www.theregister.com Open in urlscan Pro
104.18.5.22 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
Submission: On August 14 via api (August 14th 2024, 2:14:45 am UTC) from TR — Scanned from US

Summary HTTP 75 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 14 IPs in 2 countries across 7 domains to perform 75 HTTP transactions. The main IP is 104.18.5.22, located in and belongs to CLOUDFLARENET, US. The main domain is www.theregister.com. The Cisco Umbrella rank of the primary domain is 148008.
TLS certificate: Issued by WE1 on July 7th 2024. Valid for: 3 months.

This is the only time www.theregister.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 34	104.18.5.22 104.18.5.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:400d:c09::61	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:400d:c1d::71	15169 (GOOGLE) (GOOGLE)
9	142.251.174.101 142.251.174.101	15169 (GOOGLE) (GOOGLE)
5	172.217.197.157 172.217.197.157	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c07::84	15169 (GOOGLE) (GOOGLE)
2 4	2607:f8b0:400... 2607:f8b0:400d:c02::65	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::9a	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4004:c0b::84	15169 (GOOGLE) (GOOGLE)
1	104.16.200.109 104.16.200.109	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::64	15169 (GOOGLE) (GOOGLE)
1	142.251.111.103 142.251.111.103	15169 (GOOGLE) (GOOGLE)
75	14

34 104.18.5.22 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.theregister.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nir.theregister.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.theregister.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.16.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c09::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c1d::71 (Morganton, United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.174.101 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f101.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.197.157 (United States)

ASN15169 (GOOGLE, US)
PTR: qa-in-f157.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c07::84 (Washington, United States)

ASN15169 (GOOGLE, US)

365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c02::65 (Morganton, United States) 2 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c0b::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.200.109 (None, )

ASN13335 (CLOUDFLARENET, US)

regmedia.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::64 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.111.103 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	theregister.com 1 redirects www.theregister.com — Cisco Umbrella Rank: 148008 nir.theregister.com — Cisco Umbrella Rank: 557401 go.theregister.com — Cisco Umbrella Rank: 480047	180 KB
17	google.com 2 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 662 analytics.google.com — Cisco Umbrella Rank: 238 www.google.com — Cisco Umbrella Rank: 10	78 KB
16	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 157 365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 203	358 KB
6	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 280 stats.g.doubleclick.net — Cisco Umbrella Rank: 252	20 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	157 KB
1	regmedia.co.uk regmedia.co.uk — Cisco Umbrella Rank: 329238	408 B
75	7

	Domain	Requested by
28	www.theregister.com	www.theregister.com
12	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
9	pagead2.googlesyndication.com	pagead2.googlesyndication.com
6	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
5	nir.theregister.com	pagead2.googlesyndication.com www.theregister.com
5	securepubads.g.doubleclick.net	pagead2.googlesyndication.com www.theregister.com
4	analytics.google.com	2 redirects www.googletagmanager.com
2	www.google-analytics.com
2	www.googletagmanager.com	www.theregister.com www.googletagmanager.com
1	www.google.com	tpc.googlesyndication.com
1	regmedia.co.uk
1	go.theregister.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com	pagead2.googlesyndication.com
75	14

This site contains links to these domains. Also see Links.

Domain
account.theregister.com
search.theregister.com
whitepapers.theregister.com
forums.theregister.com
www.reddit.com
twitter.com
www.facebook.com
www.linkedin.com
api.whatsapp.com
www.sec.gov
go.theregister.com
www.nextplatform.com
devclass.com
blocksandfiles.com
situationpublishing.com

Subject Issuer	Validity	Valid
theregister.com WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
Frame ID: 87190B682C69E56461D157EE71EA4403
Requests: 55 HTTP requests in this frame

Frame: https://365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E54F7C9BD949590497AE7D04090F9964
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssSyXhsRaOnDrXEujHEXOq6xB-PkEd9LdbAqXBISOvcL94AM1-nj2UGLi36vLFYSt2X_1psF7FKtwcdxbAFL_JyaVhk2GhPqk9ZfwidlA-MDOeo_S0H6K7E4OIO6Iz1-tRNYps9MM8ALhUDyHOsJxQUiyEE7a7R2d6grnJFupjTExgJVrQMYmZVH9USeqCqEPI0UwPVkyeJGHkkGePzwD9gpIFQ66bLso3FBSxamTGX2iA1WXvuJkRgUjFi4E-_fSrsgBoHH-1GoIYeNSCs_W3YW18FQTBpVOPXtFk7SpGAf2ormPtk4Lczf46KJQNyfqaE9Z7MyRiizPWKeR09sMU5I4TnG1bUJo5DbIGRTy2yeGU7ldLXFLUUmv8tIi-6&sai=AMfl-YTylqHG16JbOP0xH4qtaD44D7zUootQyLKiHW0HoUbfnXbUkiFqOulohj0b3roMRvL2-fwd_NeFR5LSVYFRZAL-0NXtq618huoYXeH7fzvVs0c5ghaJebabeRh5fZylyfDnU_SUsd5ll8FDBAuUrpM&sig=Cg0ArKJSzFOgoenpoL63EAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 4B9FCB315826F7D078FDC215DF0C0AB5
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjBoIsShL0dpJmBQOZ96kDqqJHQ37-6vHjj5bgJmxQWu_mBk1DirEG9H1aw1Rk3Vu6outjloZwv991KwbxgxSqMMR-BpThQuBYZoakA8Lw14Ca16pWtdqi8CsbMBlqlx0ViTFivfh-WmExZ55XQyEevssP9wT2KcjaLVcYrZRPHcifCIC20bxTaqVRjETvcZd6zM-PXytF7b8Y5PTLCAAE8smo4vyvV3670oQSCT1DmGS_akc5cE_Vum3KTAb8X70cqbvwTxubrLl13TLjRUsURaa9AO1gyvURwiB7ZnIZPI6-hotijjIdHc2yPxuU6ybQr9UhYn9hdpRnqdhyCARCFuKLKkGeY-I5ezcAIMApu7Lm4qE8uxeJGXD75DGVECA-Dmo8lJd4fuxImAMIF27wILyRAvS2eGP4_g&sai=AMfl-YTdyAy8AK8tOPjxuinAq_HLjiRdNtUEP76evT7O_PKkpYxbYMSnjiUU95xPkRHBIiaA8pOn5ratiz1Kfkpm0kzkvG5wQhI6OeNB2-6ttiUeGYZMxgMQzMdz9ESFOmN6O2itOrse3NkVN76urpZnw9M&sig=Cg0ArKJSzBiTBIYYjSsmEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: AF88D752B273CBD76B57F1166FF1B3C5
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8D68343581D87C23885B82359BB10F94
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BCC82457E26E62B03EC7DD48414DCD67
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Manufacturer Orion SA says scammers conned it out of $60M • The Register

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

75
Requests

96 %
HTTPS

54 %
IPv6

7
Domains

14
Subdomains

14
IPs

2
Countries

793 kB
Transfer

2480 kB
Size

12
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://account.theregister.com/login?r=https%3A//www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
Title: Sign in / up

Search URL Search Domain Scan URL

URL: https://search.theregister.com/

Search URL Search Domain Scan URL

URL: https://whitepapers.theregister.com/
Title: Whitepapers

Search URL Search Domain Scan URL

URL: https://whitepapers.theregister.com/events/list/
Title: Webinars & Events

Search URL Search Domain Scan URL

URL: https://account.theregister.com/edit/newsletter/
Title: Newsletters

Search URL Search Domain Scan URL

URL: https://forums.theregister.com/forum/all/2024/08/13/orion_sa_says_scammers_conned/
Title: 5

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Orion%20SA%20says%20scammers%20conned%20company%20out%20of%20%2460%20million

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Orion%20SA%20says%20scammers%20conned%20company%20out%20of%20%2460%20million&url=https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Orion%20SA%20says%20scammers%20conned%20company%20out%20of%20%2460%20million&summary=Incident%20sounds%20like%20a%20BEC%20fraud%20targeting%20an%20unwitting%20staffer

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp

Search URL Search Domain Scan URL

URL: https://www.sec.gov/Archives/edgar/data/1609804/000095014224002170/eh240519238_8k.htm
Title: filing

Search URL Search Domain Scan URL

URL: https://go.theregister.com/tl/3042/shttps://www.theregister.com/2024/08/01/how_to_counter_adversarial_ai/
Title: Sponsored: How to counter adversarial AI

Search URL Search Domain Scan URL

URL: https://www.nextplatform.com/
Title: The Next Platform

Search URL Search Domain Scan URL

URL: https://devclass.com/
Title: DevClass

Search URL Search Domain Scan URL

URL: https://blocksandfiles.com/
Title: Blocks and Files

Search URL Search Domain Scan URL

URL: https://situationpublishing.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://go.theregister.com/k/abt_a HTTP 302
https://regmedia.co.uk/2007/09/13/tp.gif

Request Chain 66

https://analytics.google.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je48c0v887771649za200&_p=1723601682364&gcs=G111&gcd=13n3n3l3l6&npa=0&dma=0&tcfd=10000&tag_exp=0&cid=865350359.1723601683&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=3&sid=1723601682&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F08%2F13%2Forion_sa_says_scammers_conned%2F&dt=Manufacturer%20Orion%20SA%20says%20scammers%20conned%20it%20out%20of%20%2460M%20%E2%80%A2%20The%20Register&en=gam_impression&_c=1&_ee=1&ep.event=gam_impression&ep.eaid=5682556310&ep.eadv=16159899&ep.ebuy=102962979&ep.ecid=138348300972&ep.epid=22784672596&ep.adunit=%2F6978%2Freg_security%2Fcybercrime&ep.value=1&_et=295&tfd=3178 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=16985760495513611602&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-JXW44Y23NM&dl=https%3A%2F%2Fwww.theregister.com%3F

Request Chain 67

https://analytics.google.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je48c0v887771649za200&_p=1723601682364&gcs=G111&gcd=13n3n3l3l6&npa=0&dma=0&tcfd=10000&tag_exp=0&cid=865350359.1723601683&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=4&sid=1723601682&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F08%2F13%2Forion_sa_says_scammers_conned%2F&dt=Manufacturer%20Orion%20SA%20says%20scammers%20conned%20it%20out%20of%20%2460M%20%E2%80%A2%20The%20Register&en=gam_impression&_c=1&_ee=1&ep.event=gam_impression&ep.eaid=4666957584&ep.eadv=16159899&ep.ebuy=102962979&ep.ecid=138339321046&ep.epid=22784672596&ep.adunit=%2F6978%2Freg_security%2Fcybercrime&ep.value=1&_et=21&tfd=3201 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=14363782537546880045&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-JXW44Y23NM&dl=https%3A%2F%2Fwww.theregister.com%3F

75 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/ 60 KB
12 KB 306ms
169ms Document
text/html 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00dff766deb1e539d26321d746db48b096de0286e0890337024371c5648c89a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8b2d6ec76fdb0902-LAX
content-encoding: gzip
content-length: 11878
content-type: text/html; charset=UTF-8
date: Wed, 14 Aug 2024 02:14:40 GMT
expires: Wed, 14 Aug 2024 02:14:40 GMT
link: <https://pagead2.googlesyndication.com/tag/js/gpt.js>; rel=preload; as=script;,</design_picker/d5067505c1004513235b30ece43b64dbca25e639/javascript/_.js>; rel=preload; as=script;,</css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/scaffolding.css>; rel=preload; as=style;,</css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/design.css>; rel=preload; as=style;,</design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,</design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin;
server: cloudflare
vary: Accept-Encoding
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
x-reg-bofh: pfy01us

GET
H3 200 gpt.js Show response
pagead2.googlesyndication.com/tag/js/ 104 KB
32 KB 394ms
149ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

608e4dee35d626e8ef1432f46c0ee70bb2913ff2867636df96b844a1c1b176c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32442
x-xss-protection: 0
server: cafe
etag: 532 / 19949 / m202408080101 / config-hash: 1342855959641898508
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 14 Aug 2024 02:14:41 GMT

GET
H3 200 _.js Show response
www.theregister.com/design_picker/d5067505c1004513235b30ece43b64dbca25e639/javascript/ 221 KB
62 KB 74ms
72ms Script
application/javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/d5067505c1004513235b30ece43b64dbca25e639/javascript/_.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe1da7d7e56968797d6b3844f7bedd855b366e1496343527a22f4d2871bb86ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
content-encoding: gzip
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Thu, 18 Jul 2024 11:03:23 GMT
server: cloudflare
cf-cache-status: HIT
age: 2300838
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6ec8894f0902-LAX
alt-svc: h3=":443"; ma=86400
expires: Tue, 12 Aug 2025 11:05:35 GMT

GET
H3 200 scaffolding.css
www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/ 41 KB
7 KB 73ms
70ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/scaffolding.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b18c67c183da5eadf9f83380721ed6abd89f0707d57980f8a0e98a83e2b47f67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 391262
alt-svc: h3=":443"; ma=86400
content-length: 6432
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 09 Aug 2024 13:32:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03us
cf-ray: 8b2d6ec889530902-LAX
expires: Wed, 03 Sep 2025 13:33:15 GMT

GET
H3 200 design.css
www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/ 58 KB
11 KB 112ms
110ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/design.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85dd35c4ece840b12ce39fa89be8c1a1a8d190cb6cb8614f4f7778c68284bf28

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 391262
alt-svc: h3=":443"; ma=86400
content-length: 10906
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 09 Aug 2024 13:32:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy01us
cf-ray: 8b2d6ec889540902-LAX
expires: Wed, 03 Sep 2025 13:33:15 GMT

GET
H3 200 arimo-700.latin.woff2
www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/ 25 KB
25 KB 133ms
131ms Font
font/woff2 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
Origin: https://www.theregister.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3575423
alt-svc: h3=":443"; ma=86400
content-length: 25628
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Tue, 04 Feb 2020 15:35:20 GMT
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.theregister.com
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy01us
cf-ray: 8b2d6ec889560902-LAX
expires: Sat, 12 Apr 2025 17:16:00 GMT

GET
H3 200 arimo-400.latin.woff2
www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/ 26 KB
26 KB 133ms
131ms Font
font/woff2 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
Origin: https://www.theregister.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12420202
alt-svc: h3=":443"; ma=86400
content-length: 26144
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Tue, 04 Feb 2020 15:35:20 GMT
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.theregister.com
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03us
cf-ray: 8b2d6ec889580902-LAX
expires: Sat, 12 Apr 2025 17:16:00 GMT

GET
H3 200 story_only.css
www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/ 74 KB
11 KB 255ms
253ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a69ae0fff67c1a5e2e470cd2411f25fbf3ca119243db34edbf4bd2e887ebcf8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 391262
alt-svc: h3=":443"; ma=86400
content-length: 11227
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 09 Aug 2024 13:32:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy01us
cf-ray: 8b2d6ec8895d0902-LAX
expires: Wed, 03 Sep 2025 13:33:16 GMT

GET
H3 200 rows.css
www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/ 42 KB
7 KB 255ms
254ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/rows.css

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31339f0267540a113f28a27de6f90239957dc4429eb3fcbdf1454413b66c13b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 391262
alt-svc: h3=":443"; ma=86400
content-length: 6583
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 09 Aug 2024 13:32:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03us
cf-ray: 8b2d6ec8895e0902-LAX
expires: Wed, 03 Sep 2025 13:33:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
49 KB 371ms
124ms Script
application/javascript 2607:f8b0:400d:c09::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b5a3ad0963f76d7ce3748f23bd8d842aca3a643ef7b1d84c5732e8b676c9fb82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49797
x-xss-protection: 0
last-modified: Wed, 14 Aug 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 14 Aug 2024 02:14:41 GMT

GET
H3 200 user_icon_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/ 573 B
555 B 76ms
74ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

455442b80b731817ad9e5b615c3ffcedbb9e351dc57b0f0298b77cdb5d11d57d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:25:31 GMT
server: cloudflare
cf-cache-status: HIT
age: 12808124
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03us
cf-ray: 8b2d6eca5baa0902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 20:25:57 GMT

GET
H3 200 user_icon_filled_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/ 630 B
587 B 84ms
82ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f1cb4af215bea1d20e63989d2bc87cd3b6daf71af4e59b6ab7875154cecbceb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:25:31 GMT
server: cloudflare
cf-cache-status: HIT
age: 12823462
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03us
cf-ray: 8b2d6eca5bae0902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:22 GMT

GET
H3 200 reg_logo_no_strapline.svg
www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/ 5 KB
2 KB 82ms
80ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

391022a2690f18db5daf7a3bc0c5ad36f31b094da5a8912d57c775e5add18d57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 12819522
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03us
cf-ray: 8b2d6eca5bb00902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 17:15:59 GMT

GET
H3 200 magnifying_glass_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/ 368 B
461 B 78ms
76ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cbf748e68bf2fb8da497de517cbd7826d44c6b278cec89e22a9e13e193e4ded

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:16:36 GMT
server: cloudflare
cf-cache-status: HIT
age: 12819580
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01us
cf-ray: 8b2d6eca5bb10902-LAX
alt-svc: h3=":443"; ma=86400
expires: Mon, 23 Dec 2024 06:07:17 GMT

GET
H3 200 burger_menu_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/ 309 B
460 B 73ms
71ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dd339c31b8ec482e001dad4fb52e6f8f138ad772b74a2d387943e10df3bbc48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:01:09 GMT
server: cloudflare
cf-cache-status: HIT
age: 1641342
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca5bb20902-LAX
alt-svc: h3=":443"; ma=86400
expires: Mon, 18 Aug 2025 11:25:21 GMT

GET
H3 200 burger_menu_white_close_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/ 379 B
458 B 83ms
82ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77a839fdcd5d30ced4fa6ca4dce35057cdb7e31f420b1f89fec3491cdf8c3f84

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:01:09 GMT
server: cloudflare
cf-cache-status: HIT
age: 12812838
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca5bb40902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 19:07:23 GMT

GET
H3 200 bubble_comment_white.svg
www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/ 676 B
671 B 79ms
77ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 12812921
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01us
cf-ray: 8b2d6eca5bb60902-LAX
alt-svc: h3=":443"; ma=86400
expires: Tue, 26 Nov 2024 08:24:01 GMT

GET
H3 200 vulture_red.svg
www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/ 1 KB
877 B 259ms
258ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe083388f76e3adf62d2125ca792e750c814b06694f2362469ac82bb34a8e970

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:37:24 GMT
server: cloudflare
cf-cache-status: HIT
age: 816842
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03us
cf-ray: 8b2d6ec8895f0902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 17:17:40 GMT

GET
H3 200 social_share_icon.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/ 659 B
640 B 83ms
82ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 08:01:18 GMT
server: cloudflare
cf-cache-status: HIT
age: 12819580
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca5bb70902-LAX
alt-svc: h3=":443"; ma=86400
expires: Tue, 24 Dec 2024 06:16:49 GMT

GET
H3 200 vulture_white.png
www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/ 403 B
661 B 211ms
211ms Image
image/png 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b711585f391ac5f348dc41253cf4ffba5d49ed997c17170c1fe2498ff13ea817

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12812880
alt-svc: h3=":443"; ma=86400
content-length: 403
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03gb
cf-ray: 8b2d6ec8d9cc0902-LAX
expires: Mon, 23 Dec 2024 06:07:02 GMT

GET
H3 200 reddit.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
1 KB 76ms
75ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/reddit.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc879574756f32c9592427da6cd1248dd799b84b8ffaa746adcf447b17860a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 12819522
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01us
cf-ray: 8b2d6eca6bca0902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 17:15:59 GMT

GET
H3 200 twitter.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
930 B 81ms
79ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/twitter.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b27718b0495bdcff98dc2358a0cf76271178c7e83b000f336610fc8994316ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 12819522
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca6bce0902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 17:15:59 GMT

GET
H3 200 facebook.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 1 KB
822 B 74ms
72ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/facebook.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed1744324b3aad05fe51ed96e388004a4716276884a66b9abd5cef359140d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 12812921
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca6bd00902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sun, 22 Dec 2024 11:29:14 GMT

GET
H3 200 linkedin.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
976 B 79ms
77ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/linkedin.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41ef905e7d332a03311b4bb48d3894bccf04d8856a0e0a98ae98683538966025

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 3765779
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01us
cf-ray: 8b2d6eca6bd10902-LAX
alt-svc: h3=":443"; ma=86400
expires: Tue, 24 Dec 2024 12:14:25 GMT

GET
H3 200 whatsapp.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
956 B 79ms
77ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/whatsapp.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9d5ce7773dac38eff9082e13c7bc4307a7c4ba5e76cd95a2eb0faa0de662e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 12808067
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca6bd30902-LAX
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Dec 2024 08:03:07 GMT

GET
H3 200 bubble_comment_white.svg
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/ 676 B
672 B 75ms
73ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/bubble_comment_white.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/design.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/design.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 12808130
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03us
cf-ray: 8b2d6eca6bd40902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 20:24:58 GMT

GET
H3 200 bubble_comment_black.svg
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/ 892 B
782 B 79ms
78ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/bubble_comment_black.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/design.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d683ea3dda6066a1310b46c0e7bceec150db90ef0f33de34b15270f189479c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/37fc17c202182af77e95fb1e84ab811a7eb2a96e/design.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 12823407
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6eca6bd60902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:23 GMT

GET
H3 200 pubads_impl.js Show response
pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/ 474 KB
148 KB 124ms
123ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

4914b807405c17918f0690e7ab75bfb6eba6053859cc7eb477f0482c255b8075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 17:32:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 151130
x-xss-protection: 0
server: cafe
etag: 11205447520193479331
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 13 Aug 2025 17:32:45 GMT

GET
H2 200 6978 Show response
fundingchoicesmessages.google.com/i/ 203 KB
67 KB 398ms
145ms Script
application/javascript 2607:f8b0:400d:c1d::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/6978?ers=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::71 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c0c927954cc9f83ff0c5ff8d990a9bcc4860fdf7a01663a37ace9ca32600a00

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-LEM3-UeLl5oQhT8rZEQd6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:41 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-LEM3-UeLl5oQhT8rZEQd6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw1JBiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YF4ev0l1vlAvPfjJdajQOzIcZnVE4iFeDgmLvuwlU1gw7yLx5iVNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTAwsDI30DEziCwwAl_I_1Q"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 407ms
163ms XHR
text/html 142.251.174.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.wdWTgXs0TrQ.es5.O/am=XDA/d=1/rs=AJlcJMwmT0sYwIDWNa6EFPc1AV7tpntn9w/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YdHqJbax1UOGrGjG16Tp1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-YdHqJbax1UOGrGjG16Tp1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmLw0ZBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWafXX2KdD8R7P15iPQrEjhyXWT2BWIiHY9KyD1vZBBZ8ad7KpOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDCwMjfQMzOILDACTZjRk"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads.js Show response
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ 27 B
282 B 76ms
75ms XHR
application/javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ads.js

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/design_picker/d5067505c1004513235b30ece43b64dbca25e639/javascript/_.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12593330
alt-svc: h3=":443"; ma=86400
content-length: 27
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy02us
cf-ray: 8b2d6ed2bf2f0902-LAX
expires: Sat, 12 Apr 2025 17:15:01 GMT

GET
H2 200 AGSKWxXijN1mnn9x1_v01SVNYs4GkGK4yq-ouUY4w0NwDorhHd0LTew1AorWGV19y2wbAmm8DdxaJ6G9aHK5j7QPgMjnr9sNOTlTRA5ZoLkcNfsOu7ZIsNnaVDGovLV2Yqiua6oVdfCzRg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 144ms
143ms Script
application/javascript 2607:f8b0:400d:c1d::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXijN1mnn9x1_v01SVNYs4GkGK4yq-ouUY4w0NwDorhHd0LTew1AorWGV19y2wbAmm8DdxaJ6G9aHK5j7QPgMjnr9sNOTlTRA5ZoLkcNfsOu7ZIsNnaVDGovLV2Yqiua6oVdfCzRg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzIzNjAxNjgyLDMyODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tLzIwMjQvMDgvMTMvb3Jpb25fc2Ffc2F5c19zY2FtbWVyc19jb25uZWQvIixudWxsLFtbOCwid2RXVGdYczBUclEiXSxbOSwiZW4tVVMiXSxbMjIsInRydWUiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::71 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

388854ba479538533ae059f48a3526ad617c53942c90126a485637dd0920ce1d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-F3EhJYkjiHemG8XPMGO53w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-F3EhJYkjiHemG8XPMGO53w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmII1pBiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YF4ev0l1vlAvPfjJdajQOzIcZnVE4iFeDgmLfuwlU1gQtPHg4xKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGJgYWhkZ6BibxBQYAnKU_xQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 96 KB
20 KB 836ms
549ms Fetch
text/plain 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4208880070639218&correlator=476617099463451&eid=31079956%2C31085908%2C31086048%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202408080101&ptt=17&impl=fifs&gdpr=0&iu_parts=6978%2Creg_security%2Ccybercrime&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1x1%2C320x50%7C970x90%7C970x91%7C970x250%7C970x251%7C1200x270%7C1200x271%7C728x90%7C728x91%2C320x50%7C970x250%7C970x252%7C970x90%7C970x92%7C1200x270%7C1200x272%7C1200x600%7C1200x602%7C728x90%7C728x92%7C300x250%7C300x252%2C300x250%7C300x253%7C300x600%7C300x603%2C320x50%7C970x250%7C970x254%7C970x90%7C970x94%7C1200x270%7C1200x274%7C1200x600%7C1200x604%7C300x250%7C300x254%7C728x90%7C728x94%2C320x50%7C970x250%7C970x255%7C970x90%7C970x95%7C1200x270%7C1200x275%7C1200x600%7C1200x605%7C300x250%7C300x255%7C728x90%7C728x95&fluid=0%2Cheight%2Cheight%2C0%2Cheight%2Cheight&ifi=1&sfv=1-0-40&ists=32&sc=1&cookie_enabled=1&abxe=1&dt=1723601682343&lmt=1723601682&adxs=-12245933%2C15%2C15%2C1100%2C15%2C15&adys=-12245933%2C82%2C794%2C1078%2C2696%2C3197&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0%7C0%7C1%7C2&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theregister.com%2F2024%2F08%2F13%2Forion_sa_says_scammers_conned%2F&vis=1&psz=1200x3572%7C1200x3572%7C662x1959%7C300x633%7C1200x701%7C1200x805&msz=1200x0%7C1570x90%7C1570x250%7C300x600%7C1570x90%7C1570x90&fws=132%2C4%2C4%2C516%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600&htps=10&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1723601680688&idt=893&prev_scp=pos%3Dtop%26raptor%3Dkite%26unitnum%3D1%7Cpos%3Dtop%26raptor%3Dcondor%26unitnum%3D2%7Cpos%3Dtop%26raptor%3Dfalcon%26unitnum%3D4%7Cpos%3Dmid%26raptor%3Deagle%26unitnum%3D5%7Cpos%3Dbtm%26raptor%3Dhawk%26unitnum%3D8%7Cpos%3Dbtm%26raptor%3Dowl%26unitnum%3D9&cust_params=test%3D0%26li%3Dnull%26uid%3Dnull%26sc%3D1%26bwidth%3D16%26bheight%3D12%26orientation%3Dlandscape%26mm_segments%3D%26reg_vfc%3D0fc83846ecd673637ffbe9393e612e7c%26reg_bet%3D0fc83846ecd673637ffbe9393e612e7c%26tpt%3Dwww%2520story%26pid%3D235643%26pt%3Da%26axc%3Dnull%26kw%3Dphishing%26cat%3Dupdate_me%26tag%3Dnull%26author%3DConnor%252520Jones%26year%3D2024%26nsfw%3Dnull%26np%3D18%26eac%3D6%26ct%3Ds-async&adks=2313611811%2C3082794017%2C804057781%2C272299928%2C410670909%2C2150034044&frm=20&eoidce=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

0d69b16ca2cc9c64c3b1fcfa6bec8a276057aff1e4ffc427aa77f40f52166380

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20698
x-xss-protection: 0
google-lineitem-id: -2,-2,5682556310,4666957584,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,138348300972,138339321046,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E54F 0
0 705ms
122ms Document
text/html 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 14 Aug 2024 02:14:43 GMT
expires: Wed, 14 Aug 2024 02:14:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 333 KB
108 KB 134ms
133ms Script
application/javascript 2607:f8b0:400d:c09::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7c5c719fa97ceff8a24e60125e325c3846d313f3ba4fb5406ce18bd5780755a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 110878
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 14 Aug 2024 02:14:42 GMT

GET
H2 200 AGSKWxVqHbotdppRsreCeP_aCpMjAT2B_MzD9c5ikuYAa88F2aBXAa8Wkuatq9zDhiV2iM1Pd5neGM43qgdfp5_oYCFteBYOK92ZIWO3dvtZdRo3Te9BKk9Yb3Rt5DB3myA_wDfrX6_PIQ== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 141ms
141ms Script
application/javascript 2607:f8b0:400d:c1d::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVqHbotdppRsreCeP_aCpMjAT2B_MzD9c5ikuYAa88F2aBXAa8Wkuatq9zDhiV2iM1Pd5neGM43qgdfp5_oYCFteBYOK92ZIWO3dvtZdRo3Te9BKk9Yb3Rt5DB3myA_wDfrX6_PIQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzIzNjAxNjgyLDQ4MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDI0LzA4LzEzL29yaW9uX3NhX3NheXNfc2NhbW1lcnNfY29ubmVkLyIsbnVsbCxbWzgsIndkV1RnWHMwVHJRIl0sWzksImVuLVVTIl0sWzIyLCJ0cnVlIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c1d::71 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

708659f5b3086d5b4addd367c7cad3591f8672419a6f4a11800a9fd577cb17d3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-_CzQCExSOBfeqWvlKvTG-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:42 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-_CzQCExSOBfeqWvlKvTG-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmJw0pBiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YF4ev0l1vlAvPfjJdajQOzIcZnVE4iFeDgmLfuwlU3gxbI5nUxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGJgYWhkZ6BibxBQYAkIM_pA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 376ms
122ms Fetch
text/plain 2607:f8b0:400d:c02::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je48c0v887771649za200&_p=1723601682364&_gaz=1&gcs=G111&gcd=13n3n3l3l6&npa=0&dma=0&tcfd=10000&tag_exp=0&cid=865350359.1723601683&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723601682&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F08%2F13%2Forion_sa_says_scammers_conned%2F&dt=Manufacturer%20Orion%20SA%20says%20scammers%20conned%20it%20out%20of%20%2460M%20%E2%80%A2%20The%20Register&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.reg_uid=(reg_unknown)&ep.reg_auth=Connor%20Jones&ep.reg_sec=reg_security%2Fcybercrime&ep.reg_pt=www%20story&ep.reg_cat=update_me&ep.reg_alm=(reg_empty)&ep.reg_akwp=security%2C&ep.reg_uls=none&ep.reg_prev_pt=(reg_empty)&ep.reg_prev_ut=(reg_empty)&ep.reg_d11=(reg_unknown)&ep.reg_d12=(reg_unknown)&ep.reg_d14=(reg_unknown)&ep.reg_ded=(reg_unknown)&ep.reg_dorg=(reg_unknown)&ep.reg_ab_var=(reg_empty)&ep.reg_seg=(reg_empty)&ep.reg_aid=235643&ep.reg_asec=security%2Fcyber_crime&ep.reg_akw=phishing%2C&ep.reg_vfc=0fc83846ecd673637ffbe9393e612e7c&ep.reg_bet=0fc83846ecd673637ffbe9393e612e7c&ep.reg_noz=(reg_empty)&ep.reg_date_modified=2024-08-13T10%3A40%3A07Z&ep.reg_date_published=2024-08-13T11%3A27%3A08Z&ep.reg_description=Incident%20sounds%20like%20a%20BEC%20fraud%20targeting%20an%20unwitting%20staffer&ep.reg_image_url=https%3A%2F%2Fregmedia.co.uk%2F2024%2F08%2F13%2Fshutterstock_2464137791.jpg&ep.reg_title=Orion%20SA%20says%20scammers%20conned%20company%20out%20of%20%2460%20million&ep.reg_url=https%3A%2F%2Fwww.theregister.com%2F2024%2F08%2F13%2Forion_sa_says_scammers_conned%2F&ep.anonymize_ip=true&tfd=2377
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c02::65 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
257 B 386ms
130ms Ping
text/plain 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JXW44Y23NM&cid=865350359.1723601683&gtm=45je48c0v887771649za200&aip=1&dma=0&gcs=G111&gcd=13n3n3l3l6&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 17 KB
13 KB 390ms
147ms XHR
application/json 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202408080101&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

da017c0a66ad34fe9ee001feebddda6393533c376a8bc6aa9cf996a47b768e48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13045
x-xss-protection: 0

GET
H3 200 favicon.svg
www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/ 3 KB
2 KB 74ms
74ms Other
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e08434b894e29942adb095bf2d6f493ffd8e2aee21e8ad147f59e9bc2d400b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Mon, 27 Feb 2023 10:14:08 GMT
server: cloudflare
cf-cache-status: HIT
age: 12823503
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02us
cf-ray: 8b2d6ed78d780902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:38 GMT

GET
H3 200 favicon.ico
www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/ 15 KB
2 KB 89ms
75ms Other
image/x-icon 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0eadb5eb6ca47c35791250e31d41b66d9e7098ee6e74a3af1d4b75f5d11164e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 12757276
vary: Accept-Encoding
content-type: image/x-icon
cache-control: max-age=33696000
x-reg-bofh: pfy03us
cf-ray: 8b2d6ed82e380902-LAX
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4B9F 0
0 496ms
495ms Fetch
image/gif 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssSyXhsRaOnDrXEujHEXOq6xB-PkEd9LdbAqXBISOvcL94AM1-nj2UGLi36vLFYSt2X_1psF7FKtwcdxbAFL_JyaVhk2GhPqk9ZfwidlA-MDOeo_S0H6K7E4OIO6Iz1-tRNYps9MM8ALhUDyHOsJxQUiyEE7a7R2d6grnJFupjTExgJVrQMYmZVH9USeqCqEPI0UwPVkyeJGHkkGePzwD9gpIFQ66bLso3FBSxamTGX2iA1WXvuJkRgUjFi4E-_fSrsgBoHH-1GoIYeNSCs_W3YW18FQTBpVOPXtFk7SpGAf2ormPtk4Lczf46KJQNyfqaE9Z7MyRiizPWKeR09sMU5I4TnG1bUJo5DbIGRTy2yeGU7ldLXFLUUmv8tIi-6&sai=AMfl-YTylqHG16JbOP0xH4qtaD44D7zUootQyLKiHW0HoUbfnXbUkiFqOulohj0b3roMRvL2-fwd_NeFR5LSVYFRZAL-0NXtq618huoYXeH7fzvVs0c5ghaJebabeRh5fZylyfDnU_SUsd5ll8FDBAuUrpM&sig=Cg0ArKJSzFOgoenpoL63EAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 14 Aug 2024 02:14:43 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240813/r20110914/client/ Frame 4B9F 3 KB
1 KB 663ms
403ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240813/r20110914/client/window_focus_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 14:20:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42855
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1229
x-xss-protection: 0
server: cafe
etag: 16544991220582087243
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Aug 2024 14:20:28 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 4B9F 204 KB
63 KB 125ms
123ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

4d20e34d7517ba277214444e8f314c7b75141eb1979493453252daa941808ab7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 01:33:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2447
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64804
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 14 Aug 2024 02:33:56 GMT

GET
H3 200 / Show response
nir.theregister.com/ Frame 4B9F 0
309 B 270ms
200ms Script
application/x-javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nir.theregister.com/?s=sa/oid.102962979

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/x-javascript
cache-control: no-cache
x-reg-bofh: pfy03us
cf-ray: 8b2d6ed8df2c0902-LAX
content-length: 0
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 14945868773855063606
tpc.googlesyndication.com/simgad/ Frame 4B9F 826 B
951 B 662ms
404ms Image
image/gif 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14945868773855063606

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f60860ed20318b4c19db79f64862005e5038108caf55b143d7b1ef967450a091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Tue, 13 Aug 2024 16:29:22 GMT
x-content-type-options: nosniff
age: 35121
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 826
x-xss-protection: 0
last-modified: Sat, 01 May 2021 09:38:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 13 Aug 2025 16:29:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AF88 0
0 483ms
482ms Fetch
image/gif 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjBoIsShL0dpJmBQOZ96kDqqJHQ37-6vHjj5bgJmxQWu_mBk1DirEG9H1aw1Rk3Vu6outjloZwv991KwbxgxSqMMR-BpThQuBYZoakA8Lw14Ca16pWtdqi8CsbMBlqlx0ViTFivfh-WmExZ55XQyEevssP9wT2KcjaLVcYrZRPHcifCIC20bxTaqVRjETvcZd6zM-PXytF7b8Y5PTLCAAE8smo4vyvV3670oQSCT1DmGS_akc5cE_Vum3KTAb8X70cqbvwTxubrLl13TLjRUsURaa9AO1gyvURwiB7ZnIZPI6-hotijjIdHc2yPxuU6ybQr9UhYn9hdpRnqdhyCARCFuKLKkGeY-I5ezcAIMApu7Lm4qE8uxeJGXD75DGVECA-Dmo8lJd4fuxImAMIF27wILyRAvS2eGP4_g&sai=AMfl-YTdyAy8AK8tOPjxuinAq_HLjiRdNtUEP76evT7O_PKkpYxbYMSnjiUU95xPkRHBIiaA8pOn5ratiz1Kfkpm0kzkvG5wQhI6OeNB2-6ttiUeGYZMxgMQzMdz9ESFOmN6O2itOrse3NkVN76urpZnw9M&sig=Cg0ArKJSzBiTBIYYjSsmEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 14 Aug 2024 02:14:43 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240813/r20110914/client/ Frame AF88 3 KB
0 658ms
658ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240813/r20110914/client/window_focus_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 14:20:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42855
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1229
x-xss-protection: 0
server: cafe
etag: 16544991220582087243
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Aug 2024 14:20:28 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame AF88 204 KB
0 114ms
114ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

4d20e34d7517ba277214444e8f314c7b75141eb1979493453252daa941808ab7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 01:33:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2447
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64804
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 14 Aug 2024 02:33:56 GMT

GET
H3 200 / Show response
nir.theregister.com/ Frame AF88 0
308 B 402ms
141ms Script
application/x-javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nir.theregister.com/?s=sa/oid.102962979

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/x-javascript
cache-control: no-cache
x-reg-bofh: pfy01us
cf-ray: 8b2d6eda189e0902-LAX
content-length: 0
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 17373338981259057978
tpc.googlesyndication.com/simgad/ Frame AF88 93 KB
93 KB 369ms
121ms Image
image/jpeg 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17373338981259057978

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69a4265666a05b6e4a0d1a8d37d5da6cc4436f7fd406019fe5c49deceea62da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Sun, 11 Aug 2024 18:46:25 GMT
x-content-type-options: nosniff
age: 199698
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95102
x-xss-protection: 0
last-modified: Thu, 04 Feb 2021 19:13:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 11 Aug 2025 18:46:25 GMT

GET
H3 200 / Show response
nir.theregister.com/ 0
308 B 534ms
132ms Script
application/x-javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nir.theregister.com/?s=sa/oid.102962979

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/design_picker/d5067505c1004513235b30ece43b64dbca25e639/javascript/_.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/x-javascript
cache-control: no-cache
x-reg-bofh: pfy02us
cf-ray: 8b2d6edaf9d40902-LAX
content-length: 0
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame AF88 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bc5d5618ea513fdde9b0fc720186319752559603185e0eba40912bbc9948869

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ads-module. Show response
fundingchoicesmessages.google.com/f/AGSKWxVHEAvkhotnD9X0Oma3RKqgpnsOT0PhO3TC1veBkITZiE5cMzrK5nUGUXHBbHNo3QuElhfIrmODQ4QBGjb4g_x1vxbu7YSM95zw-WtPbE4uDwctrn9pdSUQ2Ii87n2yaRTdrYc3MxME7jay4Gz0Ci-eN4obr... 54 B
109 B 170ms
169ms Script
application/javascript 142.251.174.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVHEAvkhotnD9X0Oma3RKqgpnsOT0PhO3TC1veBkITZiE5cMzrK5nUGUXHBbHNo3QuElhfIrmODQ4QBGjb4g_x1vxbu7YSM95zw-WtPbE4uDwctrn9pdSUQ2Ii87n2yaRTdrYc3MxME7jay4Gz0Ci-eN4obrUDdguaKO8kFNiwlJefCHacPoMMtIc61/_/images/aff-_banner_adv__300.htm/sponsored_title./ads-module.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.wdWTgXs0TrQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzePiuloF4ij8FyG5pqdNDVZmvAeg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

92ae407cb8e85da4112581c8d3e854731d6796a8219ba532a435ce0413613eb5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-ylHnPtqXFPnA07VYFBlIAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-ylHnPtqXFPnA07VYFBlIAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmII1pBiOHHrNtMFID7vdIfpOhBLfH3JpAbETukzWAOA2Kd-BmsUELfePMc6GYiT_p1nLQBid62LrP5AvCTiIuuBxIushgqXWO2BeHr9Jdb5QLz34yXWo0DsyHGZ1ROIhXg4Ji_7sJVN4EfLz42MShpJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalF8UYGRiYGFoZGegYm8QUGANOTRTY"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 61 B
76 B 124ms
123ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51
x-xss-protection: 0
server: cafe
etag: 16023549773543154165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 14 Aug 2024 03:11:34 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-pF1hgruX4nSyBCwaQoMv8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-pF1hgruX4nSyBCwaQoMv8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmJw1pBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWafXX2KdD8R7P15iPQrEjhyXWT2BWIiHY_KyD1vZBCa0XljEqOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDCwMjfQMzOILDAB6fzQW"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
nir.theregister.com/ Frame 4B9F 0
308 B 465ms
133ms Script
application/x-javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nir.theregister.com/?s=sa/oid.102962979

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/x-javascript
cache-control: no-cache
x-reg-bofh: pfy01us
cf-ray: 8b2d6edbdb110902-LAX
content-length: 0
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 / Show response
nir.theregister.com/ Frame AF88 0
308 B 572ms
131ms Script
application/x-javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nir.theregister.com/?s=sa/oid.102962979

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:44 GMT
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/x-javascript
cache-control: no-cache
x-reg-bofh: pfy02us
cf-ray: 8b2d6edcac4f0902-LAX
content-length: 0
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B9F 0
0 207ms
202ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

tp.gif
regmedia.co.uk/2007/09/13/
Redirect Chain

https://go.theregister.com/k/abt_a
https://regmedia.co.uk/2007/09/13/tp.gif

43 B
408 B

242ms
87ms

Image
image/gif

104.16.200.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://regmedia.co.uk/2007/09/13/tp.gif

Protocol

Server

104.16.200.109 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69d77d9587f7e1475c01b26cc763774872a176a889d02ee7efb7fbb50ebdf327

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10157457
cf-polished: origSize=49, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 43
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
cf-bgj: imgq:85,h2pri
last-modified: Thu, 13 Sep 2007 11:17:03 GMT
server: cloudflare
etag: "31-43a027a4c29c0"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03us
cf-ray: 8b2d6edca9d467a9-SJC
expires: Mon, 08 Sep 2025 02:14:43 GMT

Redirect headers

date: Wed, 14 Aug 2024 02:14:43 GMT
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/html; charset=iso-8859-1
location: https://regmedia.co.uk/2007/09/13/tp.gif
x-reg-bofh: pfy02us
cf-ray: 8b2d6eda68fb0902-LAX
content-length: 292
alt-svc: h3=":443"; ma=86400

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AF88 0
0 410ms
202ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v0vlVnb0YewNKoTyg3qajQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: script-src 'report-sample' 'nonce-v0vlVnb0YewNKoTyg3qajQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmJw1JBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWafXX2KdD8R7P15iPQrEjhyXWT2BWIiHY_KyD1vZBB5cP9_FpOSSlF8Yn5yfV5KaV6KbmFKsC2IXZSaVluQXobBTy0AqcvLT0zPz0uONDIxMDCwMjfQMzOILDACh0TSe"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-WujUsTkSRMe--KsE8xDjyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-WujUsTkSRMe--KsE8xDjyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmJw0gDi9BmsIUDsrnWR1R-Il0RcZD2SeJF1ev0l1vlAvPfjJdajQOzIcZnVE4iFeDgmL_uwlU1gwfkJM5mUXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkYmBhaGRnoFZfIEBAH-KNCc"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eAlPWAkxKsmpiuc608ZSlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: script-src 'report-sample' 'nonce-eAlPWAkxKsmpiuc608ZSlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmJw0gDi9BmsIUDsrnWR1R-Il0RcZD2SeJF1ev0l1vlAvPfjJdajQOzIcZnVE4iFeDgmL_uwlU1gwomlM5iUXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkYmBhaGRnoFZfIEBAH6JNCQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxX14HSG6CWl7uFgd6BJZ56L7LxeMhZaumC74lrqVIZ15gp8v6RLEOAA1u638PiPgOXfRNuxIDYn_Jz4M42CT2VEKqeCs7SrJdiL_chptOeWHdFjTfjT40op9giu2S9AbE7zeuk4Tg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 149ms
148ms Script
application/javascript 142.251.174.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxX14HSG6CWl7uFgd6BJZ56L7LxeMhZaumC74lrqVIZ15gp8v6RLEOAA1u638PiPgOXfRNuxIDYn_Jz4M42CT2VEKqeCs7SrJdiL_chptOeWHdFjTfjT40op9giu2S9AbE7zeuk4Tg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzIzNjAxNjgzLDQ4OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tLzIwMjQvMDgvMTMvb3Jpb25fc2Ffc2F5c19zY2FtbWVyc19jb25uZWQvIixudWxsLFtbOCwid2RXVGdYczBUclEiXSxbOSwiZW4tVVMiXSxbMjIsInRydWUiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

75c79cbe3a760510be31f727c54268e0cb939e6b86d20dad43319d981e23065a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-aLUv7v5ffMci5-aLjLzGBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: script-src 'report-sample' 'nonce-aLUv7v5ffMci5-aLjLzGBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmLw1ZBiOO90h-k6EEt8fcmkBsRO6TNYA4DYp34GaxQQt948xzoZiJP-nWctAGJ3rYus_kC8JOIi64HEi6yGCpdY7YF4ev0l1vlAvPfjJdajQOzIcZnVE4iFeDgmL_uwlU3gR8vliUxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGJgYWhkZ6BibxBQYAn0s_3Q"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 391ms
391ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202408080101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Aug 2024 02:14:43 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 132ms
129ms Fetch
text/plain 2607:f8b0:400d:c02::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je48c0v887771649za200&_p=1723601682364&gcs=G111&gcd=13n3n3l3l6&npa=0&dma=0&tcfd=10000&tag_exp=0&cid=865350359.1723601683&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEI&sid=1723601682&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F08%2F13%2Forion_sa_says_scammers_conned%2F&dt=Manufacturer%20Orion%20SA%20says%20scammers%20conned%20it%20out%20of%20%2460M%20%E2%80%A2%20The%20Register&_s=2&tfd=3178
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c02::65 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

https://analytics.google.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je48c0v887771649za200&_p=1723601682364&gcs=G111&gcd=13n3n3l3l6&npa=0&dma=0&tcfd=10000&tag_exp=0&cid=865350359.1723601683&ul=en-us&s...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=16985760495513611602&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-...

0
0

384ms
131ms

Fetch
text/plain

2607:f8b0:4004:c1d::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=16985760495513611602&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-JXW44Y23NM&dl=https%3A%2F%2Fwww.theregister.com%3F
Protocol: H2
Server: 2607:f8b0:4004:c1d::64 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0x14d43e5b2231b298","source_keys":["1"]},{"key_piece":"0x55e7afeb06e2ba83","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"16985760495513611602","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["993989524"],"5":["08-14","08-13","08-12"]}}
date: Wed, 14 Aug 2024 02:14:44 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=16985760495513611602&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-JXW44Y23NM&dl=https%3A%2F%2Fwww.theregister.com%3F
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 480
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

https://analytics.google.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je48c0v887771649za200&_p=1723601682364&gcs=G111&gcd=13n3n3l3l6&npa=0&dma=0&tcfd=10000&tag_exp=0&cid=865350359.1723601683&ul=en-us&s...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=14363782537546880045&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-...

0
0

422ms
176ms

Fetch
text/plain

2607:f8b0:4004:c1d::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=14363782537546880045&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-JXW44Y23NM&dl=https%3A%2F%2Fwww.theregister.com%3F
Protocol: H2
Server: 2607:f8b0:4004:c1d::64 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0x14d43e5b2231b298","source_keys":["1"]},{"key_piece":"0x55e7afeb06e2ba83","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"14363782537546880045","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["993989524"],"5":["08-14","08-13","08-12"]}}
date: Wed, 14 Aug 2024 02:14:44 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:43 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=865350359.1723601683&dbk=14363782537546880045&dma=0&en=gam_impression&gcs=G111&gtm=45je48c0v887771649za200&npa=0&tid=G-JXW44Y23NM&dl=https%3A%2F%2Fwww.theregister.com%3F
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 480
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXAsqW-Y4-szWlbS_tdxPdinVguiYU-Euw47Aea3ybH7dxmHhzHVOIotNiccbNnHntATKPPFND1t1aphI0mCek2_MWNm1uNePYCD3-5tbd0oRoBxRSKxlDTxWCxFB2Wk5dth7Fcjw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 136ms
134ms XHR
text/html 142.251.174.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXAsqW-Y4-szWlbS_tdxPdinVguiYU-Euw47Aea3ybH7dxmHhzHVOIotNiccbNnHntATKPPFND1t1aphI0mCek2_MWNm1uNePYCD3-5tbd0oRoBxRSKxlDTxWCxFB2Wk5dth7Fcjw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UuU_cpXWE0JJThlhZGXxIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UuU_cpXWE0JJThlhZGXxIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmJw0JBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWafXX2KdD8R7P15iPQrEjhyXWT2BWIiHY_KyD1vZBBoWt1xjUnJJyi-MT87PK0nNK9FNTCnWBbGLMpNKS_KLUNipZSAVOfnp6Zl56fFGBkYmBhaGRnoGZvEFBgB2HjQK"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVDW3et6ie7Bk4OM5tW-_AuwM6kMIMbG0QH6RMshfhACLsIot-QqGCF5K8sQTPaVctFu9fkMSilfSj3HuqC_GgtawqVdOTbeCgVS5lUCub9NK1JA-k4Nm5-QF5QIhNhHCVBiacpTg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.101 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f101.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NBcDj9vzQykNz_eRlX7i5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 14 Aug 2024 02:14:43 GMT
content-security-policy: script-src 'report-sample' 'nonce-NBcDj9vzQykNz_eRlX7i5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmII1JBicEqfwRoCxO5aF1n9gXhJxEXWI4kXWafXX2KdD8R7P15iPQrEjhyXWT2BWIiHY_KyD1vZBDZcnvGEScklKb8wPjk_ryQ1r0Q3MaVYF8QuykwqLckvQmGnloFU5OSnp2fmpccbGRiZGFgYGukZmMUXGAAApLo0nQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame AF88 0
0 736ms
494ms Fetch
image/gif 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstp6R7-tfw7ox3rIB_qlv3_JzzLwbaRb2hY4cq174hnPg7VatXU3l24pDmSpuRaJtPY--avQI7sG7-fLT9u32M9QiM9pxGRZn_IR2o6VtApe_KdNbod9DegGpint59F20Di7PnN3QhSVDsSfQUXFh6jHQXzY2o93NcflM12KkY36Y8Lltguz28cA7U-nO3jwXIKkynmkyknukBL5Rh6UPfFh-YkJVpw12e3PF7gnbxfBeG5jYubI0Qf7Z1LB_6FRR7P_Il64qiXQFss00sks0-vZkXD6HebXRUIcea8GzzFfHIIWs0bPnfxMGyjlKNBEcTF-C7lixyj_lyxqF6811VlS1R4vz4p8rg5-RkTLn7rwmlwDvhIrc6brjQboJrV4lI&sai=AMfl-YQmE9dWxbN3qH1Ev8p1vRduHBvb1X_to4HynFVu5bkCBjdKm3LXa7S81K5z6hvS-81cq4OV1uhbgSkjjsLbd8BECK0R6QF17ez18sRMQeV26aiI5Bn8UvNxIMAyHCqXQBSYRapynId-dpev9s6f5H8&sig=Cg0ArKJSzJeuznNu5NIaEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 14 Aug 2024 02:14:44 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8D68 0
0 362ms
122ms Document
text/html 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 283393
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Aug 2024 19:31:31 GMT
expires: Sun, 10 Aug 2025 19:31:31 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame BCC8 0
0 382ms
139ms Document
text/html 142.251.111.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.103 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f103.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rEwPS6oEdBbpwMd5QzZUfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.theregister.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-rEwPS6oEdBbpwMd5QzZUfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 14 Aug 2024 02:14:44 GMT
expires: Wed, 14 Aug 2024 02:14:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4B9F 0
0 387ms
179ms Fetch
image/gif 172.217.197.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss-ZGItro6VbnR59X6ZYu0zwZwKbijMcWSg3B4tzypJQAuP52q1kI-cGXj_QVW6ZYTmv4rlSUlcODRHoV-5br-OKfda2dT7MNGzVVCdiRIwSSNo6nL-iR2DDY_9Sg_dObRu0bh1V3gQKqPJKodnTSxQUjX2LV4PgcIUftuqPeoaOlu0z49gl50qMwoKqUXarSPjdmTlqrjGqslGQru424BXcW5Gz3WKR_zjxc2QSg8dyxILYQqGteUT5-VzwgneTeR9lXSC8rbWN8lMr65SpmNZ3D5lu7LuvKBDJdv1hzZGPfm2UsWvKr5DZSdJQsUvdMAHyrniZuU9AqYW0pWH0RkyN9QgauBsVGTBpRZSdzA5m_HTm2u-We0BiW918lBEsl8&sai=AMfl-YS5Ovx8u6F5D6wfePpsAqH3cKfDyN7gJYxQ1NqNGds_nrFIQgRs5r0wOCVXO9PALh9Loo6QjNuTCnR-92X9bCegyFeNPFq_dS2RQAdFMM8Vg0K2b0VKYZTCf6oZgxRr-FX9aOKaAOcdDtosslp5ARg&sig=Cg0ArKJSzK1fxzR6NXDXEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 02:14:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 14 Aug 2024 02:14:44 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AF88 42 B
65 B 197ms
196ms Fetch
image/gif 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu_MTSG8upP9DnUyVWQwmHjJSrw1xEuKm2TTFYPqDlqr_Y2hUzUe6IxZia7tMbVBIycAnqBI-2eh3eXuub8JP2iG59OVRYAZj4OuSVTFxYZaEQIs5o-WezYnm98o2R-fqL3JpXsCMDCDo775Va8ZpXGfYIqS7HPYCQ&sig=Cg0ArKJSzNnVkaVWHCZ5EAE&id=lidar2&mcvt=1000&p=867,1100,1117,1400&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240812&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=272299928&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=1953448300&rst=1723601683234&rpt=661&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Aug 2024 02:14:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.theregister.com/	1970-01-21 07:32:17	Name: bucket Value: 698
.theregister.com/	1969-12-31 23:59:59	Name: sc Value: 1
.theregister.com/	1970-01-21 08:22:41	Name: _ga Value: GA1.1.865350359.1723601683
.theregister.com/	1970-01-21 08:08:17	Name: __gads Value: ID=6f2fe3b01a24a70f:T=1723601682:RT=1723601682:S=ALNI_MaMkiHWC5xrAHNOBBn32Erm5xmXfg
.theregister.com/	1970-01-21 08:08:17	Name: __gpi Value: UID=00000eca9fa70213:T=1723601682:RT=1723601682:S=ALNI_MZij-0JzZV_1wRHHCnTSogx8BaQ9g
.theregister.com/	1970-01-21 03:05:53	Name: __eoi Value: ID=e239e1a3bed780bb:T=1723601682:RT=1723601682:S=AA-AfjZ4d0cXEBuylmv0Kj5TBYM4
.nir.theregister.com/	1970-01-21 07:32:17	Name: sa Value: 1/oid.102962979
.theregister.com/	1970-01-21 08:22:41	Name: _ga_JXW44Y23NM Value: GS1.1.1723601682.1.0.1723601683.59.0.0
.theregister.com/	1970-01-21 07:32:17	Name: FCNEC Value: %5B%5B%22AKsRol9ZKfl9N9fqdpyrjxh77fzshaPPWniwTlZJYatIQgdndK1y7Sz6lLqak8Gy6Z9WO_XkHjcIp5MzOMH0gwDwNj4hw9krAhQOK6tmUjKCwn2fV-3ojlx2beBJXtPe3ePavHtDn-_2htJ6XwnVmQOEVAyptX6qVw%3D%3D%22%5D%5D
.theregister.com/	1970-01-21 03:08:46	Name: cmp Value: g0.c0.l0
.doubleclick.net/	1970-01-21 08:22:41	Name: IDE Value: AHWqTUmtur5n5EJadCKtHUzQNEs8nDKYqB2zCaNiKqJIa76pbKTvh1n6zybZGfqZaZs
.www.google-analytics.com/	1970-01-21 00:56:17	Name: ar_debug Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

365ef8de68c9c502158a0e22854afef9.safeframe.googlesyndication.com
analytics.google.com
fundingchoicesmessages.google.com
go.theregister.com
nir.theregister.com
pagead2.googlesyndication.com
regmedia.co.uk
securepubads.g.doubleclick.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.theregister.com
104.16.200.109
104.18.5.22
142.251.111.103
142.251.16.157
142.251.174.101
172.217.197.157
2607:f8b0:4004:c06::9a
2607:f8b0:4004:c07::84
2607:f8b0:4004:c0b::84
2607:f8b0:4004:c1d::64
2607:f8b0:400d:c02::65
2607:f8b0:400d:c09::61
2607:f8b0:400d:c1d::71
00dff766deb1e539d26321d746db48b096de0286e0890337024371c5648c89a7
0d69b16ca2cc9c64c3b1fcfa6bec8a276057aff1e4ffc427aa77f40f52166380
2e08434b894e29942adb095bf2d6f493ffd8e2aee21e8ad147f59e9bc2d400b0
31339f0267540a113f28a27de6f90239957dc4429eb3fcbdf1454413b66c13b2
388854ba479538533ae059f48a3526ad617c53942c90126a485637dd0920ce1d
391022a2690f18db5daf7a3bc0c5ad36f31b094da5a8912d57c775e5add18d57
41ef905e7d332a03311b4bb48d3894bccf04d8856a0e0a98ae98683538966025
455442b80b731817ad9e5b615c3ffcedbb9e351dc57b0f0298b77cdb5d11d57d
4914b807405c17918f0690e7ab75bfb6eba6053859cc7eb477f0482c255b8075
4c0c927954cc9f83ff0c5ff8d990a9bcc4860fdf7a01663a37ace9ca32600a00
4d20e34d7517ba277214444e8f314c7b75141eb1979493453252daa941808ab7
53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6
5dd339c31b8ec482e001dad4fb52e6f8f138ad772b74a2d387943e10df3bbc48
608e4dee35d626e8ef1432f46c0ee70bb2913ff2867636df96b844a1c1b176c8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a
69a4265666a05b6e4a0d1a8d37d5da6cc4436f7fd406019fe5c49deceea62da2
69d77d9587f7e1475c01b26cc763774872a176a889d02ee7efb7fbb50ebdf327
6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a
708659f5b3086d5b4addd367c7cad3591f8672419a6f4a11800a9fd577cb17d3
75c79cbe3a760510be31f727c54268e0cb939e6b86d20dad43319d981e23065a
77a839fdcd5d30ced4fa6ca4dce35057cdb7e31f420b1f89fec3491cdf8c3f84
7bc5d5618ea513fdde9b0fc720186319752559603185e0eba40912bbc9948869
7c5c719fa97ceff8a24e60125e325c3846d313f3ba4fb5406ce18bd5780755a4
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc
85dd35c4ece840b12ce39fa89be8c1a1a8d190cb6cb8614f4f7778c68284bf28
87d683ea3dda6066a1310b46c0e7bceec150db90ef0f33de34b15270f189479c
92ae407cb8e85da4112581c8d3e854731d6796a8219ba532a435ce0413613eb5
9cbf748e68bf2fb8da497de517cbd7826d44c6b278cec89e22a9e13e193e4ded
9f1cb4af215bea1d20e63989d2bc87cd3b6daf71af4e59b6ab7875154cecbceb
a69ae0fff67c1a5e2e470cd2411f25fbf3ca119243db34edbf4bd2e887ebcf8f
b18c67c183da5eadf9f83380721ed6abd89f0707d57980f8a0e98a83e2b47f67
b27718b0495bdcff98dc2358a0cf76271178c7e83b000f336610fc8994316ef1
b5a3ad0963f76d7ce3748f23bd8d842aca3a643ef7b1d84c5732e8b676c9fb82
b711585f391ac5f348dc41253cf4ffba5d49ed997c17170c1fe2498ff13ea817
b9d5ce7773dac38eff9082e13c7bc4307a7c4ba5e76cd95a2eb0faa0de662e34
c0eadb5eb6ca47c35791250e31d41b66d9e7098ee6e74a3af1d4b75f5d11164e
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
ccc879574756f32c9592427da6cd1248dd799b84b8ffaa746adcf447b17860a5
da017c0a66ad34fe9ee001feebddda6393533c376a8bc6aa9cf996a47b768e48
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed1744324b3aad05fe51ed96e388004a4716276884a66b9abd5cef359140d5
ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f60860ed20318b4c19db79f64862005e5038108caf55b143d7b1ef967450a091
f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca
fe083388f76e3adf62d2125ca792e750c814b06694f2362469ac82bb34a8e970
fe1da7d7e56968797d6b3844f7bedd855b366e1496343527a22f4d2871bb86ad

www.theregister.com Open in urlscan Pro 104.18.5.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

75 Requests

96 %HTTPS

54 %IPv6

7 Domains

14 Subdomains

14 IPs

2 Countries

793 kBTransfer

2480 kBSize

12 Cookies

17 Outgoing links

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.theregister.com Open in urlscan Pro
104.18.5.22 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

96 %
HTTPS

54 %
IPv6

7
Domains

14
Subdomains

14
IPs

2
Countries

793 kB
Transfer

2480 kB
Size

12
Cookies

75 HTTP transactions
1 data transactions