zegtrends.com Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://icutlink.com/GBdVC3EQX
Effective URL:
https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Submission: On June 14 via manual (June 14th 2023, 5:42:36 pm UTC) from BR — Scanned from NL

Summary HTTP 72 Redirects Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 21 domains to perform 72 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is zegtrends.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 3rd 2022. Valid for: a year.

This is the only time zegtrends.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6814:51d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	149.56.240.129 149.56.240.129	16276 (OVH) (OVH)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:20c... 2600:9000:20c3:1600:12:4abd:d340:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	149.56.240.27 149.56.240.27	16276 (OVH) (OVH)
3	2600:1901:0:6... 2600:1901:0:636d::1	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223d:6c00:14:2602:6e80:93a1	16509 (AMAZON-02) (AMAZON-02)
6 11	2606:4700:20:... 2606:4700:20::681a:51a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:d600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:224... 2600:9000:2240:4400:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
1	2600:9000:225... 2600:9000:225e:fe00:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:ec00:1a:1459:5cc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:78b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.32.185.123 23.32.185.123	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2600:9000:224... 2600:9000:2240:4a00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:246	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	13.41.128.163 13.41.128.163	16509 (AMAZON-02) (AMAZON-02)
1	35.158.65.69 35.158.65.69	16509 (AMAZON-02) (AMAZON-02)
2	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
72	31

15 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

icutlink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zegtrends.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:51d (United States)

ASN13335 (CLOUDFLARENET, US)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.56.240.129 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534297.ip-149-56-240.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:20c3:1600:12:4abd:d340:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.intergient.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.56.240.27 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534106.ip-149-56-240.net

sstatic1.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:636d::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

billowybelief.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:6c00:14:2602:6e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.intergi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:20::681a:51a (United States) 6 redirects

ASN13335 (CLOUDFLARENET, US)

fstatic.netpub.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:d600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2240:4400:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:fe00:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:ec00:1a:1459:5cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

config.playwire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:78b (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.185.123 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-123.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2240:4a00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.41.128.163 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-41-128-163.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.158.65.69 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-65-69.eu-central-1.compute.amazonaws.com

audit-tcfv2.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	zegtrends.com 1 redirects zegtrends.com	512 KB
11	netpub.media 6 redirects fstatic.netpub.media — Cisco Umbrella Rank: 266965	506 KB
8	intergient.com cdn.intergient.com — Cisco Umbrella Rank: 8197	246 KB
6	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 stats.g.doubleclick.net — Cisco Umbrella Rank: 124 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 ad.doubleclick.net — Cisco Umbrella Rank: 184	156 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60 region1.google-analytics.com — Cisco Umbrella Rank: 1832	41 KB
5	quantcast.com test.cmp.quantcast.com — Cisco Umbrella Rank: 10584 cmp.quantcast.com — Cisco Umbrella Rank: 3300 audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 12380	142 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	266 KB
3	btloader.com btloader.com — Cisco Umbrella Rank: 1086 api.btloader.com — Cisco Umbrella Rank: 1196	13 KB
3	billowybelief.com billowybelief.com	23 KB
3	histats.com s10.histats.com — Cisco Umbrella Rank: 12395 s4.histats.com — Cisco Umbrella Rank: 11738 sstatic1.histats.com — Cisco Umbrella Rank: 62996	5 KB
3	icutlink.com icutlink.com — Cisco Umbrella Rank: 239578	4 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1167	1 KB
2	moatads.com z.moatads.com — Cisco Umbrella Rank: 620 mb.moatads.com — Cisco Umbrella Rank: 831	44 KB
2	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1940	157 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133	95 KB
1	playwire.com config.playwire.com — Cisco Umbrella Rank: 8410	2 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 379	1 KB
1	consensu.org quantcast.mgr.consensu.org — Cisco Umbrella Rank: 4744	47 KB
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 628	482 B
1	intergi.com cdn.intergi.com — Cisco Umbrella Rank: 8972	147 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422	88 KB
72	21

	Domain	Requested by
12	zegtrends.com	1 redirects zegtrends.com
11	fstatic.netpub.media	6 redirects zegtrends.com fstatic.netpub.media
8	cdn.intergient.com	zegtrends.com cdn.intergient.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
5	www.googletagmanager.com	icutlink.com zegtrends.com www.googletagmanager.com fstatic.netpub.media
3	cmp.quantcast.com	quantcast.mgr.consensu.org
3	billowybelief.com	cdn.intergient.com billowybelief.com
3	securepubads.g.doubleclick.net	zegtrends.com securepubads.g.doubleclick.net
3	icutlink.com	icutlink.com
2	api.btloader.com	btloader.com
2	ad-delivery.net	zegtrends.com
2	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
2	pagead2.googlesyndication.com	icutlink.com
1	audit-tcfv2.cmp.quantcast.com	cmp.quantcast.com
1	mb.moatads.com	z.moatads.com
1	ad.doubleclick.net	zegtrends.com
1	z.moatads.com	cdn.intergient.com
1	btloader.com	cdn.intergient.com
1	config.playwire.com	cdn.intergient.com
1	test.cmp.quantcast.com	quantcast.mgr.consensu.org
1	cdn.jsdelivr.net	fstatic.netpub.media
1	quantcast.mgr.consensu.org	fstatic.netpub.media
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.adsafeprotected.com	zegtrends.com
1	cdn.intergi.com	cdn.intergient.com
1	sstatic1.histats.com	zegtrends.com
1	ajax.googleapis.com	zegtrends.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	icutlink.com
72	31

This site contains no links.

Subject Issuer	Validity	Valid
icutlink.com E1	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-13` - `2024-05-11`	a year	crt.sh
histats.com R3	`2023-06-06` - `2023-09-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
cdn.intergient.com Amazon RSA 2048 M02	`2023-02-17` - `2024-01-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
billowybelief.com R3	`2023-04-17` - `2023-07-16`	3 months	crt.sh
cdn.intergi.com Amazon RSA 2048 M01	`2023-02-17` - `2024-01-02`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
cmp.quantcast.com R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.playwire.com Amazon RSA 2048 M02	`2023-02-11` - `2024-03-11`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-05`	a year	crt.sh
api.btloader.com GTS CA 1D4	`2023-06-13` - `2023-09-11`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Frame ID: F2AE1D61939AF7210CCBC94339594212
Requests: 69 HTTP requests in this frame

Frame: https://icutlink.com/empty.html
Frame ID: 354FCEB732923DE9ED47857060701D59
Requests: 1 HTTP requests in this frame

Frame: https://zegtrends.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Frame ID: 084411C38898E95631255D3C6FB3170B
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230613/r20190131/zrt_lookup.html
Frame ID: E85C00F6CEF682BA6995CBE14C311667
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hacking begins with a text message.” How does the Pegasus spyware work? – ZegTrends

Page URL History Show full URLs

https://icutlink.com/GBdVC3EQX Page URL
https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/ Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

72
Requests

94 %
HTTPS

77 %
IPv6

21
Domains

31
Subdomains

31
IPs

5
Countries

2493 kB
Transfer

8724 kB
Size

24
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://icutlink.com/GBdVC3EQX Page URL
https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550234 HTTP 301
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/service.js HTTP 302
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

Request Chain 26

https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550235 HTTP 301
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/service.js HTTP 302
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

Request Chain 27

https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550268 HTTP 301
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/service.js HTTP 302
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

Request Chain 32

https://zegtrends.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://zegtrends.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

72 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 GBdVC3EQX Show response
icutlink.com/ 6 KB
3 KB 573ms
505ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icutlink.com/GBdVC3EQX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01257578d2da5f545555eac87bf2af86316f771deecd07a636847b6c9fe0d255

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7d745ebd582b8ff2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 14 Jun 2023 17:42:29 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAk5W6baSVwcsfoLwijU33nyrh9hTF99JJGddFAZLPlBmroQxSrL6263VzkxtrTQP3q%2Bpxs6DTxpzQMpK%2BSH2ta4zROUehEYlIbmLyZQs7rqSBIAdAdLAhswNuVIkToyZS7tWCuDQWsZn8Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN, SAMEORIGIN

GET
H2 200 js
www.googletagmanager.com/gtag/ 124 KB
48 KB 83ms
36ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-125598004-1

Requested by

Host: icutlink.com
URL: https://icutlink.com/GBdVC3EQX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icutlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49243
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 16:09:53 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 14 Jun 2023 17:42:29 GMT

GET
H2 200 ad.min.js Show response
icutlink.com/ 138 B
454 B 35ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icutlink.com/ad.min.js

Requested by

Host: icutlink.com
URL: https://icutlink.com/GBdVC3EQX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ae970c0eba45d3ec315f94d3404ea6ad258ac546746921262261d3a713f6f9a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icutlink.com/GBdVC3EQX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Jun 2021 20:16:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3681
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29QlKcSE9byHAEfvb1L5kGngPLU3ZQLoT6sis8OBmPVZuydx3%2BUYYrVYVUUFtq00BIlBfROFzRNBMWv3BOSc%2BfTessBQwPZ%2Bvv%2F2AhZ8nC1wVUPp1JR1C4BruppMNa0tDf7WnBLwpN11MxY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec09be68ff2-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 js15_as.js
s10.histats.com/ 11 KB
5 KB 108ms
36ms Script
text/javascript 2606:4700:10::6814:51d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: icutlink.com
URL: https://icutlink.com/GBdVC3EQX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:51d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icutlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:29 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
server: cloudflare
age: 6273
etag: "-375139978"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 7d745ec13cab924f-FRA
content-length: 4547

GET
H2 200 empty.html
icutlink.com/ Frame 354F 48 B
355 B 170ms
169ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icutlink.com/empty.html

Requested by

Host: icutlink.com
URL: https://icutlink.com/ad.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://icutlink.com/GBdVC3EQX
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d745ec0ec778ff2-FRA
content-encoding: br
content-type: text/html
date: Wed, 14 Jun 2023 17:42:29 GMT
last-modified: Thu, 14 Oct 2021 00:44:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sT1l3iiO6IXyMr1TcvoluFIXnHT%2FoZVS7Wj9eCxTRcwD0zU1Aet0TuOCz0F7FssJjqlYmi9vE0eMK2uap53S7lEyIX42tJVdwbje3sjLkD7nMjD4PCtvX2tO9NXWpFXFnxs9MH77GA6KRVg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent
x-frame-options: SAMEORIGIN

POST
H2 200 Primary Request / Show response
zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/ 92 KB
19 KB 743ms
673ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c98f74ed7ef0bb572066558188fd4215e8aef5dcde1c28a7a1df395557eaa024

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://icutlink.com
Referer: https://icutlink.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d745ec15ce81c22-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 14 Jun 2023 17:42:29 GMT
link: <https://zegtrends.com/?p=338>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZuBCZHtnT58c%2BVXUeil39ILf2WR0Hey9XFKYaavY7FhBue5R%2F7DDlGAp0ctGbxgXCP36CYKs5Jh65cjlbNkQIcZL0pCFADK3l1mFUd2io2c0piNjgTbQY%2BoonsPA0NjSrlvnnDowgLCgGzzX"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN

GET
H2 200 analytics.js
www.google-analytics.com/ 51 KB
21 KB 99ms
29ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125598004-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icutlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 14 Jun 2023 17:04:48 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2261
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 14 Jun 2023 19:04:48 GMT

GET
H/1.1 200
OK 0.php
s4.histats.com/stats/ 51 B
185 B 309ms
98ms Script
text/html 149.56.240.129
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4141654&@f16&@g1&@h1&@i1&@j1686764549344&@k0&@l1&@mPlease%20wait...&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:27736888&@b3:1686764549&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Ficutlink.com%2FGBdVC3EQX&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.240.129 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns534297.ip-149-56-240.net
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icutlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 14 Jun 2023 17:42:29 GMT
Connection: close
Content-Length: 51
Content-Type: text/html;charset=UTF-8

POST
H2 200 collect
www.google-analytics.com/j/ 1 B
204 B 29ms
28ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1642806169&t=pageview&_s=1&dl=https%3A%2F%2Ficutlink.com%2FGBdVC3EQX&ul=en-us&de=UTF-8&dt=Please%20wait...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1281858027&gjid=671313419&cid=2135713407.1686764549&tid=UA-125598004-1&_gid=1383212885.1686764549&_r=1&gtm=457e36c0&jsscut=1&z=1253660444

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icutlink.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 17:42:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://icutlink.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
zegtrends.com/ 26 KB
8 KB 36ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/loader.js

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6da099a16c53c78982d829c915083580ae057aa04c19932dbf651ff36e92993b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5213
cf-polished: origSize=26715
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 19 Mar 2023 10:55:26 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D55ydTwrbAVT6puhP8rNfHey286AVr7ufOYMM9q72iy6k5YyqMXsLkxJxVQ1aQTUIFwbUQJhvuXASi1ILr%2BG1c%2B71dhRV5bQoi8O2zdxMlGiKgGsorBYEFzG2g4kHW%2BHe4FiQmrvt3R8%2BbVG"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec61be51c22-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
25 KB 134ms
85ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ee11b4b0d9044456ba0a770e9d93bc482f5d5e5b3eab937a55747c786dccea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25306
x-xss-protection: 0
server: cafe
etag: 866 / 19522 / m202306080101 / config-hash: 10183659285610870749
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H2 200 ramp_config.js Show response
cdn.intergient.com/1024578/73399/ 40 KB
5 KB 105ms
29ms Script
application/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/1024578/73399/ramp_config.js
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 655041914d43108b24bb44d410c868d7220236b43a75eac1421b3bfef13794cf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 08:07:02 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MUC50-C1
age: 34528
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600, public, must-revalidate
x-amz-cf-id: wV8vQ7g5FET4zHXHV3HHBbs_bn6YZD2UtVvg4yg5nYo0gjfEh6uHdA==

GET
H2 200 style.min.css
zegtrends.com/main/css/dist/block-library/ 93 KB
13 KB 33ms
31ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/main/css/dist/block-library/style.min.css

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b041e7b08a99e947327a5faf96e5ab7aeef39a467c0ef2240710a19857743da3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 20 May 2023 06:34:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5213
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmZm11DGhdekc5xp8OX0SFnshRNzVaUxqoIQbNNO7f6a9GX5LfA%2BscVHPcZWv9hmyKVuKkjr3XyGPGnFLDbIuHxJOLRvjzubmgf7Q94O0z%2BOE%2FStbg4vhm%2BrdUsgujrc203AZZvRw41qCUCb"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec61be01c22-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 classic-themes.min.css
zegtrends.com/main/css/ 217 B
470 B 32ms
30ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/main/css/classic-themes.min.css

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Nov 2022 01:03:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5213
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DF6c7TNnVbe9V5EpIfxqH%2FpMQwp1PR%2F4KY9vL1rGnC7uYGm3pF%2FHe1xCE2X7yuy17X%2B1%2BiHUFiqfLL%2Fij%2FsDHiRkyp7GkkhY4GQ3yLDy8lHKjIaDzJkTXo1OtDYTSMt7VfUgkJK6tqLjl0Py"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec61be11c22-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 style-main-new.min.css
zegtrends.com/core/ 38 KB
9 KB 34ms
33ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/core/style-main-new.min.css

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

562517f7493a811891867c03059981133d7004b90d2d711499dbdfeec345d93c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 02 Sep 2022 15:01:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5212
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccgtOyJ%2FDTSitLNzgdfKl1qfjXBsbALKrw13OdF5mIPtvsWkrWuttSj5pUrOsbA8uKqG1BLDlorTdoWaE1MxFvN1JyJu2jvC1i9wmrERI3JWvpr0oAvedh0F4Orei2ekdIPbCx209eDgnuxK"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec61be71c22-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 devtools-detect.js Show response
zegtrends.com/app/wp-hide-security-enhancer/assets/js/ 1 KB
853 B 31ms
30ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/app/wp-hide-security-enhancer/assets/js/devtools-detect.js

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7756535795a4e600777b5f7a81ed03d6df6f7789b61d481c0be2fbebf00c8e0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5213
cf-polished: origSize=1439
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 04 May 2023 18:44:47 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=brAcjPqwXrTU4OBaKH1qANGO5kR%2B9SH6oSP0JLm1jM3h%2BbBTrsHMhpQPnML49GLgOtSqyDFOgze3Mt7u57VGogkTmNwgZy6RxrJ1%2F%2F9MAkseTqlAB%2Bd8hoouiqrzGFpcObfIFOJF4VAllLEe"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec61beb1c22-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
88 KB 99ms
29ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:13:35 GMT
x-content-type-options: nosniff
age: 1735
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89476
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Jun 2024 17:13:35 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8cfa4bb0b75fdcd693fa4c85163cfabb1637870c5ca70a1e357461d98349792b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H3 200 pegasus-spyware.png
zegtrends.com/images/2021/07/ 437 KB
438 KB 463ms
462ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zegtrends.com/images/2021/07/pegasus-spyware.png

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a81e98f731181cf96fd18a1dd8124e3903cc002b733dd83d9bd72f039b6436b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 27 Jul 2021 14:18:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWiFvh6rA4l3z8jmgdbV24pq%2Bc3G1bnV%2BYw7BYwD%2FJZdhrDMsmC29o4acbghD4WwcSICIXy%2FTaghUfKSzqF%2FjAa9NdLmfzCg6bJqiRBtCQ4Tdab1q7O9RJAmlV%2B%2BYAXREs7H79g0WTL6UkG7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7d745ec6f82b6907-FRA
alt-svc: h3=":443"; ma=86400
content-length: 447790

GET
H3 200 icon.png
zegtrends.com/app/chp-ads-block-detector/assets/img/ 15 KB
16 KB 30ms
30ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zegtrends.com/app/chp-ads-block-detector/assets/img/icon.png

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
cf-cache-status: HIT
last-modified: Tue, 23 May 2023 17:37:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 828
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yG40ZyK1txuvzZhXngriNzNN1Azu186TZconhelhrNJsvAaXecMRcK%2FkUUcpIHy7V%2BCaIMWqF17gPVp9luLethvQBHwnmbpmaD4IECpH3S2iAkY4bPteXcp59SDnTSiQvdcoPs3QFl5J83Nq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7d745ec7083a6907-FRA
alt-svc: h3=":443"; ma=86400
content-length: 15671

GET
H/1.1 200
OK 0.gif
sstatic1.histats.com/ 43 B
163 B 317ms
93ms Image
image/gif 149.56.240.27
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sstatic1.histats.com/0.gif?4479927&101
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.240.27 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns534106.ip-149-56-240.net
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 14 Jun 2023 17:42:30 GMT
Connection: close
Content-Length: 43
Content-Type: image/gif

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 36ms
34ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-120299301-4

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4aad7d90f8da60eac91959b6c6e9c64a183ed5d0fd6f5b41b8627ab9f1fd7b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 50187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H3 200 frontend.js Show response
zegtrends.com/core/assets/js/build/modern/ 7 KB
3 KB 29ms
28ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/core/assets/js/build/modern/frontend.js

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6dfa8b942e29b3b71e21c90d064eda9097afc6c98fab2c752f822a7a86942e6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5367
cf-polished: origSize=6811
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 02 Sep 2022 15:01:23 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATEvjYDNr6IDYsOEI8gOohmd5fZalhZiw3eu39pjwYdrDSc75KMs8WXc5Bjm%2BTCSfcuCatj5E7LoS6Mrj7T%2Fymy15TZkOf1oPaBKEaoHuEjMZRV6tdxaAZHK%2FHOk1m8QbgG1Nowo4KjKs6nZ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 7d745ec7083b6907-FRA

GET
H2 200 ramp_core.js Show response
cdn.intergient.com/ 587 KB
166 KB 679ms
678ms Script
application/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/ramp_core.js
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 67316ada892a49f9b496847f70f36a50e010719a9d31b05496834b42339fc3a2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MUC50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
x-lambda-function: us-east-1.pageos_production:189
cache-control: max-age=600, public, must-revalidate
x-amz-cf-id: 7KhHfIhuaB-_QRi2mzAx9L-fp4-xNjjvlrk6-WhpWB6JkJOSSa8prg==

GET
H2 200 c72a5ddacfbf9359304f27a20b5d1e2f481aaf.index.js Show response
billowybelief.com/bundles/ 63 KB
23 KB 103ms
25ms Script
text/javascript 2600:1901:0:636d::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://billowybelief.com/bundles/c72a5ddacfbf9359304f27a20b5d1e2f481aaf.index.js

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024578/73399/ramp_config.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:636d::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

7fc939688a8b0b30c4a4195e0e3c8b88535b239a5eb12c5b1acecd72c4e23415

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Wed, 14 Jun 2023 17:42:30 GMT
x-datacenter: gce-europe-west1
etag: "a01bfb8b7c8f1e40a1b484560868aa5e797a4ffe2ca13b46163032da3804b7d1"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-tzkm
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 892946322
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 prebid.js.br Show response
cdn.intergi.com/prebid/ 575 KB
147 KB 156ms
22ms Script
text/javascript 2600:9000:223d:6c00:14:2602:6e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergi.com/prebid/prebid.js.br
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024578/73399/ramp_config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:6c00:14:2602:6e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 23df4b95a6b30f70b8bca0726540badba53900209fa9675897e1ba798730bf80

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: FcT49YKLtr3flvEBR1ouPo.mxrGQl2vy
content-encoding: br
via: 1.1 102d8cf947b68167e34dd1299c206242.cloudfront.net (CloudFront)
date: Wed, 14 Jun 2023 12:44:13 GMT
last-modified: Wed, 07 Jun 2023 13:02:52 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 17957
x-amz-server-side-encryption: AES256
etag: "827dc0df6e6b6901b2473786975114aa"
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 150286
x-amz-cf-id: i3xQXgGz3bJMwcBmMjjzIanLhsb-i_KD3N-5Idys1LEtnhEKOHC6lA==

GET
H2

200

40260545.js Show response
fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/
Redirect Chain

https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550234
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/service.js
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

404 KB
99 KB

60ms
58ms

Script
application/javascript

2606:4700:20::681a:51a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Server

2606:4700:20::681a:51a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4fcb258ce7e628b81d67cdfc8f04493387fa74f6d05a91a10d361d9e4c0cdc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 12 Jun 2023 11:32:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5211
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KuGy1kH6EbjpYVeecnbgA2uaBT70qzSx4bodjM9vYaRy7QLRk0n62wFfYWjAF%2Fl7nVp59Boz1AbIgKtfHFTEfWl1NYKb0SRP4vBbUp4Z91Jn%2BpwUOwOy36765aiQzOCdg7DgH2Gda5fz%2FuSkQU%2FGT74%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 7d745ec7da9d5b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

Redirect headers

date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPmsdy2lH%2BgI2jzYVLYQRlqFgfw25%2FDsPMAjjaMON7jEj9xNlQMvgYaZdYcMdFz3%2FkkzoWWC6cE5tMVN3JxtWTO%2FLHEMgx0h9h1ED9%2B%2BkmSnD2b01PWmg4VeFJuZDfrC1%2FG4DvWEMO2fTrA8gp1lq3W%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c
cf-ray: 7d745ec79a6d5b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

GET
H2

200

40260545.js Show response
fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/
Redirect Chain

https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550235
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/service.js
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

404 KB
99 KB

40ms
37ms

Script
application/javascript

2606:4700:20::681a:51a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Server

2606:4700:20::681a:51a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4fcb258ce7e628b81d67cdfc8f04493387fa74f6d05a91a10d361d9e4c0cdc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 12 Jun 2023 11:32:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5211
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CaIyE0i3cP%2BpNUBMEngn9ts%2Fy1uaQL%2FA6T%2Brh4g2do1RfK5K0FYGQeXoLbvMdGYIUNKPEVFr%2BKwUNC5MRwxQOdblxEV81JIdeIYzYcjWuYaGkKAymgdGEnjIzHh7iDCUCNkKGQdzEdJpyM%2FOGNsLJ1%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 7d745ec7da9b5b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

Redirect headers

date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1spHTvkmVbEuYGdMgN9A251sRvjHLu53PqDWh9gVk2arbdW8Y1B%2FGgC%2B71hVgwy62xjOh%2BEzIy5VOsxJLOM%2BoqqPLlkYDbgAZBWHAxaYKj16tCli836kRIzQoIV5vbOTqvG%2Bg5Huw5h1RL0ajISxFZbx"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c
cf-ray: 7d745ec79a6f5b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

GET
H2

200

40260545.js Show response
fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/
Redirect Chain

https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550268
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/service.js
https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

404 KB
99 KB

37ms
37ms

Script
application/javascript

2606:4700:20::681a:51a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Server

2606:4700:20::681a:51a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4fcb258ce7e628b81d67cdfc8f04493387fa74f6d05a91a10d361d9e4c0cdc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 12 Jun 2023 11:32:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5211
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utQ7YuuWv9vLtMHJjqFwdGPCebaPLChXryHSRCunJu4DQbrLK63lAQlVsgFGABQlFeAeKOSfnx1%2Bd3vOefWM8%2B4x7Rvhlm2TOf%2Fll7BdM4O5oukecGx7%2FjsfOlc9AbzjsHUWienlrYWPqizHNdDw6NHD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 7d745ec8fb8f5b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

Redirect headers

date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAfuDBQ3pltZ6fYYO5cNs0fsfyQ%2Fk1%2FCp4HRgYJ1zeLGUqvIs9To7u3QATM0hf3TzH%2B2qjaEtvc6aodQ5BFAUCXyuAVZ%2Fbgtp6aHtN7kQCax3pXUu%2BaN8Y87YVI0zg8hYNjefR2yjYCA7WBkz8YNhSHJ"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/af45af18a2c8e5a5f49920c6bb346b12/40260545.js?npr=52af0802abc4bcc0deac8e2f02bb358c
cf-ray: 7d745ec79a705b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306080101/ 404 KB
125 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306080101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8bbbc366133eebc269aa0b4c9893140db2b61666a03417b07923f8201846ed8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:20:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37345
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127525
x-xss-protection: 0
server: cafe
etag: 1285551304932764827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 13 Jun 2024 07:20:05 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 2 KB
632 B 94ms
55ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=zegtrends.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

854f2a38af8bc5027032ed094b9554fe02348b5d37b5aab69ebe7456db80d5b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 607
x-xss-protection: 0
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
48 KB 169ms
112ms XHR
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: icutlink.com
URL: https://icutlink.com/GBdVC3EQX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dd8ab32a5542041b537e3a7a433820a69db106d263633c4b911b3f1f3c72a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48491
x-xss-protection: 0
server: cafe
etag: 11525644896956692914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
47 KB 214ms
157ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: icutlink.com
URL: https://icutlink.com/GBdVC3EQX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66b689fab7e989810060cb4d14838bc9614926f26b09bf2a592af44fa309e94f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47497
x-xss-protection: 0
server: cafe
etag: 4663388791850872676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H3

200

invisible.js Show response
zegtrends.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/ Frame 0844
Redirect Chain

https://zegtrends.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://zegtrends.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

7 KB
4 KB

29ms
28ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zegtrends.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

301ca0c5bdccd1229807608b7913b56b76e8c35c7a49be6a25a6d69ab859ef49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLirRuXcnpb99B5DfM3eOjbmMMxaOfsK3LWRWFqwlqGpE5R59v8USXw%2FVGznrYDImUeXDXwF81yHnRoYVpLH9kD1KxrP5rFKoZBb2CrwzGmp0hWV%2FTzf9YMBmlbTnz9ITeNX2FUkIbFnoVwB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7d745ec798f66907-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 14 Jun 2023 17:42:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HzYZ2RRRkbYygaSrpSymn24OJ%2BOJSN%2BYPzzyu4%2Fz3PHIgqI8coIwKAkcBv5y5CQTkTOe3cuIHJuPfIqKamygRBDLQziEtMra2r9nVYhrR2qcirC5BtSPcdkIUkEAN9Bn0kzg0xOHGayhYJW%2F"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7d745ec768ca6907-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 194 KB
72 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5GTLGFH6PV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-120299301-4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3704990b915a14f492b462da2db835c5423b11c98df8ee884a61bfdbc0cee63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73413
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 51 KB
20 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-120299301-4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 14 Jun 2023 17:04:48 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2262
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 14 Jun 2023 19:04:48 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
26ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1223064238&t=pageview&_s=1&dl=https%3A%2F%2Fzegtrends.com%2Fhacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work%2F&dr=https%3A%2F%2Ficutlink.com%2F&ul=en-us&de=UTF-8&dt=Hacking%20begins%20with%20a%20text%20message.%E2%80%9D%20How%20does%20the%20Pegasus%20spyware%20work%3F%20%E2%80%93%20ZegTrends&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=221356232&gjid=877633251&cid=927830104.1686764550&tid=UA-120299301-4&_gid=680265454.1686764550&_r=1&gtm=457e36c0&jsscut=1&z=1542681037

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zegtrends.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 119ms
21ms Image
image/gif 2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adslot=xsrmnm_728x90_
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 25 Jun 2022 14:52:58 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 30595772
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: Jr9eQkqTs4Vq4x08CJclpKG5R6RmeUcafF51-D2BIlYAMaEKnksWZw==

POST
H3 200 7d745ec15ce81c22 Show response
zegtrends.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 0844 0
572 B 33ms
32ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zegtrends.com/cdn-cgi/challenge-platform/h/g/cv/result/7d745ec15ce81c22
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7l8uaY0a071fFRPOH8UIBJi8%2BWxv%2Fo8L3ZVUWpSQ0Vftx5024eB5jIxDHthUmTvQCX50WjJ7ybtkSeMtaIi6VNjvlc3xsSEFNZEoNJupd51yC2K79BVLDmAV7Sc9ZaHMgo%2BnsCw6dnyHreIN"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7d745ec8fa4f6907-FRA
alt-svc: h3=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
344 B 72ms
21ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-120299301-4&cid=927830104.1686764550&jid=221356232&gjid=877633251&_gid=680265454.1686764550&_u=YEBAAUAAAAAAACAAI~&z=289817424

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zegtrends.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 154013155 Show response
fundingchoicesmessages.google.com/i/ 142 KB
48 KB 206ms
130ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/154013155?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

64a6bf9e4223918f7179381523dfd696918149dbe901ed7101717877dce49881

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-t2N1pT2ANnj1Au5bvUXdqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-t2N1pT2ANnj1Au5bvUXdqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
252 B 65ms
25ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5GTLGFH6PV&gtm=45je36c0&_p=1223064238&cid=927830104.1686764550&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1686764550&sct=1&seg=0&dl=https%3A%2F%2Fzegtrends.com%2Fhacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work%2F&dr=https%3A%2F%2Ficutlink.com%2F&dt=Hacking%20begins%20with%20a%20text%20message.%E2%80%9D%20How%20does%20the%20Pegasus%20spyware%20work%3F%20%E2%80%93%20ZegTrends&en=ramp_js&_fv=1&_ss=1&_ee=1&ep.pageview_id=1686764550232
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5GTLGFH6PV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 17:42:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zegtrends.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230613/r20190131/ Frame E85C 10 KB
5 KB 66ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230613/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zegtrends.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 1953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Jun 2023 17:09:57 GMT
etag: 15057649708203361565
expires: Wed, 28 Jun 2023 17:09:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cmp-gdpr.js Show response
fstatic.netpub.media//extra/cmp/ 10 KB
3 KB 37ms
36ms Script
application/javascript 2606:4700:20::681a:51a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fstatic.netpub.media//extra/cmp/cmp-gdpr.js

Requested by

Host: fstatic.netpub.media
URL: https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550235

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:51a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60259766455abae22fa5205bacd050b855b56558f9aaf86743ffd80c70f143b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Wed, 14 Jun 2023 17:42:31 GMT
date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 05 Jan 2023 22:50:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZhtrLucEnFa3oAaNG%2BoI5ntrw1I4Kl91Kfq50G2YQ28W88VxN69Uf%2BZcrvd5WEFPxthaAgfNijKNMzdnC1sMPLM33IDFQ4qw9T7KyrEwqYRLnEKV%2BcentUJSDxmRXaBDoqJiH3Jod2CSGrsGRXuOlnJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7d745ec9fc545b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

GET
H2 200 prebid_221021.js Show response
fstatic.netpub.media/renderer/ 1 MB
204 KB 47ms
47ms Script
application/javascript 2606:4700:20::681a:51a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fstatic.netpub.media/renderer/prebid_221021.js?4

Requested by

Host: fstatic.netpub.media
URL: https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550235

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:51a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f69a0572a2f70b5c79a31522fa13f77685ec0ccff6589e7c8120155d74a96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Wed, 14 Jun 2023 17:42:31 GMT
date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Fri, 21 Oct 2022 20:24:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuxIRHAfDtVuX8dUXGXcAKqZYH5UAuJLKHjXJlJfCGbVmc%2BC1YAQTgpjdHwQB5S9k0W%2FKvOK7PtoPjSaPVybvDIssh%2Fv1TE83jmWUTJ2BsJZ71rTnijrcIIkxwrWfrTnHzBvRNiqWvRWM8PSFUM7nex7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7d745ecadcf65b32-FRA
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: BYPASS

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 124 KB
48 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-228391614-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-120299301-4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3c206b0171ef914a7ef1455da3ba9bbc2eface4206ae7888a7bc5bb17e5ab07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49243
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 16:09:53 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 124 KB
48 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-228391614-1

Requested by

Host: fstatic.netpub.media
URL: https://fstatic.netpub.media/static/af45af18a2c8e5a5f49920c6bb346b12.min.js?1686764550235

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a3bd0b2c87f8f93b62a40515b821e8e26c457cd9d9511fc5647d29e87a79dfef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49244
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 16:09:53 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 178 KB
47 KB 94ms
22ms Script
text/javascript 2600:9000:2240:4400:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Requested by: Host: fstatic.netpub.media
URL: https://fstatic.netpub.media//extra/cmp/cmp-gdpr.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:4400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eb644f290f0fb1ea074d5a52e431e49cf9fa4adc1b345e7719d0d27a3fe78c9a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:38:33 GMT
content-encoding: gzip
via: 1.1 814952d19d560b49ff15ad2f71e400d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 238
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Fri, 19 May 2023 14:04:40 GMT
server: AmazonS3
etag: W/"f95487cc7143663d91de3ec4a26c4beb"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
vary: Accept-Encoding
x-amz-cf-id: ghUKGwVWYBTBHspheUi7bVU5mtEnXnTNheiV66NRr-ADYYyZlobn5g==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 26ms
26ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1223064238&t=pageview&_s=1&dl=https%3A%2F%2Fzegtrends.com%2Fhacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work%2F&dr=https%3A%2F%2Ficutlink.com%2F&ul=en-us&de=UTF-8&dt=Hacking%20begins%20with%20a%20text%20message.%E2%80%9D%20How%20does%20the%20Pegasus%20spyware%20work%3F%20%E2%80%93%20ZegTrends&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAACAAI~&jid=1911702289&gjid=1586216977&cid=927830104.1686764550&tid=UA-228391614-1&_gid=680265454.1686764550&_r=1&gtm=457e36c0&jsscut=1&z=1463358923

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zegtrends.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 46ms
13ms XHR
application/json 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20230614

Requested by

Host: fstatic.netpub.media
URL: https://fstatic.netpub.media/renderer/prebid_221021.js?4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b21efbd8d0cc83a00e823a0165c9aaff48cee19c44e77329caee5a268608030a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 17:42:30 GMT
x-content-type-options: nosniff
content-encoding: br
age: 6103
x-jsd-version: 1.0.1721
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 882
x-served-by: cache-fra-eddf8230103-FRA, cache-ams21025-AMS
x-jsd-version-type: version
etag: W/"643-upN+dWag2zcosuqh+d4rePqWSt0"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H3 200 726e0fffb8bc31fa96d784519d8d774de64ce59c281004c3 Show response
billowybelief.com/e4893e/ 206 B
233 B 65ms
46ms Fetch
application/json 2600:1901:0:636d::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://billowybelief.com/e4893e/726e0fffb8bc31fa96d784519d8d774de64ce59c281004c3

Requested by

Host: billowybelief.com
URL: https://billowybelief.com/bundles/c72a5ddacfbf9359304f27a20b5d1e2f481aaf.index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:636d::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

b03d5d3bbdd6148c4d3da1558eaac60bcbe13a3494fa4ebef401c200080dc0ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Wed, 14 Jun 2023 17:42:31 GMT
via: 1.1 google
x-buildnumber: 892946322
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://zegtrends.com
x-hostname: fen-hoothoot-europe-west1-spot-tzkm
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Wed, 14 Jun 2023 17:42:30 GMT

GET
H2 200 cmp-list.json Show response
test.cmp.quantcast.com/GVL-v2/ 10 KB
3 KB 85ms
22ms XHR
application/json 2600:9000:225e:fe00:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.cmp.quantcast.com/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fe00:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4af737f0d9b4d0f7ea8d3bdedef8cca3498b08c1acb62e0b7fe212a751a2f8c3

Request headers

Accept: application/json, text/plain, */*
Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 03:00:39 GMT
x-amz-version-id: s6Ju_WHEbdan68573EJruHoJQf_Z4hyo
content-encoding: br
via: 1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 52913
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 13 Jun 2023 19:52:29 GMT
server: AmazonS3
etag: W/"926ae1991ac38eff5686021d18d78eac"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: Qz--rzpTOxUJLoxOlmF9FFobXX1nDP1YPM8gR8TvnzSg3qpJuQzB1A==

GET
H2 200 videoCard.01fa78e7064a386f48fc.js Show response
cdn.intergient.com/pageos/1.9.26/ 554 B
904 B 26ms
26ms Script
text/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/pageos/1.9.26/videoCard.01fa78e7064a386f48fc.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df49112f965565d7af2a8ac08e7000ab6c2731ced4340c2b6c89a8097e94c2ea

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:36:49 GMT
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
last-modified: Tue, 06 Jun 2023 18:19:34 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 36343
etag: "ce3cc474e63b7f656de18953fb710c43"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 554
x-amz-cf-id: PYejExgG3FePHtDgmDuTsV5t8by_I_fSzkyms7uDE3EbZzsOHBkHrQ==

GET
H2 200 batchHandler.77ab1dc43eac56199813.js Show response
cdn.intergient.com/pageos/1.9.26/ 3 KB
2 KB 27ms
26ms Script
text/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/pageos/1.9.26/batchHandler.77ab1dc43eac56199813.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 743f0138a0425418260a773e375e698d20820a4a54c816e0819ba1efc38f09aa

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:26:56 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
last-modified: Tue, 06 Jun 2023 18:19:34 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 36935
etag: W/"4c0fd7be4ce9be47bd15a48c78fd791c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: ZpTkuY0Upc8F49IrG-5MHG2whx_m0b2akHpGgtgxEypm5P6fKMq3pA==

GET
H2 200 88.da4099999895d5101ca6.js Show response
cdn.intergient.com/pageos/1.9.26/ 49 KB
11 KB 27ms
27ms Script
text/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/pageos/1.9.26/88.da4099999895d5101ca6.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 14cd167420b962b3db2cc70fac2bfc7b49f23fdd0b93b9c73f6dc567f730643e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:26:43 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
last-modified: Tue, 06 Jun 2023 18:19:34 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 36949
etag: W/"390f1d013f98ebb10d7f0d50b5595896"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: i0TJqb0kZRe8FJrOLQFJnL9oj-eYdvIXGQ9Mku1NqXvgfZTtBVd0jQ==

GET
H2 200 gdpr.c2de08c890a9ff1b948f.js Show response
cdn.intergient.com/pageos/1.9.26/ 8 KB
3 KB 29ms
29ms Script
text/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/pageos/1.9.26/gdpr.c2de08c890a9ff1b948f.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90b0fe5ebdc2c1341fd45a6ac5af7102282dbbe766bdb03709af5e17a98a39b7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:34:27 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
last-modified: Tue, 06 Jun 2023 18:19:34 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 36562
x-amz-server-side-encryption: AES256
etag: W/"bd118c00044896c95522c53d3225c02b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: rT86f4X59umXz4sWTYgXKKo9lMgVL9a-iSrHPr6LCXdPqmc-pAJ3LQ==

GET
H2 200 price_floor.js Show response
config.playwire.com/websites/73399/ 3 KB
2 KB 138ms
22ms Script
application/javascript 2600:9000:223c:ec00:1a:1459:5cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.playwire.com/websites/73399/price_floor.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:ec00:1a:1459:5cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 4e739c681d160d872ebc171a6bf3e8890824679cf7315e7e746b5305dc140dd7

Request headers

Referer: https://zegtrends.com/
Origin: https://zegtrends.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:45:06 GMT
via: 1.1 vegur, 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
content-encoding: br
server: Cowboy
x-amz-cf-pop: FRA56-P2
age: 7044
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
access-control-expose-headers
vary: Accept-Encoding,Origin
x-amz-cf-id: isR_4MhMul53LQzyFBH61dgKf4TxGFEdVh1JtSwxDIsQGD0HyVf3bw==

GET
H2 200 tag Show response
btloader.com/ 45 KB
12 KB 109ms
45ms Script
application/javascript 2606:4700:20::681a:78b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5433151f2efbb5b17737233e7a9be2aca5c90f7c5f50216fea682aa56bb37b78

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 14 Jun 2023 17:01:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2362
etag: W/"fff3da3e041d0da2bd7ba27a8bcb498f"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVqWY%2FSjQc%2FTq%2BkYm01yKBHkuRjlB2ngCFMmS3X8FTpVd7XBG3Ft32MYOczEkOnBzRPsIJ0W%2BQP%2FVO80i5DYvoXw0czIfNnI%2F8bQc5bsXBfVkpVoEeJFNP2VgLUcxA6L92xi%2FSyc3tVxsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7d745ecc88949223-FRA

GET
H2 200 nielsen.b850d86715bcafaea630.js Show response
cdn.intergient.com/pageos/1.9.26/ 2 KB
1 KB 28ms
28ms Script
text/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/pageos/1.9.26/nielsen.b850d86715bcafaea630.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 55542c02f59ac047bd7ef87d8a2981b541995a09de59a89e419292a91f241202

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:26:57 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
last-modified: Tue, 06 Jun 2023 18:19:34 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 36935
etag: W/"70341af160996aa15aad5fcd74fdda2a"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 1bFJMlW56TmwPRXdR_mYikdwALcxVI6Xm3MqFegBiFG_tJL8ILGINw==

GET
H2 200 moatheader.js Show response
z.moatads.com/playwireprebidheader597261727146/ 114 KB
43 KB 98ms
19ms Script
application/x-javascript 23.32.185.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/playwireprebidheader597261727146/moatheader.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-123.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c1f8d62fb9091349c6a4a3d2e631b5b71fdc2d287f86bf05ee893561e2006958

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
content-encoding: gzip
last-modified: Thu, 18 May 2023 22:01:16 GMT
server: AmazonS3
x-amz-request-id: 6FF5EQ70P4A0W09K
etag: "8cdd912e941ca690d4d1c1ee235d0c20"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=46580
accept-ranges: bytes
content-length: 43584
x-amz-id-2: mFNDg8+3h5v/aXPxnwxwrtCEgYvffo/cg1I2Vnh4C/kn9jZyf8PrN9YFrKzHi0k5dpDBJHqJuv6QZMBQ+6ooYyHq0J2HgBfzTEweJCFpBw0=

POST
H3 200 1deb7f2194c421334c1eac70a7c607d3521ebfc38fe793cfb6d4a2 Show response
billowybelief.com/ 3 B
27 B 23ms
22ms Fetch
application/json 2600:1901:0:636d::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://billowybelief.com/1deb7f2194c421334c1eac70a7c607d3521ebfc38fe793cfb6d4a2

Requested by

Host: billowybelief.com
URL: https://billowybelief.com/bundles/c72a5ddacfbf9359304f27a20b5d1e2f481aaf.index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:636d::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Wed, 14 Jun 2023 17:42:31 GMT
via: 1.1 google
x-buildnumber: 892946322
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://zegtrends.com
x-hostname: fen-hoothoot-europe-west1-spot-tzkm
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 aws-sdk-kinesis.min.js.br Show response
cdn.intergient.com/pageos/js/libs/ 227 KB
57 KB 32ms
32ms Script
text/javascript 2600:9000:20c3:1600:12:4abd:d340:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergient.com/pageos/js/libs/aws-sdk-kinesis.min.js.br
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/1.9.26/batchHandler.77ab1dc43eac56199813.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1600:12:4abd:d340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b41e0020ff5a4bec857828c37b9a425a5e0024aac1fb1519dd9cf4562f0681ee

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 07:01:51 GMT
content-encoding: br
via: 1.1 af3abf09293a5c762de5e451f8d6a912.cloudfront.net (CloudFront)
last-modified: Tue, 15 Feb 2022 19:02:54 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 38441
etag: "575b9635960fa1d9b7ba4dafe1d2e7f5"
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 57858
x-amz-cf-id: ofLLnPF4AV2PQz_V91PIf6SIs92yWrW20rxUZrwr-PLNVlYfae6lyw==

GET
H2 200 cmp2ui-en.js Show response
cmp.quantcast.com/tcfv2/47/ 248 KB
61 KB 98ms
23ms Script
text/javascript 2600:9000:2240:4a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/47/cmp2ui-en.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:4a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b814d02958e339eaad22839ea7a29d3ade9071a5e9df9ce065def22ab595936

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 03:19:24 GMT
content-encoding: br
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 138188
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
cross-origin-resource-policy: cross-origin
last-modified: Fri, 19 May 2023 14:04:10 GMT
server: AmazonS3
etag: W/"556bc7ca21432cc0628ff6f67a5e09bc"
access-control-max-age: 604800
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: 5qGgoCG4_bNRzNmM9iHXLtacM_UqAY1QEbdEQEmfWA5-kqUT8DnhzQ==

GET
H2 200 vendor-list-trimmed-v1-tmp.json Show response
cmp.quantcast.com/GVL-v2/ 353 KB
43 KB 107ms
23ms XHR
application/json 2600:9000:2240:4a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1-tmp.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:4a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d0f3143f3ecea93e92391e08de3461a779d9c5094241779ccf1b57665a081133

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 03:00:37 GMT
content-encoding: br
via: 1.1 ed4565467c6c9847b6a3fcb6cec799e4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 52915
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Fri, 19 May 2023 13:17:10 GMT
server: AmazonS3
etag: W/"3bbcdaed7cdab54742c76eb6b3acaff4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: muTs-vjjOgalmUda_PqYc6Pv4rdlyB8LkE2SSRPnCV5jMZAVZicGWw==

GET
H2 200 google-atp-list.json Show response
cmp.quantcast.com/tcfv2/ 151 KB
36 KB 126ms
44ms XHR
application/json 2600:9000:2240:4a00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:4a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b

Request headers

Accept: application/json, text/plain, */*
Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 03:00:28 GMT
content-encoding: br
via: 1.1 ed4565467c6c9847b6a3fcb6cec799e4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 52923
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 14 Jun 2023 03:00:26 GMT
server: AmazonS3
etag: W/"1dbfd79d4ea7f69c0c42a2f6065532e7"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: tyjMg-eBXQv9gSQnTbhgPSB97P9OVgzqQDV0yUfbwpz8Fmq25rb2Gg==

GET
H2 200 px.gif
ad-delivery.net/ 43 B
864 B 92ms
26ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2219466
x-guploader-uploadid: ADPycdtofWi2ROsRhgUeHdaHIFi5CkrRDuyJu23b2NMTdlDzyz23cVaFIJWBeN_oGAa5ZjqbexOyPinclJoSKSh3oAxGaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fkzs94tcIuY9DVmDGNMo94ITY0vfZGWGW2uDF8GlrdOzQtxhKdwNPqKQCMsPI5vX%2BMWfCKDmpFAYzcgahVY0E9co%2F3jcrsjk7tLDKewVY72XzA4OvW%2B2fTLyVQpfMXXkiBnmmtkq%2Fxu70i8VYw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7d745ecd68869b33-FRA
expires: Sat, 20 May 2023 01:29:35 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 93ms
20ms Image
image/x-icon 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 18:29:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Jun 2023 18:29:56 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
337 B 95ms
29ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.019983422066879752
Requested by: Host: zegtrends.com
URL: https://zegtrends.com/hacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2219466
x-guploader-uploadid: ADPycdtofWi2ROsRhgUeHdaHIFi5CkrRDuyJu23b2NMTdlDzyz23cVaFIJWBeN_oGAa5ZjqbexOyPinclJoSKSh3oAxGaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrVJ1A012kxfCeME6BsxvL3MmXRS7W7ijHI4gzeyXbByxd2zz4VOtwknt0muIdtdyb8vX1NmQ%2Ft1ju1UclXtWvFkgm%2FvP1qFojRHagTpagLjAuNvRLzVGzyA480%2FmdRN00d4IC0j9jwoADm3TA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7d745ecd68889b33-FRA
expires: Sat, 20 May 2023 01:29:35 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 590 B
764 B 372ms
28ms Script
text/html 13.41.128.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5Bh3MB2z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-0CNnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-E31B1BNzs6uFgA%3D%3D&sc=1&os=1-JQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fzegtrends.com%2Fhacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work%2F&pcode=playwireprebidheader597261727146&rx=853624038044&callback=MoatNadoAllJsonpRequest_52747521
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/playwireprebidheader597261727146/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.128.163 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-41-128-163.eu-west-2.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: e09d1a81ac852e857b533e97845690b9c892166a1e1085a3cbe1d8ba2dcc139c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "4323ce10b3c0f7a630d880f0a39746951b22ce0b"
content-length: 590
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
audit-tcfv2.cmp.quantcast.com/ 2 B
101 B 80ms
20ms XHR
text/plain 35.158.65.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.cmp.quantcast.com/?log=%7B%22domain%22%3A%22zegtrends.com%22%2C%22publisher%22%3A%22%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.47%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22%22%2C%22clientTimestamp%22%3A1686764551289%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-bfgb6kbuw8wo9m1fvuxo%22%7D
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/47/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.65.69 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-65-69.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://zegtrends.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 14 Jun 2023 17:42:31 GMT
content-length: 2
content-type: text/plain; charset=utf-8

GET
H2 200 country Show response
api.btloader.com/ 16 B
194 B 157ms
113ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 157ms
113ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=pQqlMBSt6&w=5642487557783552&o=5150306120761344&cv=2.1.12-7-gb1eec29&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fzegtrends.com%2Fhacking-begins-with-a-text-message-how-does-the-pegasus-spyware-work%2F&sid=X6sVBYeh&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 14 Jun 2023 17:42:31 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 AGSKWxUdLPSeapQR09v7TpNfKnQt7un6EoEUe-U_URk0NHd6Y6GgEPHlk8JgjZJBaqMMC97MO5YRYt0eDFn4ZemCkD4= Show response
fundingchoicesmessages.google.com/f/ 971 KB
109 KB 199ms
198ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUdLPSeapQR09v7TpNfKnQt7un6EoEUe-U_URk0NHd6Y6GgEPHlk8JgjZJBaqMMC97MO5YRYt0eDFn4ZemCkD4=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjg2NzY0NTUxLDQwMDAwMDAwMF0sIjdCMDQyM0IyLUU3NzMtNDA3Qy04QjU1LTM1RTNEOTc0NkYzMiIsbnVsbCxudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vemVndHJlbmRzLmNvbS9oYWNraW5nLWJlZ2lucy13aXRoLWEtdGV4dC1tZXNzYWdlLWhvdy1kb2VzLXRoZS1wZWdhc3VzLXNweXdhcmUtd29yay8iLG51bGwsW1s4LCJObDZFY25QbEtMRSJdLFs5LCJubCJdLFsxOSwiMSJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.nl.Nl6EcnPlKLE.es5.O/d=1/rs=AJlcJMwevOpj_BFNSJaJPRY_4Qc26SL63Q/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e04ac59a21c299ed20e447225bef7e3d447438a8656c1cdcce2e4151bdce758c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-m90uDuDhSdAu19VQUHMIVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://zegtrends.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 17:42:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-m90uDuDhSdAu19VQUHMIVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

137 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
icutlink.com/	1969-12-31 23:59:59	Name: AdLinkFly Value: 803e0e2e198eb2a744452cbb1815ef11
icutlink.com/	1970-01-20 12:32:55	Name: isdr Value: false
icutlink.com/	1970-01-20 12:32:45	Name: rfsrc Value: blank
icutlink.com/	1969-12-31 23:59:59	Name: csrfToken Value: b41a3fc8450d9de8e4a5bbb55a6dbaf827e972ece26ba36b420df69047cdde6ffb5cd72e1987069bb9c05de545b9e3888e7483851b82ab26a5e6f9f87a4d65b7
icutlink.com/	1970-01-20 12:35:37	Name: visitor Value: Q2FrZQ%3D%3D.ZTFmYWJkNDAxMjk4M2E1ZmQ1MGViNWQ3YTBkNzkyNGI4ZmYwZTRmYTE3M2VhYmJlNjQxMTUxYjJlZmZlN2E4OB1seJrGtNk5s8%2F8EumknDq7%2FILAw4sDRs0HskStmROBeyNxAHEe7racFzm5%2BTeMqD%2Bvtx%2BzEwh66l33eoyeK%2BXOwdAR3ikUSi6PHj6vOAWs
icutlink.com/	1970-01-20 21:18:20	Name: HstCfa4141654 Value: 1686764549344
icutlink.com/	1970-01-20 21:18:20	Name: HstCla4141654 Value: 1686764549344
icutlink.com/	1970-01-20 21:18:20	Name: HstCmu4141654 Value: 1686764549344
icutlink.com/	1970-01-20 21:18:20	Name: HstPn4141654 Value: 1
icutlink.com/	1970-01-20 21:18:20	Name: HstPt4141654 Value: 1
icutlink.com/	1970-01-20 21:18:20	Name: HstCnv4141654 Value: 1
icutlink.com/	1970-01-20 21:18:20	Name: HstCns4141654 Value: 1
.icutlink.com/	1970-01-20 22:08:44	Name: _ga Value: GA1.2.2135713407.1686764549
.icutlink.com/	1970-01-20 12:34:10	Name: _gid Value: GA1.2.1383212885.1686764549
.icutlink.com/	1970-01-20 12:32:44	Name: _gat_gtag_UA_125598004_1 Value: 1
.zegtrends.com/	1970-01-20 12:34:10	Name: _gid Value: GA1.2.680265454.1686764550
.zegtrends.com/	1970-01-20 12:32:44	Name: _gat_gtag_UA_120299301_4 Value: 1
.zegtrends.com/	1970-01-20 12:32:46	Name: __cf_bm Value: LGIHe4tjsKHBPo3jzOkKwTf7txD84CnBgPqXJgOf2U8-1686764550-0-AcS3m6UBauyKMtYJTCacwE5dP4AkSpx7XXcCRC0aEU5t9d/FXwOAx1PifzpzKsr/kg==
.zegtrends.com/	1970-01-20 22:08:44	Name: _ga_5GTLGFH6PV Value: GS1.1.1686764550.1.0.1686764550.0.0.0
.zegtrends.com/	1970-01-20 22:08:44	Name: _ga Value: GA1.2.927830104.1686764550
.zegtrends.com/	1970-01-20 12:32:44	Name: _gat_gtag_UA_228391614_1 Value: 1
zegtrends.com/	1970-01-20 13:15:56	Name: _pbjs_userid_consent_data Value: 6683316680106290
zegtrends.com/	1970-01-20 21:54:20	Name: usprivacy Value: 1---
.zegtrends.com/	1970-01-20 22:01:32	Name: _awl Value: 2.1686764551.5-1f941dc60aadea2dcdace5f1339200b8-6763652d6575726f70652d7765737431-0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-delivery.net
ad.doubleclick.net
ajax.googleapis.com
api.btloader.com
audit-tcfv2.cmp.quantcast.com
billowybelief.com
btloader.com
cdn.intergi.com
cdn.intergient.com
cdn.jsdelivr.net
cmp.quantcast.com
config.playwire.com
fstatic.netpub.media
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
icutlink.com
mb.moatads.com
pagead2.googlesyndication.com
quantcast.mgr.consensu.org
region1.google-analytics.com
s10.histats.com
s4.histats.com
securepubads.g.doubleclick.net
sstatic1.histats.com
static.adsafeprotected.com
stats.g.doubleclick.net
test.cmp.quantcast.com
www.google-analytics.com
www.googletagmanager.com
z.moatads.com
zegtrends.com
13.41.128.163
130.211.23.194
142.250.186.134
149.56.240.129
149.56.240.27
2001:4860:4802:34::36
23.32.185.123
2600:1901:0:636d::1
2600:9000:20c3:1600:12:4abd:d340:93a1
2600:9000:223c:ec00:1a:1459:5cc0:93a1
2600:9000:223d:6c00:14:2602:6e80:93a1
2600:9000:223f:d600:8:48e:53c0:93a1
2600:9000:2240:4400:9:46dc:4700:93a1
2600:9000:2240:4a00:9:46dc:4700:93a1
2600:9000:225e:fe00:3:a4cd:8380:93a1
2606:4700:10::6814:51d
2606:4700:20::681a:246
2606:4700:20::681a:51a
2606:4700:20::681a:78b
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9c
2a04:4e42::485
2a06:98c1:3121::3
35.158.65.69
01257578d2da5f545555eac87bf2af86316f771deecd07a636847b6c9fe0d255
0ae970c0eba45d3ec315f94d3404ea6ad258ac546746921262261d3a713f6f9a
14cd167420b962b3db2cc70fac2bfc7b49f23fdd0b93b9c73f6dc567f730643e
1dd8ab32a5542041b537e3a7a433820a69db106d263633c4b911b3f1f3c72a72
23df4b95a6b30f70b8bca0726540badba53900209fa9675897e1ba798730bf80
301ca0c5bdccd1229807608b7913b56b76e8c35c7a49be6a25a6d69ab859ef49
31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4aad7d90f8da60eac91959b6c6e9c64a183ed5d0fd6f5b41b8627ab9f1fd7b1d
4af737f0d9b4d0f7ea8d3bdedef8cca3498b08c1acb62e0b7fe212a751a2f8c3
4e739c681d160d872ebc171a6bf3e8890824679cf7315e7e746b5305dc140dd7
509f69a0572a2f70b5c79a31522fa13f77685ec0ccff6589e7c8120155d74a96
5433151f2efbb5b17737233e7a9be2aca5c90f7c5f50216fea682aa56bb37b78
55542c02f59ac047bd7ef87d8a2981b541995a09de59a89e419292a91f241202
562517f7493a811891867c03059981133d7004b90d2d711499dbdfeec345d93c
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
60259766455abae22fa5205bacd050b855b56558f9aaf86743ffd80c70f143b5
64a6bf9e4223918f7179381523dfd696918149dbe901ed7101717877dce49881
655041914d43108b24bb44d410c868d7220236b43a75eac1421b3bfef13794cf
66b689fab7e989810060cb4d14838bc9614926f26b09bf2a592af44fa309e94f
67316ada892a49f9b496847f70f36a50e010719a9d31b05496834b42339fc3a2
6b814d02958e339eaad22839ea7a29d3ade9071a5e9df9ce065def22ab595936
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6da099a16c53c78982d829c915083580ae057aa04c19932dbf651ff36e92993b
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791
743f0138a0425418260a773e375e698d20820a4a54c816e0819ba1efc38f09aa
7a81e98f731181cf96fd18a1dd8124e3903cc002b733dd83d9bd72f039b6436b
7fc939688a8b0b30c4a4195e0e3c8b88535b239a5eb12c5b1acecd72c4e23415
854f2a38af8bc5027032ed094b9554fe02348b5d37b5aab69ebe7456db80d5b4
8bbbc366133eebc269aa0b4c9893140db2b61666a03417b07923f8201846ed8f
8cfa4bb0b75fdcd693fa4c85163cfabb1637870c5ca70a1e357461d98349792b
8ee11b4b0d9044456ba0a770e9d93bc482f5d5e5b3eab937a55747c786dccea6
90b0fe5ebdc2c1341fd45a6ac5af7102282dbbe766bdb03709af5e17a98a39b7
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3bd0b2c87f8f93b62a40515b821e8e26c457cd9d9511fc5647d29e87a79dfef
a7756535795a4e600777b5f7a81ed03d6df6f7789b61d481c0be2fbebf00c8e0
b03d5d3bbdd6148c4d3da1558eaac60bcbe13a3494fa4ebef401c200080dc0ed
b041e7b08a99e947327a5faf96e5ab7aeef39a467c0ef2240710a19857743da3
b21efbd8d0cc83a00e823a0165c9aaff48cee19c44e77329caee5a268608030a
b3c206b0171ef914a7ef1455da3ba9bbc2eface4206ae7888a7bc5bb17e5ab07
b41e0020ff5a4bec857828c37b9a425a5e0024aac1fb1519dd9cf4562f0681ee
c1f8d62fb9091349c6a4a3d2e631b5b71fdc2d287f86bf05ee893561e2006958
c98f74ed7ef0bb572066558188fd4215e8aef5dcde1c28a7a1df395557eaa024
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0f3143f3ecea93e92391e08de3461a779d9c5094241779ccf1b57665a081133
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df49112f965565d7af2a8ac08e7000ab6c2731ced4340c2b6c89a8097e94c2ea
e04ac59a21c299ed20e447225bef7e3d447438a8656c1cdcce2e4151bdce758c
e09d1a81ac852e857b533e97845690b9c892166a1e1085a3cbe1d8ba2dcc139c
e3704990b915a14f492b462da2db835c5423b11c98df8ee884a61bfdbc0cee63
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4fcb258ce7e628b81d67cdfc8f04493387fa74f6d05a91a10d361d9e4c0cdc0
e6dfa8b942e29b3b71e21c90d064eda9097afc6c98fab2c752f822a7a86942e6
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
eb644f290f0fb1ea074d5a52e431e49cf9fa4adc1b345e7719d0d27a3fe78c9a
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

zegtrends.com Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

72 Requests

94 %HTTPS

77 %IPv6

21 Domains

31 Subdomains

31 IPs

5 Countries

2493 kBTransfer

8724 kBSize

24 Cookies

0 Outgoing links

Page URL History

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

zegtrends.com Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

94 %
HTTPS

77 %
IPv6

21
Domains

31
Subdomains

31
IPs

5
Countries

2493 kB
Transfer

8724 kB
Size

24
Cookies

72 HTTP transactions
1 data transactions