f74a9522855e
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:20 GMT
x-content-type-options
nosniff
age
124899
x-cache
HIT
status
200
content-length
2263
x-response-time
127
surrogate-key
profile_images profile_images/bucket/4 profile_images/947799777294585856
last-modified
Mon, 01 Jan 2018 11:58:50 GMT
server
ECS (fcn/40FB)
strict-transport-security
max-age=631138519
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
3b428942dd52ff8f4431561a3d0c8769
accept-ranges
bytes
truncated
/
825 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
572 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
512 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
49c2a3cf0f363bf387c06a35a4a4e6c7255799b3776bed55914862136d783028

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
600 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
323 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
Cookie set put.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame E1CD
0
0
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.159 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-159.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash

Request headers

Host
widgets.outbrain.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/

Response headers

Accept-Ranges
bytes
Content-Type
text/html
ETag
"c0311cf15c21ddda054005e92fad3f9e:1585128557.048626"
Last-Modified
Wed, 25 Mar 2020 08:30:07 GMT
Server
AkamaiNetStorage
Content-Length
416
Cache-Control
max-age=604800
Date
Thu, 26 Mar 2020 14:23:20 GMT
Connection
keep-alive
Timing-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Methods
GET,POST
Access-Control-Allow-Origin
*
Set-Cookie
akacd_widgets_routing=1585232600~rv=30~id=4d02cc24656a7529e39427455d2ab3c5; path=/; Expires=Thu, 26 Mar 2020 14:23:20 GMT; Secure; SameSite=None
d3d3LnRoZXJlZ2lzdGVyLmNvLnVr
tcheck.outbrainimg.com/tcheck/check/
15 B
475 B
XHR
General
Full URL
https://tcheck.outbrainimg.com/tcheck/check/d3d3LnRoZXJlZ2lzdGVyLmNvLnVr
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.247.226.107 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-226-107.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains;

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=0; includeSubDomains;
ETag
W/"f-ayLlCL3PuzXSThdu78iReSEjl6Y"
Access-Control-Max-Age
43200
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=12792
Date
Thu, 26 Mar 2020 14:23:20 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
false
Content-Length
15
Expires
Thu, 26 Mar 2020 17:56:32 GMT
osd.js
www.googletagservices.com/activeview/js/current/
74 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2e60d0a77f1d63a9fd3b21fbb9d21345a61dc43d6c9b749e45753c5d993a6e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585165059237800"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28015
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame DCB5
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7025
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:16 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame DCB5
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7025
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:16 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame DCB5
92 KB
29 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
6999
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:42 GMT
truncated
/ Frame DCB5
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d19f0ca0e0dae78b309d453260b3eb470b5ab681b3d1328c7364a14981281d79

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012003101714470/
20 KB
7 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c2b0d171a4179bf00898c430c1c15464e528aff5762fc70a5d02184834c82eff
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
6808
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
7178
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:29:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9d3d923337ef7e9b"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:29:53 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 0FED
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7025
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:16 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 0FED
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7025
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:16 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 0FED
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
6999
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:42 GMT
truncated
/ Frame 0FED
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0bb1c1c0610f898f5aee562c2b2b79ef9c7b3cbb3b1994eadd1c45234bf8d9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 3C04
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss-GzxQgidPWfz0JDuiBh1Mha4WxVSUeAYmPvcedkiGsQUFkWwDf3TBJHfeKGnuM-0v-fK7d-SQRnX3C4HzqWBH_rVW8bMsYkPUcTm64GW8LTi8M9VXnnjr0bq4jiS-A_RCIVdAoXdf6uYm5yE2_IODFCuETnOsIWkNUnqOYza3Lo967UyKBSyxZkiWmsHll-YCAnH6NRqKkPhpuJyhOk7u-zZmNiaqelq9a87Y_hzJ266SamS3370M4ua8ns0ozZ11vLYpxH5bcwtpMLORbfTGH4-j98cnSyFASho&sai=AMfl-YQ7nP46kGl9Q5VHKx8iU1vxG168ssP8Uib6yCXZEkI2kjXxIT-syK1VS83FoqPA5lXLIvu5GHTfAZLngG8W-rGJPK0-rP9B-dlBBF6ejQ&sig=Cg0ArKJSzGHKcNQxEI4tEAE&urlfix=1&adurl=
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Thu, 26 Mar 2020 14:23:21 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
/
forms.theregister.co.uk/studies/internal/state_or_it_dept/ Frame C67C
3 KB
1 KB
Document
General
Full URL
https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeb1cb5a1fc9ff73fef24f06eac380b67bbe63862eeb40d92485bb2ab7aee94e

Request headers

:method
GET
:authority
forms.theregister.co.uk
:scheme
https
:path
/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d7cf43d278575f7a5e5feb6bdfea7eedf1585232600; bucket=510; sc=1; _ga=GA1.3.1798176742.1585232600; _gid=GA1.3.595436902.1585232600; _gat=1; __gads=ID=a5acc347032cad79:T=1585232600:S=ALNI_MarbWC-VRmwYcVjde9VaJnpfGrVHw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/

Response headers

status
200
date
Thu, 26 Mar 2020 14:23:21 GMT
content-type
text/html
vary
Host,Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57a1876c8b10dbd3-LHR
content-encoding
br
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 3C04
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
458860ce8b256b66b223ed10f813b32a012b91698bd98867374cfb24da8ce172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585165059237800"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28264
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame FFB8
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7025
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:16 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame FFB8
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7025
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:16 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame FFB8
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
6999
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Thu, 26 Mar 2020 12:26:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 12:26:42 GMT
truncated
/ Frame FFB8
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6bd512e5c17c3779d20e7e7efdac86cc9746ba4d445c0cbce79da215445efe55

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
/
nir.theregister.co.uk/
0
135 B
Script
General
Full URL
https://nir.theregister.co.uk/?s=sa/oid.102962979
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:21 GMT
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
57a1876c8afedbd3-LHR
content-type
application/x-javascript
status
200
cache-control
no-cache
x-reg-bofh
pfy02gb
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
nir.theregister.co.uk/
0
153 B
Script
General
Full URL
https://nir.theregister.co.uk/?s=sa/oid.2424853138
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:21 GMT
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
57a1876c8b01dbd3-LHR
content-type
application/x-javascript
status
200
cache-control
no-cache
x-reg-bofh
pfy03gb
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
nir.theregister.co.uk/
0
127 B
Script
General
Full URL
https://nir.theregister.co.uk/?s=sa/oid.2608680229
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:21 GMT
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
57a1876c8b11dbd3-LHR
content-type
application/x-javascript
status
200
cache-control
no-cache
x-reg-bofh
pfy01gb
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
1276104633831866114
tpc.googlesyndication.com/simgad/ Frame DCB5
80 KB
80 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/1276104633831866114
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
120ce55883f26d68e2108231d7f0c6e772e186d2b9e6a4cf72cc6c75bc973e54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 19 Mar 2020 16:01:17 GMT
x-content-type-options
nosniff
age
598924
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
81508
x-xss-protection
0
last-modified
Thu, 19 Mar 2020 15:20:58 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Mar 2021 16:01:17 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame DCB5
0
290 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu-uMjKPRR8W4uCvvisblKVibxNVyVFQHHUqJHkfQxPgm00X5P87-jp8DiVCGStXPltuebBe6at2tV-_IeOp-fJg_-y_V8j3dqe2HV0uyyrcKwSkKlYyT9sNqWKKjfmnUo-m-2mHMU2RoUJmkjPOaqoXx7eeZoVndQCQWjM3FpP0BN4LsefSoaqZ6l6gBSH_aBPXCXxoC9_PmiEFmUFAuxqA4dvKVsvm-vPlMTth-ov6W7R1KnxlCa-AggPr6lrsIwHogj3cyyrBt-6MQ1v&sai=AMfl-YRDvyeMts7G-Tqc58S8NymlT2b4cFF6BAuE--Gk_pHTMUyrvXsJ2Q49WbgHSNuPnAKtaj-5chkb6mDeyLMXO4gyiWK1trdWFxxOZQZ0hw&sig=Cg0ArKJSzI5xFbDN1o9PEAE&adurl=
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
1064404211158951621
tpc.googlesyndication.com/simgad/ Frame 0FED
60 KB
61 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/1064404211158951621
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c8f75937a64cb180571def8a348d77c573b9ec9cc72fe4502860db0d54381ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 06 Mar 2020 18:48:28 GMT
x-content-type-options
nosniff
age
1712093
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
61806
x-xss-protection
0
last-modified
Fri, 06 Mar 2020 16:52:39 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 18:48:28 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 0FED
0
291 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvT-frhpJrpbJde8rVHWQLJ52_b9ThaLSGBQ6SH2fDTjmA_FfbQf0x6Zw2IevJ0jBoKLayi8E3RoYAHbuIXDL1hIvzkQnihFy1JCdQU7UBouhJy8MeWctmNDbTsMRolHSq2VM1kix3QU9Lr3YdMoOlKMhBYhUOtryoSm-WX0oVJfV834V32zo4RSFErgxYXhvDMvUH_wFADc9gLd8lepn1z6YOKH-r9nBUUNsaYr032RQPmZ3Pe2LX8CdbhqyULo4dBQ3TBhRadjhA7RtSl&sai=AMfl-YRVVB3eBtjJAPy0k3SYHErXrnF_B3YcEyl4A5fCyZYYrLDJlzn4BpME7Z87IyUGpSark2cH8ulETZM6qD64xSFg6P9VKjGERJCLQjfFDQ&sig=Cg0ArKJSzH8HNurGkAVuEAE&adurl=
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
10196342649340698821
tpc.googlesyndication.com/simgad/ Frame FFB8
81 KB
81 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/10196342649340698821
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
615d3776c617108f0603964f782f5f0ef6ee0037a2be5a575066c337302b7e8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 06 Mar 2020 17:49:52 GMT
x-content-type-options
nosniff
age
1715609
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
82993
x-xss-protection
0
last-modified
Fri, 06 Mar 2020 16:52:39 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 17:49:52 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame FFB8
0
290 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstexQ5cwA2eos70Rqm_7wEwAIQ7oeUpgx5ZMc5MjawKjMiCHI7pj_KytBgvWEA0kfy0nxyJ3wZjqYRpH54Mui1WVaiMBPn3LlVGrxPibQNKl32sYnfnKOe87w0T5WanOKRerHjhSZjlUlnCzABlc7ngvrtYUwwXd-5BsZ0ZiDjlNQ4OaYjzAiHSDG-g_pOE7l788Lr-GN5DKdlv41iGip1W5jweQP1c_YZ6yXQ82LsttKFIdediVvSL7x6jxA8ukxf5Qu6O1UPITa7MYaBx&sai=AMfl-YSNlxYbVdD6knkrNQ_icHWEt0LlXToo7DvSQ_OSKnaIRyLAxcvQVBgK7_yPtZJvQgTYBHUhO20BRAB9y7VJCMynAdGZ-O-rOMzgiE-22Q&sig=Cg0ArKJSzHSk8rUIXp_xEAE&adurl=
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
sodar
pagead2.googlesyndication.com/getconfig/
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020030501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06ffb90d0e1c0a7e16012257416e405c65bd084a92fc899cead07cc6bf7be5e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5246
x-xss-protection
0
placement_invocation
ob.cheqzone.com/
38 KB
15 KB
Script
General
Full URL
https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c710::2 , Germany, ASN60068 (CDN77, GB),
Reverse DNS
Software
BunnyCDN-DE1-487 /
Resource Hash
f677040712955dc4fc8e9f792849a092501ffec68788837915d8ff8ff7b0d1e2

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
br
server
BunnyCDN-DE1-487
vary
Accept-Encoding
cdn-edgestorageid
487
content-type
text/javascript; charset=utf-8
status
200
cdn-uid
2642aeaf-0ebf-4c43-9f87-c153981605b2
cache-control
public, max-age=43200
cdn-pullzone
62714
cdn-cachedat
2020-02-26 15:49:38
cdn-requestid
ef2b6289f4e0b0eb0a1cafdbefefaae2
cdn-requestcountrycode
DE
cdn-cache
HIT
truncated
/ Frame 3C04
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d0adc1d977a875a5f162248ed4fa8b92074895dfba505ae9ee039fb7e195ee45

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
sodar2.js
tpc.googlesyndication.com/sodar/
14 KB
5 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Thu, 26 Mar 2020 14:23:21 GMT
jot.html
platform.twitter.com/ Frame 4556
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0
Document
General
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lcy/1D4B) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
Origin
https://www.theregister.co.uk
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
577507
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 26 Mar 2020 14:23:21 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Thu, 19 Mar 2020 21:21:20 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (lcy/1D4B)
X-Cache
HIT
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Thu, 26 Mar 2020 14:23:21 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Thu, 26 Mar 2020 14:23:21 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_f
strict-transport-security
max-age=631138519
x-connection-hash
cc4396641d4eced029b1a6df08fbdbdb
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
117
x-transaction
00fe26cb004df6fc
x-tsa-request-body-time
1
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 1331
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Thu, 26 Mar 2020 13:49:00 GMT
expires
Fri, 26 Mar 2021 13:49:00 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2061
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
show_pla
obs.cheqzone.com/
1 KB
1 KB
Script
General
Full URL
https://obs.cheqzone.com/show_pla?id=65349&url=https%3A%2F%2Fwww.theregister.co.uk%2F2020%2F01%2F17%2Fweleakinfo_takedown_nca_fbi_operation%2F&sf=0&k=&idx=0&ch=&ext=&np=linux%20x86_64&nv=google%20inc.&rand=240500050239160127790212389157051302207725921621&nc=0&tsf=0&tsfmi=&pv=0&cb=1585232601298&ref=&pit=1&hl=2&op=0&fs=1600x1200&ss=1600x1200&pre=0&jsonp=OBR.extern.onCheqResponse&mr=&ag=438074594&at=&bid=e30%3D&di=W1sxMiwie1wiZVwiOjAsXCJ3Z2xcIjoxfSJdLFstMSwiLSJdLFstMiwiNyxtMmhUczJoaGliM2d5%0D%0AaFkwcEk2TDBFQ0NVQkFvRWtKTWdmQ1QwSkJEQzloaFpxS0tFSFRNY0JiTnh0dVRmMWV0dnVUdjJm%0D%0AdVpMQUVGTC82MGRhYnBHTTUreVpjODQ3N3d5Qy8rIl0sWy0zLCJbXSJdLFstNCwiLSJdLFstNSwi%0D%0ALSJdLFstNiwie1wid1wiOltcIlJlZ1pvb3RcIixcIlJlZ0NDXCIsXCJSZWdQYWdlVHlwZVwiLFwi%0D%0AUmVnVHJ1ZVBhZ2VUeXBlXCIsXCJSZWdBcnRpY2xlXCIsXCJzcHJpbnRmXCIsXCJSZWdVdGlsc1wi%0D%0ALFwiUmVnQ0JXXCIsXCJfUmVnQ0JXVGVzdFwiLFwiUmVnQ0JXQVwiLFwiUmVnQ0JXVFwiLFwiaXNf%0D%0Acm93c19iYXNlZF9wYWdlXCIsXCJhZHNfc3RhdGVzX3RyYWNraW5nXCIsXCJSZWdBU1RcIixcInRy%0D%0AYWNrX2FidFwiLFwiZ3B0X2pzX2Vycm9yZWRcIixcImJpcmRfYWx0ZXJuYXRpdmVcIixcImluaXRf%0D%0AZ3B0XCIsXCJhZF9mcmVlXCIsXCJzaG93X2FydGljbGVfc2lnbnVwX21sXCIsXCJSZWdUTFJvdGF0%0D%0AZVwiLFwibG9hZF9tZWRpYV9wbGF5ZXJcIixcInBpdm90X3NodWZmbGVcIixcInBpdm90X2Fyb3Vu%0D%0AZFwiLFwiZGlzcGxheV9zb2NpYWxfcG9wdXBcIixcInJlZ3RsZFwiLFwiZ2V0RWxlbWVudENzc1wi%0D%0ALFwic2V0RWxlbWVudENzc1wiLFwiZ2V0RWxlbWVudEhlaWdodFwiLFwibW92ZUVsZW1lbnRcIixc%0D%0AImFjY291bnRfZm9ybV9jaGVja1wiLFwiZ2V0X2Vwb2NoXCIsXCJyb2xsaW5nX3RpbWVcIixcInRp%0D%0AbWVfY2FsY1wiLFwiZ2V0X3VybF9wYXJhbVwiLFwicmVnX25sX2Zvcm1cIixcInNjYWxlX2FydGlj%0D%0AbGVfaW5uZXJfZWxlbXNcIixcInRvZ2dsZV9hY2NvdW50X3RhYl9zdGF0ZVwiLFwicmVzaXplX2lt%0D%0AZ191cmxcIixcInNlbmRfdG9fYW5hbHl0aWNzXCIsXCJOT19ERVZfQ09PS0lFXCIsXCJpc1Njcm9s%0D%0AbGVkSW50b1ZpZXdcIixcImNoZWNrX3Joc19zdGlja3lfYWRzX2dlbmVyYWxfY29uZGl0aW9uc1wi%0D%0ALFwicmhzX3N0aWNreV9hZF9tdTFfc3BvdFwiLFwiaXNJRVwiLFwic3Bhd25fYW5kX2xvYWRfaW1n%0D%0AX2Zyb21fZGl2XCIsXCJzdGlja3lfYWRfUlRfMkZcIixcInJoc19zdGlja3lfYWRfYnRuX3Nwb3Rc%0D%0AIixcImF1Z21lbnRfcHJvbW9fdW5pdFwiLFwic29jaWFsX2J1dHRvbl9zaGFyZVwiXSxcIm5cIjpb%0D%0AXSxcImRcIjpbXX0iXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTksIi0iXSxbLTEwLCItIl0sWy0xMSwi%0D%0Ae1widFwiOlwiXCIsXCJtXCI6W1wib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCIsXCJuZXdz%0D%0AX2tleXdvcmRzXCJdfSJdLFstMTIsIm51bGwiXSxbLTEzLCItIl0sWy0xNCwie1wib1wiOjAuMDA3%0D%0ANDA3NDA3NDA3NDA3NDA4fSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiMTYiXSxbLTE4LCJb%0D%0AMCwwLDAsMV0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxNjAwLDEyMDAsMTYw%0D%0AMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDBdIl0sWy0yMCwiMTc5ODE3Njc0Mi4xNTg1MjMyNjAw%0D%0AIl0sWy0yMSwiZk9DUk5JbXYiXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywiKyJdLFstMjQs%0D%0AIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjoxNDU1MDU1NSxcInVqaHNcIjoxMTIyODM3%0D%0AMSxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstMjcsIlswLDEwLDAsXCI0Z1wiXSJdLFstMjgsImVu%0D%0ALVVTIl0sWy0yOSwie1widlwiOlsyLDIsMiwyLDAsMCwwLDIsMCwyLDAsMiwwLDAsMiwyLDIsMl19%0D%0AIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zMSwidHJ1ZSJdLFstMzIsIjEiXSxbLTMzLCItIl0sWy0z%0D%0ANCwiLSJdXQ%3D%3D&tsfu=&fst=1600x1200&dep=0&cpos=%5B%7B%22x%22%3A330%2C%22y%22%3A4210%2C%22w%22%3A924%2C%22h%22%3A0%7D%2C%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%5D&ver=24&cri=hJNg31aRQh&sdd=%7B%7D&pto=1335
Requested by
Host: ob.cheqzone.com
URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.23.24.158 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-24-158.compute-1.amazonaws.com
Software
/
Resource Hash
eaf024f9c3b297b80e014cbff15beaac0bc5941c58bdaee90fb35118cd7b0f3b

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
gzip
content-type
text/javascript
status
200
cache-control
no-cache, no-store, must-revalidate
content-length
875
expires
Fri, 01 Jan 1990 00:00:00 GMT
scaffolding.css
forms.theregister.co.uk/css_picker/webkit/7e2d9ae78d1dff0458083abe03eb3071fccf1e1a/ Frame C67C
19 KB
4 KB
Stylesheet
General
Full URL
https://forms.theregister.co.uk/css_picker/webkit/7e2d9ae78d1dff0458083abe03eb3071fccf1e1a/scaffolding.css
Requested by
Host: forms.theregister.co.uk
URL: https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11b10fdb2a5de2bc29f16503b2ee10492c9441b12e7d1d0248ff764f62a0206d

Request headers

Referer
https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 21 Mar 2020 00:31:04 GMT
server
cloudflare
age
12515
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Host,Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=33696000
cf-ray
57a1876e2eeddbd3-LHR
expires
Tue, 20 Apr 2021 14:23:21 GMT
design.css
forms.theregister.co.uk/css_picker/webkit/7e2d9ae78d1dff0458083abe03eb3071fccf1e1a/ Frame C67C
52 KB
11 KB
Stylesheet
General
Full URL
https://forms.theregister.co.uk/css_picker/webkit/7e2d9ae78d1dff0458083abe03eb3071fccf1e1a/design.css
Requested by
Host: forms.theregister.co.uk
URL: https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01b11642a8412e8a9818456c26a2f355a437a2b3d87e8fca40d716cd1fec0785

Request headers

Referer
https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 05 Mar 2020 14:40:15 GMT
server
cloudflare
age
12515
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Host,Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=33696000
cf-ray
57a1876e2eefdbd3-LHR
expires
Tue, 20 Apr 2021 14:23:21 GMT
_.js
forms.theregister.co.uk/design_picker/8125be5b011a6297a0c2c7ac01c6b66381c35418/javascript/ Frame C67C
207 KB
59 KB
Script
General
Full URL
https://forms.theregister.co.uk/design_picker/8125be5b011a6297a0c2c7ac01c6b66381c35418/javascript/_.js
Requested by
Host: forms.theregister.co.uk
URL: https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fec464c8133d8aa0d6cf4f140ae33ac83f5420d56f94cc47e8eb848817783f5

Request headers

Referer
https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 16 Mar 2020 16:05:34 GMT
server
cloudflare
age
12515
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Host,Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=33696000
cf-ray
57a1876e2ef1dbd3-LHR
expires
Tue, 20 Apr 2021 14:23:21 GMT
1276104633831866114
tpc.googlesyndication.com/simgad/ Frame DCB5
80 KB
80 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/1276104633831866114
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
120ce55883f26d68e2108231d7f0c6e772e186d2b9e6a4cf72cc6c75bc973e54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 19 Mar 2020 16:01:17 GMT
x-content-type-options
nosniff
age
598924
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
81508
x-xss-protection
0
last-modified
Thu, 19 Mar 2020 15:20:58 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Mar 2021 16:01:17 GMT
1064404211158951621
tpc.googlesyndication.com/simgad/ Frame 0FED
60 KB
60 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/1064404211158951621
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c8f75937a64cb180571def8a348d77c573b9ec9cc72fe4502860db0d54381ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 06 Mar 2020 18:48:28 GMT
x-content-type-options
nosniff
age
1712093
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
61806
x-xss-protection
0
last-modified
Fri, 06 Mar 2020 16:52:39 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 18:48:28 GMT
10196342649340698821
tpc.googlesyndication.com/simgad/ Frame FFB8
81 KB
81 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/10196342649340698821
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
615d3776c617108f0603964f782f5f0ef6ee0037a2be5a575066c337302b7e8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 06 Mar 2020 17:49:52 GMT
x-content-type-options
nosniff
age
1715609
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
82993
x-xss-protection
0
last-modified
Fri, 06 Mar 2020 16:52:39 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 17:49:52 GMT
arimo-700.latin.woff2
forms.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/ Frame C67C
25 KB
25 KB
Font
General
Full URL
https://forms.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2
Requested by
Host: forms.theregister.co.uk
URL: https://forms.theregister.co.uk/design_picker/8125be5b011a6297a0c2c7ac01c6b66381c35418/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a

Request headers

Referer
https://forms.theregister.co.uk/css_picker/webkit/7e2d9ae78d1dff0458083abe03eb3071fccf1e1a/scaffolding.css
Origin
https://forms.theregister.co.uk
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
cf-cache-status
HIT
last-modified
Tue, 04 Feb 2020 15:35:20 GMT
server
cloudflare
age
12515
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Host, Accept-Encoding
status
200
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a1876ea877dbd3-LHR
content-length
25628
expires
Tue, 20 Apr 2021 14:23:21 GMT
arimo-400.latin.woff2
forms.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/ Frame C67C
26 KB
26 KB
Font
General
Full URL
https://forms.theregister.co.uk/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2
Requested by
Host: forms.theregister.co.uk
URL: https://forms.theregister.co.uk/design_picker/8125be5b011a6297a0c2c7ac01c6b66381c35418/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9

Request headers

Referer
https://forms.theregister.co.uk/css_picker/webkit/7e2d9ae78d1dff0458083abe03eb3071fccf1e1a/scaffolding.css
Origin
https://forms.theregister.co.uk
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
cf-cache-status
HIT
last-modified
Tue, 04 Feb 2020 15:35:20 GMT
server
cloudflare
age
12515
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Host, Accept-Encoding
status
200
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a1876ea87adbd3-LHR
content-length
26144
expires
Tue, 20 Apr 2021 14:23:21 GMT
tp.gif
regmedia.co.uk/2007/09/13/
Redirect Chain
  • https://go.theregister.co.uk/k/abt_a
  • https://regmedia.co.uk/2007/09/13/tp.gif
34 B
412 B
Image
General
Full URL
https://regmedia.co.uk/2007/09/13/tp.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5351 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:21 GMT
cf-cache-status
HIT
age
673522
cf-polished
origFmt=gif, origSize=49
cf-ray
57a1876f6ac5d6d9-FRA
status
200
content-disposition
inline; filename="tp.webp"
cf-bgj
imgq:85
content-length
34
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Thu, 13 Sep 2007 11:17:03 GMT
server
cloudflare
etag
"31-43a027a4c29c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy03gb
expires
Tue, 20 Apr 2021 14:23:21 GMT

Redirect headers

cf-ray
57a1876f298cdbd3-LHR
date
Thu, 26 Mar 2020 14:23:21 GMT
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://regmedia.co.uk/2007/09/13/tp.gif
content-type
text/html; charset=iso-8859-1
status
302
x-reg-bofh
pfy03gb
content-length
310
gen_204
pagead2.googlesyndication.com/pagead/
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020030501&jk=1868477821477879&bg=!srGlsalYybATVdvOSRQCAAAAU1IAAAALmQFh71JJJgRWOl_6fiH5MPlgPKVRmmMf6gSS-vcjJuVLbBsBBAWZFD_8Ur1JIMZb-ujB-mRA2oesFwo_xXpdtrocp-ynk428Mz1jGXhWXv28xPU_upcLIwH08mqv6gB_Hz3fUCz_sOpGczQA0c1H7VzPUaUCyVRO9EbHKJyoqVTYcoLv39eM1R8BjGFsIhgDZUJECf-5ND0uDQ1lh1kRNPzouTnUrTTl5CWZPfzTh2kDOUZ65_SvsBrEVNOz1lfrnJan3ugAEHB32hdeRk7ZLMbd6MZIg1bB-RaFWwqHWPp6-wf9uA4U55x0MxMHUujd1AOVGdUChEQWzJlXz61KIIPKXcy34-btMpvJPEauHrY6AFRVez-nvgo5QFcwru6nCxvATKAhXzvzvzllh9UFRQlNnf51YaTC8Qtol8xM4JFboiLN7ZIYuSduQSeGdP1sSqgG96hhBSYsqag7sLUT6By1LrU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:21 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dwce_cheq_events
log.outbrainimg.com/loggerServices/
4 B
325 B
XHR
General
Full URL
https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1585232601546&sessionId=1d7ba8ec-54f5-5f19-8941-e5e25140c4ad&url=www.theregister.co.uk&cheqSource=1&cheqEvent=0&exitReason=3
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Mar 2020 14:23:21 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
788e2c3e15548802334f4190eef7765f
Content-Length
4
Expires
0
get
odb.outbrain.com/utils/
3 KB
2 KB
Script
General
Full URL
https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwww.theregister.co.uk%2F2020%2F01%2F17%2Fweleakinfo_takedown_nca_fbi_operation%2F&srcUrl=https%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.atom&settings=true&recs=true&widgetJSId=GS_1&key=NANOWDGT01&idx=0&version=1050170&apv=false&sig=fOCRNImv&format=html&va=true&rand=87959&pdobuid=-1&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&adblck=false&clid=1d7ba8ec-54f5-5f19-8941-e5e25140c4ad&fdu=www.theregister.co.uk&secured=true&cmpStat=0&ccpaStat=0&ref=&px=330&py=4210&vpd=3010
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ae40ecb60176a6c40f4b5bba4a9344729cded3a8148e0fdaa294d38fdaca92dc
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains;

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=0; includeSubDomains;
content-encoding
gzip
traffic-path
NYDC1, JFK, HHN, Europe1
x-cache
MISS, MISS
p3p
policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
status
200
x-traceid
c7f642f70df4c84a1dea159a79887bcd
content-length
1468
x-served-by
cache-jfk8138-JFK, cache-hhn4044-HHN
pragma
no-cache
x-timer
S1585232602.640205,VS0,VE119
date
Thu, 26 Mar 2020 14:23:21 GMT
vary
Accept-Encoding, User-Agent
content-type
text/x-json; charset=UTF-8
via
1.1 varnish, 1.1 varnish
expires
Thu, 01 Jan 1970 00:00:00 GMT
cache-control
no-cache
backend-ip
104.156.90.38
accept-ranges
bytes, bytes
x-cache-hits
0, 0
dwce_cheq_events
log.outbrainimg.com/loggerServices/
4 B
325 B
XHR
General
Full URL
https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1585232601617&sessionId=1d7ba8ec-54f5-5f19-8941-e5e25140c4ad&url=www.theregister.co.uk&cheqSource=1&cheqEvent=2&responseTime=571
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Mar 2020 14:23:21 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
75afeea1c2dd96cc0d49fc41ee14e55f
Content-Length
4
Expires
0
widgetGlobalEvent
log.outbrainimg.com/loggerServices/
4 B
323 B
XHR
General
Full URL
https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=e24b0f5a8abafe3e4659ece75b8f28f5&pvId=e24b0f5a8abafe3e4659ece75b8f28f5&sid=7989&pid=28775&idx=0&wId=829&pad=0&org=0&tm=909&eT=0&widgetWidth=924&widgetHeight=0&widgetX=331&widgetY=4210&tpcs=0&wRV=1050170&pVis=0&lsd=4fc61fc3-e0bf-44a8-8f4e-1696d8b3c809&eIdx=&cheq=2&ab=0&wl=0
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Origin
https://www.theregister.co.uk
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Mar 2020 14:23:21 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
197e894d49db4b707fed815e82d9d8
Content-Length
4
Expires
0
Cookie set obUserSync.html
widgets.outbrain.com/widgetOBUserSync/ Frame 11AC
0
0
Document
General
Full URL
https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1585232600208
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.159 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-159.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash

Request headers

Host
widgets.outbrain.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
obuid=4fc61fc3-e0bf-44a8-8f4e-1696d8b3c809
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/

Response headers

Accept-Ranges
bytes
Content-Type
text/html
ETag
"938505833703786e7ccfce1fecf1cd66:1582216491.628225"
Last-Modified
Thu, 20 Feb 2020 16:34:45 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
Content-Encoding
gzip
Cache-Control
max-age=604800
Date
Thu, 26 Mar 2020 14:23:21 GMT
Content-Length
3518
Connection
keep-alive
Timing-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Methods
GET,POST
Access-Control-Allow-Origin
*
Set-Cookie
akacd_widgets_routing=1585232601~rv=79~id=4a75c12e226ba61b5518edc3b31df172; path=/; Expires=Thu, 26 Mar 2020 14:23:21 GMT; Secure; SameSite=None
activeview
pagead2.googlesyndication.com/pcs/ Frame 3C04
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOLVmWaq7X7-mxBovBpUTFRY1acT2gXzl4mUuRkOQVEWfw_BscvDcYUC2Zo6bFCPx8tLj-Qux__C8p3aMxfh8gLxdQqgCte_6og6yr5qE&sig=Cg0ArKJSzGBGRicV3-q1EAE&adk=2610646818&tt=-1&bs=1585%2C1200&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&p=233,978,563,1278&mcvt=1025&rs=0&ht=0&tfs=147&tls=1172&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1585232601028&dlt&rpt=130&isd=0&msd=0&ext&xdi=0&ps=1585%2C4568&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-4-11-11-0-0-0&tvt=1169&is=300%2C600&iframe_loc=https%3A%2F%2Fwww.theregister.co.uk%2F2020%2F01%2F17%2Fweleakinfo_takedown_nca_fbi_operation%2F&r=v&id=osdim&vs=4&uc=12&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200325
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:22 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame DCB5
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZ3vEkwi7xNJlAi4qkNtulYRexol4lOD3_Z8p1dOQNISLFdwEI-SFFr3lRdfQ4xaIm4p_0vwH84qo2b0_VnvM_ILJZd9pRdfcPoMDTWMU&sig=Cg0ArKJSzMHwvvuTV5L9EAE&id=ampim&o=429,129&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=184&tls=1184&g=100&h=100&tt=1184&r=v&adk=284626583&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 14:23:22 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads.js
www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/
27 B
263 B
XHR
General
Full URL
https://www.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ads.js
Requested by
Host: www.theregister.co.uk
URL: https://www.theregister.co.uk/design_picker/9031d9d0c0ab83a2efbb659b23896eb021891f70/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
Sec-Fetch-Dest
empty
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:25 GMT
cf-cache-status
HIT
age
14714605
cf-ray
57a187876dd3dbd3-LHR
status
200
content-length
27
x-clacks-overhead
GNU Terry Pratchett, Lester Haines
last-modified
Thu, 05 Apr 2018 12:48:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=33696000
accept-ranges
bytes
x-reg-bofh
pfy04
expires
Tue, 20 Apr 2021 14:23:25 GMT
ads.js
forms.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ Frame C67C
27 B
235 B
XHR
General
Full URL
https://forms.theregister.co.uk/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ads.js
Requested by
Host: forms.theregister.co.uk
URL: https://forms.theregister.co.uk/design_picker/8125be5b011a6297a0c2c7ac01c6b66381c35418/javascript/_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.234.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://forms.theregister.co.uk/studies/internal/state_or_it_dept/?version=emea&td=5335643672&r=1129091609
Sec-Fetch-Dest
empty
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 14:23:26 GMT
cf-cache-status
HIT
last-modified
Fri, 10 Jan 2020 15:10:58 GMT
server
cloudflare
age
12515
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Host, Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=33696000
accept-ranges
bytes
cf-ray
57a1878df88bdbd3-LHR
content-length
27
expires
Tue, 20 Apr 2021 14:23:26 GMT

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| RegZoot object| RegCC string| RegPageType string| RegTruePageType object| RegArticle function| sprintf object| RegUtils object| RegCBW string| _RegCBWTest function| RegCBWA function| RegCBWT boolean| is_rows_based_page function| ads_states_tracking boolean| RegAST function| track_abt function| gpt_js_errored function| bird_alternative function| init_gpt function| ad_free function| show_article_signup_ml function| RegTLRotate function| load_media_player function| pivot_shuffle function| pivot_around function| display_social_popup function| regtld function| getElementCss function| setElementCss function| getElementHeight function| moveElement function| account_form_check function| get_epoch function| rolling_time function| time_calc function| get_url_param function| reg_nl_form function| scale_article_inner_elems function| toggle_account_tab_state function| resize_img_url function| send_to_analytics function| NO_DEV_COOKIE function| isScrolledIntoView function| check_rhs_sticky_ads_general_conditions function| rhs_sticky_ad_mu1_spot function| isIE function| spawn_and_load_img_from_div undefined| sticky_ad_RT_2F function| rhs_sticky_ad_btn_spot function| augment_promo_unit function| social_button_share function| sticky_nav_bar function| add_search_terminal function| nav_bar_search function| nav_popup function| article_body_safe_spots_for_ads function| is_article2article function| RegSendGA object| rat_ function| track_bucket_user function| performance_stats function| send_performance_stats number| RegPerformanceStatsPerMille function| setup_forum_votes function| RegSponsorship function| RegSponsorshipChan function| RegParallax function| RegMobParallax function| HideRegBotBanner function| RegBottomBanner function| polling function| polling_setup function| poll_view_results function| render_thanks function| equalize_poll_vote_count_width function| render_poll function| append_view_btns function| poll_view_btn function| render_poll_question function| render_poll_result function| get_poll_votes function| update_poll_votes function| move_poll_question function| submit_poll_votes number| vplayer_count function| slideshow function| slideshow_setup function| load_slide_rail function| load_slide_img function| load_slide_image function| slide_img_v_alignment function| load_slide_video function| slideshow_user_events function| get_slideshow_id function| get_slide_index function| slide_change_request function| change_slide function| change_rail_images function| rail_size function| slideshow_pos function| set_slideshow_video_size function| slide_arrow function| full_youtube_url function| youtube_thumb_img function| $ function| jQuery object| nir object| s object| googletag string| Reg__adct object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| RegWpTl object| outB string| GoogleAnalyticsObject function| ga object| adm object| sticky_nav object| jQuery111206443276712763462 number| google_srt undefined| google_measure_js_timing string| RegSection object| admCustomData string| sc string| axc number| __google_ad_urls_id number| google_unique_id object| gaGlobal object| google_tag_data object| gaplugins object| gaData object| VKs object| VVCCs object| VCs object| SAs boolean| RegAdBlocking object| __twttrll object| twttr object| __twttr function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| OBR string| OB_releaseVer function| OBR$ object| OB_PROXY object| outbrain object| outbrain_rater object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| RegAdsRendered function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| GoogleGcLKhOms object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| __ctcg_65349_0_exec object| google_image_requests

6 Cookies

Domain/Path Name / Value
.theregister.co.uk/ Name: sc
Value: 1
.theregister.co.uk/ Name: _gat
Value: 1
.theregister.co.uk/ Name: _ga
Value: GA1.3.1798176742.1585232600
.theregister.co.uk/ Name: bucket
Value: 510
.theregister.co.uk/ Name: _gid
Value: GA1.3.595436902.1585232600
.theregister.co.uk/ Name: __cfduid
Value: d7cf43d278575f7a5e5feb6bdfea7eedf1585232600

3 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.theregister.co.uk/2020/01/17/weleakinfo_takedown_nca_fbi_operation/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.co.uk
adservice.google.com
cdn.ampproject.org
cdn.syndication.twimg.com
forms.theregister.co.uk
go.theregister.co.uk
log.outbrainimg.com
nir.theregister.co.uk
ob.cheqzone.com
obs.cheqzone.com
odb.outbrain.com
pagead2.googlesyndication.com
pbs.twimg.com
pj.l.admedo.com
platform.twitter.com
regmedia.co.uk
securepubads.g.doubleclick.net
stats.g.doubleclick.net
syndication.twitter.com
tcheck.outbrainimg.com
tpc.googlesyndication.com
widgets.outbrain.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.theregister.co.uk
104.18.234.86
104.244.42.8
107.23.24.158
13.224.194.122
151.101.114.2
172.217.22.2
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:134:fa2:1627:1fe:edb:1665
2606:4700::6810:5351
2a00:1450:4001:800::2002
2a00:1450:4001:800::200e
2a00:1450:4001:806::2004
2a00:1450:4001:808::2002
2a00:1450:4001:817::2002
2a00:1450:4001:81a::2001
2a00:1450:4001:81b::2001
2a00:1450:4001:820::2002
2a00:1450:4001:825::2003
2a00:1450:400c:c07::9d
2a02:6ea0:c710::2
64.202.112.127
72.247.226.107
93.184.220.66
95.101.185.159
01b11642a8412e8a9818456c26a2f355a437a2b3d87e8fca40d716cd1fec0785
0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06ffb90d0e1c0a7e16012257416e405c65bd084a92fc899cead07cc6bf7be5e3
0c8abddf034c71ee4a87ff140cf18b45f2a03fbbf1aaae9d5efaf99e4a30809c
11b10fdb2a5de2bc29f16503b2ee10492c9441b12e7d1d0248ff764f62a0206d
120ce55883f26d68e2108231d7f0c6e772e186d2b9e6a4cf72cc6c75bc973e54
198c88313d65f4d2b30b218566c00f96002f78ae125643d5a73a669b46cab112
1ab8e828a3861e0d765664f2151abe2c5a747cbdd21fef3433a3c48566dd7898
1bc9eeec7ba19c97ba1d50c10195c3f74302af5e712409e51e5b8d35b6f46eb8
1d12f905bb706cb8acf0335b6a160a16f345f07202ea4130402aea6e26f6c211
2cf635372dffcbc9a23d1cb895e5f038a4c573e863044b8525e17f011c6dea15
2fec464c8133d8aa0d6cf4f140ae33ac83f5420d56f94cc47e8eb848817783f5
363edeba1963685d08a885c613f43fd3c94fa0ba6cea87de6036f960c9d38717
39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f
4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
458860ce8b256b66b223ed10f813b32a012b91698bd98867374cfb24da8ce172
49c2a3cf0f363bf387c06a35a4a4e6c7255799b3776bed55914862136d783028
4c5f5cec4d6bfa8946d9e3130163538e9e175f922a2181d7e6d3895f7edb5409
4c992dd3825c780cdbb4e11ea975fe529efb2dba73309e7d76ab55e938e0f323
4db16433a1f26ff7f90e3525190e9debe2ac5545309ab47e5a06133e06f9f128
4e6c82e4f1117b4e2adb58f15170c07257e6203719ed24e4ef6525ed9b346151
4ecf4699152194c23f91bb5d0ab9be888c79f202ddb91b71c72fbe069ad10892
508eaa55e9df71fb9daf249826540f803223f1931214ae738fae39ff11b60fe6
5343483e97f0966808f65d241b143323c149e4d5370b39c8c06454db918f2fcb
536f8526c0016c55cb1d21053809101b437b8d1a513076905636f74a9522855e
57f36532aa65a31fbd3a65491ec6d5c035b5cd54a946b180b7b72e6b3d82bf2c
5c8f75937a64cb180571def8a348d77c573b9ec9cc72fe4502860db0d54381ec
615d3776c617108f0603964f782f5f0ef6ee0037a2be5a575066c337302b7e8c
62b658bca472f4eb438c6384ed624f42a08b19472b29f34cedaad0e2a6372ace
67d98d5c33034b7a0b5f829b1c833eb2ea440a63a631a37694778ef4af996b33
68f069b0e283a4b26bb5428efc09374b729d1aa2edefbd169ff4a0e1016e386e
6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a
6bd512e5c17c3779d20e7e7efdac86cc9746ba4d445c0cbce79da215445efe55
79476979f0dd352eede0c7a570e4c48648367be7d5b97fb5e1363e19f2462885
7ae3e59390288ee537444aa4d7ba31142e603237ed73697c29a1dca36dc8d556
7c6500b5aab10820ef921c16a696a612a905098ebdbcc71b056502e86e591093
7f15b8e98ab44adba694ee8464bd8cb33ed2f5f3865b7c9f6473faaa9f496cba
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
94c547ff2a7522ae49bc84e838caa6f41524248d84a934c3c0ed9264d45cbf63
94edbc0ddc240376874a7449e6ba2c0e0429c26777b20d9a6a8a93b43846b824
95f0b8a588ddfbf5b37b38fcb1e50f745648419e25cc7ee2e503efc3ba93c990
96a19aca5f40d0503e2d7ff108531054c2b5bc5f28ae40d5e1859601065c7b1d
9d501e93d6f8d633677b0d71b23bd3bc4b7eb31ee5e7c49320218a6b5498cd27
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a5e984fb4941889b3248d20d4d9b34d56ae0555b08158c529bc7dcf3642391b2
ab9ea72073a4869c5cd8d0e8a6b014e9cea3f85b94e6c06bd3a8717f15454689
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae40ecb60176a6c40f4b5bba4a9344729cded3a8148e0fdaa294d38fdaca92dc
aeb1cb5a1fc9ff73fef24f06eac380b67bbe63862eeb40d92485bb2ab7aee94e
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b6b42c0d7dcf6b6bc21fca18a8e47363237ef0b55a575897226960937b32d7ab
c2b0d171a4179bf00898c430c1c15464e528aff5762fc70a5d02184834c82eff
c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4
c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0
ca4627707c434a5db3dca160e8883c09864ddb7ab4b28af47dd302d47062fef6
ca5b99a94945b7611b508996bc5fd683cac61777ab3e68ea5efd12a718a38463
ce30d5aea49ad6115164a99e5638a387c606885ed02bbbdfab77d3ffbe17aff7
d0adc1d977a875a5f162248ed4fa8b92074895dfba505ae9ee039fb7e195ee45
d19f0ca0e0dae78b309d453260b3eb470b5ab681b3d1328c7364a14981281d79
d8db699e718814dce4d71b8c7d981df5aed9df3d3b49eb5d8970c3f75c2547ad
da0f3b621d72a405022d2d693d4e357133538d8dd7bda42e710fe6afb6f63a08
de0bb1c1c0610f898f5aee562c2b2b79ef9c7b3cbb3b1994eadd1c45234bf8d9
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
e1a0f94ae5b6f452bde76f436981f11c6a667c4ab2452713a44c56a6114ffaae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e889bf6150aeb787b33b725434356ffbd348744af5089a5084a126015370029a
ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9
eaf024f9c3b297b80e014cbff15beaac0bc5941c58bdaee90fb35118cd7b0f3b
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ee2fd813fd9cfaff970009ec85bd66e78b38691433b25111dfd7e73f9b0bc4bb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f13585ddb86f9ec0432f36eae40bcaabe3aad166eff8424b27082c2b8174a3a2
f2e60d0a77f1d63a9fd3b21fbb9d21345a61dc43d6c9b749e45753c5d993a6e8
f2fd8ef146cca0f0cd6d99c2b1880e9c27bce8005b2995f710c5032f6672de96
f33bf25e603b71f1bad657b2b4411f98dfb16dd6e426c3891c2dcf5d798ab31c
f42a719c42729853609255c0f4e029aa6ae44a9a9925743394343a8a0265a110
f677040712955dc4fc8e9f792849a092501ffec68788837915d8ff8ff7b0d1e2
f72263862a57ea2620bb3f68688f9a283ae02af459f55ecc4e266b93e1a45d27
f84ac75c1acd05be4f3ccb7affe3f4ab364b237d020219e5849a20a08cb5e43a
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc