www.tomshardware.com Open in urlscan Pro
199.232.198.114 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Submission: On August 11 via api (August 11th 2021, 5:39:29 am UTC) from GB

Summary HTTP 192 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 34 IPs in 5 countries across 23 domains to perform 192 HTTP transactions. The main IP is 199.232.198.114, located in United States and belongs to FASTLY, US. The main domain is www.tomshardware.com.
TLS certificate: Issued by R3 on July 17th 2021. Valid for: 3 months.

This is the only time www.tomshardware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	199.232.198.114 199.232.198.114	54113 (FASTLY) (FASTLY)
7	151.101.14.114 151.101.14.114	54113 (FASTLY) (FASTLY)
11	67.27.233.124 67.27.233.124	3356 (LEVEL3) (LEVEL3)
7	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2600:9000:219... 2600:9000:2190:5400:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:551	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	99.86.4.12 99.86.4.12	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	8.248.113.252 8.248.113.252	3356 (LEVEL3) (LEVEL3)
1	65.9.7.60 65.9.7.60	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
2 4	13.224.96.37 13.224.96.37	16509 (AMAZON-02) (AMAZON-02)
3	185.113.25.61 185.113.25.61	20596 (FUTURE) (FUTURE)
1	52.84.45.35 52.84.45.35	16509 (AMAZON-02) (AMAZON-02)
12	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:3c00:16:61ad:2fc0:21	16509 (AMAZON-02) (AMAZON-02)
2	34.95.69.49 34.95.69.49	15169 (GOOGLE) (GOOGLE)
1	54.194.212.219 54.194.212.219	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
37	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
53	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
6 10	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
192	34

1 199.232.198.114 (United States)

ASN54113 (FASTLY, US)

www.tomshardware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.14.114 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

hawk.tomshardware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 67.27.233.124 (United States)

ASN3356 (LEVEL3, US)

vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

bordeaux.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
champagne.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
freyr.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
slice.vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.servebom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2190:5400:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:551 (United States)

ASN13335 (CLOUDFLARENET, US)

6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-12.fra6.r.cloudfront.net

uk-script.dotmetrics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 8.248.113.252 (United States)

ASN3356 (LEVEL3, US)

cdn.mos.cms.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.7.60 (Titusville, United States)

ASN16509 (AMAZON-02, US)

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.96.37 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-37.zrh50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.113.25.61 (United Kingdom)

ASN20596 (FUTURE, GB)

api.vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.45.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-45-35.mrs52.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:3c00:16:61ad:2fc0:21 (United States)

ASN16509 (AMAZON-02, US)

d4el4parm0zb3.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.212.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-212-219.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	googlesyndication.com 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	633 KB
37	ampproject.org cdn.ampproject.org	735 KB
24	futurecdn.net vanilla.futurecdn.net bordeaux.futurecdn.net champagne.futurecdn.net freyr.futurecdn.net cdn.mos.cms.futurecdn.net slice.vanilla.futurecdn.net api.vanilla.futurecdn.net	636 KB
21	doubleclick.net stats.g.doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	462 KB
12	google.com 6 redirects ampcid.google.com adservice.google.com www.google.com	1 KB
8	tomshardware.com www.tomshardware.com hawk.tomshardware.com	330 KB
6	gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com	90 KB
4	scorecardresearch.com 2 redirects sb.scorecardresearch.com	5 KB
4	google-analytics.com www.google-analytics.com	39 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	clean.gg i.clean.gg	104 B
2	adsafeprotected.com cdn.adsafeprotected.com pixel.adsafeprotected.com	9 KB
2	parsely.com cdn.parsely.com p1.parsely.com	18 KB
2	consensu.org quantcast.mgr.consensu.org	73 KB
1	google.be adservice.google.be	853 B
1	servebom.com ads.servebom.com	361 B
1	cloudfront.net d4el4parm0zb3.cloudfront.net	37 KB
1	skimresources.com r.skimresources.com	409 B
1	google.de ampcid.google.de	486 B
1	onesignal.com cdn.onesignal.com	3 KB
1	dotmetrics.net uk-script.dotmetrics.net	3 KB
1	permutive.app 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app	62 KB
192	23

	Domain	Requested by
53	tpc.googlesyndication.com	www.tomshardware.com d4el4parm0zb3.cloudfront.net 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com tpc.googlesyndication.com
37	cdn.ampproject.org	d4el4parm0zb3.cloudfront.net
13	vanilla.futurecdn.net	www.tomshardware.com vanilla.futurecdn.net
12	securepubads.g.doubleclick.net	bordeaux.futurecdn.net d4el4parm0zb3.cloudfront.net securepubads.g.doubleclick.net www.tomshardware.com
10	www.google.com	6 redirects www.tomshardware.com d4el4parm0zb3.cloudfront.net
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.tomshardware.com
7	googleads.g.doubleclick.net	www.tomshardware.com 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
7	hawk.tomshardware.com	www.tomshardware.com hawk.tomshardware.com
5	fonts.gstatic.com	fonts.googleapis.com
4	sb.scorecardresearch.com	2 redirects
4	www.google-analytics.com	www.tomshardware.com www.google-analytics.com vanilla.futurecdn.net
3	fonts.googleapis.com	d4el4parm0zb3.cloudfront.net tpc.googlesyndication.com
3	api.vanilla.futurecdn.net	vanilla.futurecdn.net
3	bordeaux.futurecdn.net	www.tomshardware.com bordeaux.futurecdn.net
2	www.googletagservices.com	d4el4parm0zb3.cloudfront.net 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
2	99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com	d4el4parm0zb3.cloudfront.net
2	i.clean.gg	d4el4parm0zb3.cloudfront.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	cdn.mos.cms.futurecdn.net	www.tomshardware.com
2	quantcast.mgr.consensu.org	www.tomshardware.com quantcast.mgr.consensu.org
1	encrypted-tbn3.gstatic.com	www.tomshardware.com
1	adservice.google.com	d4el4parm0zb3.cloudfront.net
1	adservice.google.be	d4el4parm0zb3.cloudfront.net
1	pixel.adsafeprotected.com	cdn.adsafeprotected.com
1	ads.servebom.com	bordeaux.futurecdn.net
1	d4el4parm0zb3.cloudfront.net	bordeaux.futurecdn.net
1	cdn.adsafeprotected.com	bordeaux.futurecdn.net
1	slice.vanilla.futurecdn.net	www.tomshardware.com
1	r.skimresources.com	hawk.tomshardware.com
1	p1.parsely.com	www.tomshardware.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	cdn.parsely.com	www.tomshardware.com
1	cdn.onesignal.com	www.tomshardware.com
1	uk-script.dotmetrics.net	www.tomshardware.com
1	freyr.futurecdn.net	www.tomshardware.com
1	6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app	www.tomshardware.com
1	champagne.futurecdn.net	www.tomshardware.com
1	www.tomshardware.com
192	39

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
flipboard.com
forums.tomshardware.com
www.futureplc.com
www.reddit.com
pinterest.com
share.flipboard.com
www.splunk.com
click.linksynergy.com

Subject Issuer	Validity	Valid
www.tomshardware.com R3	`2021-07-17` - `2021-10-15`	3 months	crt.sh
hawk.techradar.com R3	`2021-07-13` - `2021-10-11`	3 months	crt.sh
*.futurecdn.net DigiCert SHA2 High Assurance Server CA	`2020-06-26` - `2022-07-11`	2 years	crt.sh
bordeaux.futurecdn.net R3	`2021-07-14` - `2021-10-12`	3 months	crt.sh
champagne.futurecdn.net R3	`2021-07-06` - `2021-10-04`	3 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2021-07-23` - `2021-10-20`	3 months	crt.sh
freyr.futurecdn.net R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.dotmetrics.net Amazon	`2020-11-23` - `2021-12-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2020-09-10` - `2021-10-12`	a year	crt.sh
slice.vanilla.futurecdn.net R3	`2021-07-15` - `2021-10-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
api.vanilla.futurecdn.net R3	`2021-06-20` - `2021-09-18`	3 months	crt.sh
*.adsafeprotected.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
ads.servebom.com R3	`2021-07-11` - `2021-10-09`	3 months	crt.sh
i.clean.gg GTS CA 1D4	`2021-06-28` - `2021-09-26`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.google.be GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Frame ID: 17E4FB5ADEFC2419A71E6CCDF01A0950
Requests: 65 HTTP requests in this frame

Frame: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7CFAFCA8194A247D7D34A948532C75EE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: 12038D71BC752601C13FB373651C4EC5
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: 7A40CD812EA615823EABB26E30DECCCE
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: A64A6ECAB3A1E9B48C17DEDF3F78D65A
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: 8A809E76A7671CBF111F52F1C2842763
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: B463288C7B63AABC2E9D641A4CE12A51
Requests: 20 HTTP requests in this frame

Frame: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1527B084754B709ADD93CF9DA51ED805
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: 231CBABBC61AFFAC3A461C0D2269A9F8
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs
Frame ID: 279BAE48399F9B08561DE213EEA9027C
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html
Frame ID: FBBD11EA5E965E7878202AEE5D2B68AC
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 6CFA7D511401FD3FFB4E0C4842789571
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BDE0F8956A368A73B2B0D4E0F48B7372
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D17BC6D3FE1D29844B7CA57A24D97368
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

192
Requests

100 %
HTTPS

55 %
IPv6

23
Domains

39
Subdomains

34
IPs

5
Countries

3204 kB
Transfer

9310 kB
Size

8
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/tomshardware
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/tomshardware
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/toms.hardware
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/tomshardware
Title:

Search URL Search Domain Scan URL

URL: https://flipboard.com/@TomsHardware
Title:

Search URL Search Domain Scan URL

URL: https://forums.tomshardware.com/
Title: Forums

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/terms-conditions/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS&url=https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws&title=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws&media=https://cdn.mos.cms.futurecdn.net/iFw6D9tRzgWQJnvVYTu4ZQ-1200-80.jpg
Title:

Search URL Search Domain Scan URL

URL: https://share.flipboard.com/bookmarklet/popout?title=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS&url=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws
Title:

Search URL Search Domain Scan URL

URL: https://www.splunk.com/en_us/blog/security/threat-advisory-telegram-crypto-botnet-strt-ta01.html
Title: revealed

Search URL Search Domain Scan URL

URL: https://click.linksynergy.com/deeplink?id=kXQk6%2AivFEQ&mid=24542&u1=tomshardware-be-3896698923874091000&murl=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fremote-desktop-allow-access
Title: Network Level Authentication

Search URL Search Domain Scan URL

URL: https://forums.tomshardware.com/threads/splunk-details-monero-mining-malware-targeting-windows-servers-on-aws.3718216/
Title: Comment from the forums

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/terms-conditions/
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/
Title: Visit our corporate site

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/cookies-policy/
Title: Cookies policy

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/accessibility-statement/
Title: Accessibility Statement

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/services/advertising/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/brand/toms-hardware/
Title: Contact us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://sb.scorecardresearch.com/cs/10055482/beacon.js HTTP 302
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Request Chain 40

https://sb.scorecardresearch.com/b?c1=2&c2=10055482&cs_cmp_nc=1&cs_it=b2&cv=3.8.0.210223&ns__t=1628660353398&ns_c=UTF-8&c7=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&c8=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS%20%7C%20Tom%27s%20Hardware&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_cmp_nc=1&cs_it=b2&cv=3.8.0.210223&ns__t=1628660353398&ns_c=UTF-8&c7=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&c8=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS%20%7C%20Tom%27s%20Hardware&c9=

Request Chain 149

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 150

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 151

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 152

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 170

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 197

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

192 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request splunk-details-crypto-mining-malware-targeting-aws Show response
www.tomshardware.com/news/ 353 KB
88 KB 373ms
50ms Document
text/html 199.232.198.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.198.114 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b3f65288fd447fe63bd30350e2343a2181703816b5f13bdcd43f1fd1b99c63ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:method: GET
:authority: www.tomshardware.com
:scheme: https
:path: /news/splunk-details-crypto-mining-malware-targeting-aws
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
x-ftr-request-id: 46cec801-2dcb-4597-91e1-89515a5fe2c0 00000000:5AEA_00000000:01BB_6112AA0C_B71F99:1786
last-modified: Tue, 10 Aug 2021 16:31:18 GMT
x-traceid: 9e1f9a48c84ca120
xkey: tomshardware-platform-responsive tomshardware-article-Abp7qKeBu7tsnCMUMqSBKS tomshardware-articletype-news tomshardware-articletemplate-standard tomshardware-article-age-recent tomshardware-region-US tomshardware-language-en tomshardware-author-BDQMeiL4dueYgw4RzKZVNc tomshardware-tag-W8CKydy5LVwnPNQvGftHfR tomshardware-tag-SyH32JwcBgbt9Wnt4K9vFi tomshardware-tag-iA3fWVbtFg6jbkAzZZXVbi tomshardware-version-319417 tomshardware-server-phpfpm-f6b67ccdf-qd5xm
content-encoding: gzip
x-ftr-cache-status: HIT
x-ftr-expires: Thu, 12 Aug 2021 16:31:18 GMT
x-age: 54
expires: Tue, 10 Aug 2021 16:37:12 GMT
cache-control: max-age=300,public
x-ftr-balancer: fteproxyred
x-ftr-backend: www-live-sites-varnish-new
x-ftr-backend-server: ftevarnishprod-172-20-8-37
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 11 Aug 2021 05:39:11 GMT
age: 256
x-served-by: cache-lon4230-LON, cache-ams21071-AMS
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1628660351.105816,VS0,VE15
vary: Accept-Encoding
set-cookie: FTR_Country_Code=BE; path=/; domain=www.tomshardware.com FTR_Cache_Status=(null); path=/; domain=www.tomshardware.com
x-country-code: US
x-country-code-real: BE
strict-transport-security: max-age=300
content-length: 89141

GET
H2 200 seasonal.min.css
hawk.tomshardware.com/css/browser/16.8.8-c7e6972f0f5a3925cf8ca1cca1ee7b8587ffab5a/ 139 B
363 B 166ms
104ms Stylesheet
text/css 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/css/browser/16.8.8-c7e6972f0f5a3925cf8ca1cca1ee7b8587ffab5a/seasonal.min.css

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0ccc52d64165826b4617b8562fc6014853a380bebb2dbb01653b4e003b2af9ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
xkey: asset-type-fie-widgets
age: 67396
x-ftr-backend-server: fievarnishprodwhite
x-hawk-area: BE
x-ftr-dc: TC
x-ftr-realm: pip
x-ftr-backend: fie-assets
x-ftr-cache-status: HIT
content-length: 91
via: 1.1 varnish, 1.1 varnish
x-ftr-balancer: hawkproxyprodred
x-cache: HIT, HIT
x-ftr-request-id: 00000000:A70A_00000000:01BB_61125DE2_11139AA6:176B
last-modified: Tue, 10 Aug 2021 10:28:58 GMT
x-timer: S1628660351.224617,VS0,VE1
etag: "611254ea-8b"
x-served-by: cache-lon4241-LON, cache-fra19179-FRA
strict-transport-security: max-age=31557600
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=604800, immutable, stale-if-error=172800, stale-while-revalidate=172800
accept-ranges: bytes
x-ftr-expires: Tue, 17 Aug 2021 10:55:53 GMT
x-cache-hits: 1, 1

GET
H2 200 th.min.css
hawk.tomshardware.com/css/browser/ 5 KB
2 KB 165ms
104ms Stylesheet
text/css 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/css/browser/th.min.css

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d51a4ce647d02f462b4fb57f1607009cab8c1c7beae1b837c1bfcf52e9e09ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
xkey: asset-type-fie-widgets
age: 4059
x-ftr-backend-server: fievarnishprodred
x-hawk-area: BE
x-ftr-dc: IX
x-ftr-realm: pip
x-ftr-backend: fie-assets
x-ftr-cache-status: HIT
content-length: 1823
x-ftr-expires: Tue, 10 Aug 2021 20:04:58 GMT
x-ftr-balancer: hawkproxyprodblue
x-cache: HIT, HIT
x-ftr-request-id: 00000000:4FB6_00000000:01BB_6112D73E_6E934BB:4EEE
last-modified: Tue, 10 Aug 2021 10:28:58 GMT
x-timer: S1628660351.224616,VS0,VE1
etag: "611254ea-1418"
x-served-by: cache-lon4257-LON, cache-fra19179-FRA
strict-transport-security: max-age=31557600
content-type: text/css
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cache-control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
x-resp-is-stale: true
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 1, 1

GET
H/1.1 200
OK OpenSans.woff2
vanilla.futurecdn.net/tomshardware/319417/media/fonts/ 10 KB
11 KB 1700ms
1611ms Font
font/woff2 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/fonts/OpenSans.woff2
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 12b9d92963b594157b22adeebfbcf463b80c5d504f0fefe3bee1533e20a996c9

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:39 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48512
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 10191
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:AF36_00000000:0050_6112A4FF_124F077:03B6
Server: Footprint Distributor V6.1.1162
Content-Type: font/woff2
access-control-allow-origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:13:45 GMT

GET
H/1.1 200
OK OpenSans-Semibold.woff2
vanilla.futurecdn.net/tomshardware/319417/media/fonts/ 10 KB
11 KB 141ms
27ms Font
font/woff2 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/fonts/OpenSans-Semibold.woff2
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 83113ce831f3f1ec8841232d895e17f722444b1939f5230891f7ff17a7c53618

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:40 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48511
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 10363
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:6361_00000000:0050_6112A4FC_1BA6DE2:03B7
Server: Footprint Distributor V6.1.1162
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:13:45 GMT

GET
H/1.1 200
OK OpenSans-Bold.woff2
vanilla.futurecdn.net/tomshardware/319417/media/fonts/ 10 KB
11 KB 885ms
744ms Font
font/woff2 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/fonts/OpenSans-Bold.woff2
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 7a223174668e40dccd38462d34304503b75e31e700bff92b7e9e8fdda3274670

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:40 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48511
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 10258
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:50C2_00000000:0050_6112A4FD_124F06B:03B6
Server: Footprint Distributor V6.1.1162
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:11:36 GMT

GET
H/1.1 200
OK tomshardware.woff
vanilla.futurecdn.net/tomshardware/319417/media/fonts/ 7 KB
7 KB 342ms
25ms Font
font/woff 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/fonts/tomshardware.woff
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 3e9468665c5acce5c3dae0f39f6960c6a2556cb15ae40568ede28237920830f5

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:40 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48511
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 7043
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:B002_00000000:0050_6112A4FF_67AE1C:7D94
Server: Footprint Distributor V6.1.1162
Content-Type: font/woff
access-control-allow-origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:11:36 GMT

GET
H/1.1 200
OK tomshardware.min.css
vanilla.futurecdn.net/tomshardware/319417/media/css/ 367 KB
51 KB 436ms
78ms Stylesheet
text/css 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/css/tomshardware.min.css
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 3f2dabfb416c5178cc141e0b750a4ec8266a10e5a84d163bbc675aed7e0972a4

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:39 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48512
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 51658
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:E6BA_00000000:0050_6112A4FF_239F548:7D97
Server: Footprint Distributor V6.1.1162
Content-Type: text/css; charset=UTF-8
access-control-allow-origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:11:36 GMT

GET
H/1.1 200
OK main.c195831eafe2af860e56.bundle.js Show response
vanilla.futurecdn.net/tomshardware/319417/media/shared/js/ 419 KB
107 KB 516ms
74ms Script
application/javascript 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/main.c195831eafe2af860e56.bundle.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: d361027033a4488c38b28940726f768642dde03b9139de834fad457a8afa92fe

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:40 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48511
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 108856
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:954A_00000000:0050_6112A4FD_239F505:7D97
Server: Footprint Distributor V6.1.1162
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:13:44 GMT

GET
H/1.1 200
OK missing-image.svg
vanilla.futurecdn.net/tomshardware/media/img/ 985 B
1 KB 836ms
475ms Image
image/svg+xml 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/tomshardware/media/img/missing-image.svg
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: cabcc14eef05a71ce9dec2def4ea1d0b1e96212339b673beba93c11c329561ff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 16:51:48 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 650843
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:A861_00000000:0050_61097425_1538CBC:03B7
Server: Footprint Distributor V6.1.1162
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
X-Smartersafe-Version: 1-2-1
Expires: Thu, 02 Sep 2021 16:51:52 GMT

GET
H2 200 responsive.js Show response
hawk.tomshardware.com/js/w/es6/ 370 KB
121 KB 157ms
25ms Script
application/javascript 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/js/w/es6/responsive.js

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a1a34fb861006bf7627d4df4c082a1a30e2897f697a405eed1dfdc938d331605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
xkey: asset-type-fie-widgets
age: 4140
x-ftr-backend-server: fievarnishprodwhite
x-hawk-area: BE
x-ftr-dc: TC
x-ftr-realm: pip
x-ftr-backend: fie-assets
x-ftr-cache-status: HIT
content-length: 123242
x-ftr-expires: Tue, 10 Aug 2021 11:26:09 GMT
x-ftr-balancer: hawkproxyprodred
x-cache: HIT, HIT
x-ftr-request-id: 00000000:FA4A_00000000:01BB_61125DB4_1113918D:176B
last-modified: Tue, 10 Aug 2021 10:28:59 GMT
x-timer: S1628660351.302279,VS0,VE1
etag: W/"611254eb-5c9f6"
x-served-by: cache-lon11636-LON, cache-fra19124-FRA
strict-transport-security: max-age=31557600
content-type: application/javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cache-control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
x-resp-is-stale: true
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 bordeaux.js Show response
bordeaux.futurecdn.net/ 384 KB
105 KB 84ms
25ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://bordeaux.futurecdn.net/bordeaux.js

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

c8398e31b3b73e52aa057275f126aa35ade28a0ad82e6cbf2b11236ad2c7018c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 12:39:57 GMT
server: nginx/1.19.0
etag: W/"6111221d-5fe68"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1628660351.cds006.fr8.hn,1628660351.cds215.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2
accept-ranges: bytes
bordeaux-version: 4.3.0
content-length: 107069

GET
H2 200 champagne.js Show response
champagne.futurecdn.net/ 70 KB
22 KB 117ms
25ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://champagne.futurecdn.net/champagne.js

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

63757fb1a6cbb90253ca9e7a6123c8c6b60728a30ac3fd9f6e6f7203c96d9cef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 12:34:49 GMT
server: nginx/1.19.0
champagne-version: 1.2.4
etag: W/"611120e9-1197c"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1628660351.cds107.fr8.hn,1628660351.cds131.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=252
accept-ranges: bytes
content-length: 22361

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.tomshardware.com/ 5 KB
2 KB 41ms
12ms Script
application/javascript 2600:9000:2190:5400:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.tomshardware.com/choice.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:5400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83070c6af3b52c94b17addaa2bcdf1a8a920fefff6e205a4a569c63d8599aa01

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 11 Aug 2021 05:39:08 GMT
content-encoding: br
last-modified: Fri, 23 Jul 2021 11:24:32 GMT
server: AmazonS3
age: 8
etag: W/"440d1a57ae2277b1da6f8ff4749ed40c"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 871dedfc10f4428aa2412b6f788b791a.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: yNzB8XCbLv9kjiOK6yJqLAVHAg-YEV6JMI6MS-VHNBc4Vx-0timNLg==

GET
H2 200 6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js Show response
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/ 232 KB
62 KB 50ms
23ms Script
application/javascript 2606:4700::6812:551
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:551 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16022a1d920c53cf18ede216a4cad4fda672916cf4a1491601a119de61898db2

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: 6093eccf-6734-4877-ac8b-83d6d0e27b46
age: 2895
x-guploader-uploadid: ADPycdsSPsZphEKWFyvsiuK-pCYiB-P0Bzeh9QAg57n08HulVsOlRHZoG99Y_9xnAyYDJWFGLTH3Ou2VI0UOs6ypAFY_zAHw4w
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
last-modified: Tue, 10 Aug 2021 23:50:43 GMT
server: cloudflare
etag: W/"0e7acb7e074446992df33918359f7c16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EZfXiQ==, md5=DnrLfgdERpkt8zkYNZ98Fg==
x-goog-generation: 1628639443061714
cache-control: public, max-age=300
x-goog-stored-content-length: 65288
cf-ray: 67cf1f3b29a62c2e-FRA
expires: Wed, 11 Aug 2021 05:44:11 GMT

GET
H2 200 freyr.js Show response
freyr.futurecdn.net/ 63 KB
16 KB 756ms
276ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://freyr.futurecdn.net/freyr.js

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

f1a873716ff3480e85d10a6ed6eab27efebd838cef25975318acb061f2593813

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
last-modified: Wed, 28 Jul 2021 14:45:49 GMT
server: nginx/1.19.0
etag: W/"61016d9d-fc77"
strict-transport-security: max-age=15724800; includeSubDomains
freyr-version: 1.2.5
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=752
accept-ranges: bytes
content-length: 16639
x-hw: 1628660351.cds107.fr8.hn,1628660351.cds144.fr8.c

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 26ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1530
date: Wed, 11 Aug 2021 05:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 07:13:41 GMT

GET
H2 200 door.js Show response
uk-script.dotmetrics.net/ 7 KB
3 KB 389ms
45ms Script
application/javascript 99.86.4.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uk-script.dotmetrics.net/door.js?d=www.tomshardware.com&t=th
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-12.fra6.r.cloudfront.net
Software: Kestrel /
Resource Hash: 645a80058a6a22a957751f3ddb0614e4704e0440f97daf7dbca263be8af8234b

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: br
server: Kestrel
x-amz-cf-pop: FRA6-C1
etag: ".www.tomshardware.com.th.184.2021081105"
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a245.cloudfront.net (CloudFront)
cache-control: private
content-type: application/javascript
x-amz-cf-id: zh6U00XJZQUoAwZq2ERy6nc64alrY9U0uc1CjdeG4l6INsEpmk9n-A==

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 27ms
12ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ca739a13d804ea8806c9878d5b463d2a2c2a75b61a1b2f8a8e104e9b0daecb5

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 424
etag: W/"96fc99e13be87550fcfc4474d30d43d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 67cf1f3b191a4e67-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 14 Aug 2021 05:39:11 GMT

GET
H/1.1 200
OK iFw6D9tRzgWQJnvVYTu4ZQ-970-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 38 KB
39 KB 229ms
46ms Image
image/webp 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mos.cms.futurecdn.net/iFw6D9tRzgWQJnvVYTu4ZQ-970-80.jpg.webp
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.19.0 /
Resource Hash: 5c0e5b8ab432dbc1aa10af697ef5e0205b565c913fcdda2fcb31c16e529cdb81

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:33:58 GMT
X-Backend: default
Age: 47113
X-FTR-DC: uk-lon-pub
X-FTR-Realm: pip
X-FTR-Backend: mos_kodiak
Connection: keep-alive
X-FTR-Cache-Status: MISS
Content-Length: 39002
X-FTR-Balancer: bulk-proxy-1
X-FTR-Request-ID: 00000000:CDC9_00000000:0050_6112AA73_5598256:BBBC
Server: nginx/1.19.0
ETag: b167bde17e53cc91d69e1afcef0be28e
X-Served-By: kodiak-varnish-7cf5d4cc4d-2gh8v
Content-Type: image/webp
X-FTR-Backend-Server: kube
Cache-Control: max-age=5184000
Accept-Ranges: bytes
Expires: Sat, 09 Oct 2021 16:36:27 GMT

GET
H2 200 hawklinks.js Show response
hawk.tomshardware.com/hl/es6/ 163 KB
43 KB 191ms
126ms Script
application/javascript 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/hl/es6/hawklinks.js

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e2fa6d1855227e4e14798ec81eb6b99fc1bba60cbe4a13f6e7dc93ca1d37a924

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Origin: https://www.tomshardware.com
Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
xkey: asset-type-fie-hawklinks
age: 3505
x-ftr-backend-server: fievarnishprodred
x-hawk-area: BE
x-ftr-dc: TC
x-ftr-realm: pip
x-ftr-backend: fie-assets
x-ftr-cache-status: HIT
content-length: 43841
x-ftr-expires: Mon, 09 Aug 2021 06:30:37 GMT
x-ftr-balancer: hawkproxyprodred
x-cache: HIT, HIT
x-ftr-request-id: 00000000:21FE_00000000:01BB_6110C70C_10C7C8DE:176B
last-modified: Tue, 03 Aug 2021 15:06:13 GMT
x-timer: S1628660351.302519,VS0,VE1
etag: "61095b65-28df0"
x-served-by: cache-lon4266-LON, cache-fra19124-FRA
strict-transport-security: max-age=31557600
content-type: application/javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cache-control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
x-resp-is-stale: true
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 p.js Show response
cdn.parsely.com/keys/tomshardware.com/ 47 KB
18 KB 112ms
51ms Script
application/javascript 65.9.7.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/tomshardware.com/p.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.7.60 Titusville, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: dd93985eea800fc37126144256a16050847e783c4e53afac03c10ae1ba7e9e15

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 11 Aug 2021 03:13:56 GMT
content-encoding: gzip
last-modified: Mon, 01 Mar 2021 17:08:16 GMT
server: nginx
age: 8727
etag: W/"603d1f80-bd31"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 df7c0ba7857d5300ae11e7566c926f17.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 3YMUZ1r8aQFbcRMdm8myUTcgOfCgHB_UsRx7rMvQEb-dOm5qJQE2aQ==
expires: Thu, 12 Aug 2021 03:13:44 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
557 B 33ms
13ms XHR
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.tomshardware.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/28/ 278 KB
71 KB 23ms
22ms Script
text/javascript 2600:9000:2190:5400:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/28/cmp2.js?referer=www.tomshardware.com
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.tomshardware.com/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:5400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 29507fd3a172d0d54a23c53defa95fe78dbf477c5577b7b789abc2946c8a40d8

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: br
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Wed, 10 Mar 2021 17:10:52 GMT
server: AmazonS3
etag: W/"814cf3c7bdd5dafb6ad642c1b52006c2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 871dedfc10f4428aa2412b6f788b791a.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-meta-qc-ineu: True
x-amz-cf-id: LB7gZbQdYmuzqJ3rJGda51yEg20stp9DbFREDj_kn7xQ_VCqo6XNBQ==

GET
H2 200 th.min.css
hawk.tomshardware.com/css/browser/ 5 KB
2 KB 565ms
565ms Other
text/css 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/css/browser/th.min.css

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d51a4ce647d02f462b4fb57f1607009cab8c1c7beae1b837c1bfcf52e9e09ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
xkey: asset-type-fie-widgets
age: 4059
x-ftr-backend-server: fievarnishprodred
x-hawk-area: BE
x-ftr-dc: IX
x-ftr-realm: pip
x-ftr-backend: fie-assets
x-ftr-cache-status: HIT
content-length: 1823
x-ftr-expires: Tue, 10 Aug 2021 20:04:58 GMT
x-ftr-balancer: hawkproxyprodblue
x-cache: HIT, HIT
x-ftr-request-id: 00000000:4FB6_00000000:01BB_6112D73E_6E934BB:4EEE
last-modified: Tue, 10 Aug 2021 10:28:58 GMT
x-timer: S1628660351.331894,VS0,VE0
etag: "611254ea-1418"
x-served-by: cache-lon4257-LON, cache-fra19179-FRA
strict-transport-security: max-age=31557600
content-type: text/css
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cache-control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
x-resp-is-stale: true
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 1, 3

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
486 B 33ms
13ms XHR
application/json 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.tomshardware.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
260 B 413ms
101ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1628660351381&plid=38182793&idsite=tomshardware.com&url=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&sref=&sts=1628660351378&slts=0&title=Splunk+Details+Monero-Mining+Malware+Targeting+Windows+Servers+on+AWS+%7C+Tom%27s+Hardware&date=Wed+Aug+11+2021+07%3A39%3A11+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=33373864&u=pid%3D2ed64bd83e191fcd7be9d0fa4cc7c3ad
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 05:39:11 GMT
Cache-Control: no-cache
Last-Modified: Wednesday, 11-Aug-2021 05:39:11 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK OpenSans-Light.woff2
vanilla.futurecdn.net/tomshardware/319417/media/fonts/ 10 KB
10 KB 264ms
263ms Font
font/woff2 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/fonts/OpenSans-Light.woff2
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/css/tomshardware.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 6ed0702c109875dca01cfa51b44aa5c9da3f51892f8e9ba54e523d772ca20afb

Request headers

Origin: https://www.tomshardware.com
Referer: https://vanilla.futurecdn.net/tomshardware/319417/media/css/tomshardware.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:40 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48511
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 10134
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:D855_00000000:0050_6112A4FC_239F4DD:7D97
Server: Footprint Distributor V6.1.1162
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:11:50 GMT

GET
H2 200 bordeaux-responsive-desktop-article-layout.ca0162f95e99f0ada8c4.js Show response
bordeaux.futurecdn.net/ 5 KB
1 KB 529ms
487ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://bordeaux.futurecdn.net/bordeaux-responsive-desktop-article-layout.ca0162f95e99f0ada8c4.js

Requested by

Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

398768439ab0daad8ea31df8026e5c258d269507912e63506bcdaaa78856f093

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 12:39:57 GMT
server: nginx/1.19.0
etag: W/"6111221d-1456"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1628660351.cds154.fr8.hn,1628660351.cds155.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=25730
accept-ranges: bytes
bordeaux-version: 4.3.0
content-length: 1253

GET
H2 200 bordeaux-responsive-desktop-article-format.ca0162f95e99f0ada8c4.js Show response
bordeaux.futurecdn.net/ 5 KB
2 KB 1250ms
1208ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://bordeaux.futurecdn.net/bordeaux-responsive-desktop-article-format.ca0162f95e99f0ada8c4.js

Requested by

Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

08232f84e43272025c2b36f3137dea704c163a437063ce28b39b64222658001e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 12:39:57 GMT
server: nginx/1.19.0
etag: W/"6111221d-1432"
strict-transport-security: max-age=15724800; includeSubDomains
x-hw: 1628660351.cds154.fr8.hn,1628660351.cds147.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=25730
accept-ranges: bytes
bordeaux-version: 4.3.0
content-length: 1768

GET
H2 200 translations.php Show response
hawk.tomshardware.com/ 31 KB
11 KB 58ms
57ms Fetch
application/json 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/translations.php?language=en-BE

Requested by

Host: hawk.tomshardware.com
URL: https://hawk.tomshardware.com/js/w/es6/responsive.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f1f26c189e8654d5343556c28de86cbbcc0629da4199f6d6060fd40f7c7969ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
age: 4192
x-ftr-backend-server: fievarnishprodred
x-hawk-area: BE
x-ftr-dc: IX
x-ftr-realm: pip
x-ftr-backend: fie-api
x-ftr-cache-status: HIT
content-length: 10297
x-ftr-expires: Wed, 11 Aug 2021 04:49:19 GMT
x-ftr-balancer: hawkproxyprodblue
x-cache: HIT, HIT
x-ftr-request-id: 00000000:55D2_00000000:01BB_611352A1_DA86C68:4EF0
x-timer: S1628660352.692822,VS0,VE1
x-served-by: cache-lon11672-LON, cache-fra19124-FRA
strict-transport-security: max-age=31557600
access-control-allow-methods: GET
content-type: application/json; charset=utf-8;
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cache-control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials: true
x-resp-is-stale: true
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits: 1, 1

GET
H2 200 merchant-domains.php Show response
hawk.tomshardware.com/ 308 KB
62 KB 57ms
57ms Fetch
application/json 151.101.14.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://hawk.tomshardware.com/merchant-domains.php?site=TOMSHARDWARE

Requested by

Host: hawk.tomshardware.com
URL: https://hawk.tomshardware.com/hl/es6/hawklinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.14.114 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d59c1fc18a0c051602414550c5d8d96cb7a87af8674e67298ed58118826d2dff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:11 GMT
content-encoding: gzip
x-hawk-country
age: 3686
x-ftr-backend-server: fievarnishprodred
x-hawk-area: BE
x-ftr-dc: IX
x-ftr-realm: pip
x-ftr-backend: fie-api
x-ftr-cache-status: HIT
content-length: 63402
x-ftr-expires: Wed, 11 Aug 2021 04:57:45 GMT
x-ftr-balancer: hawk-proxy-185-113-25-36
x-cache: HIT, HIT
x-ftr-request-id: 00000000:5688_00000000:01BB_61135468_5956669:0BA2
x-timer: S1628660352.694031,VS0,VE1
x-served-by: cache-lon4224-LON, cache-fra19124-FRA
strict-transport-security: max-age=31557600
access-control-allow-methods: GET
content-type: application/json; charset=utf-8;
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cache-control: max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials: true
x-resp-is-stale: true
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits: 1, 1

GET
H2 200 / Show response
r.skimresources.com/api/ 150 B
409 B 345ms
26ms Fetch
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?persistence=1&xguid=01BT2SNRZKMTD96W8181AS0KKC&data={%22pubcode%22:%2292X1584492%22,%22domains%22:[%22splunk.com%22,%22linksynergy.com%22],%22page%22:%22https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws%22}&checksum=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Requested by

Host: hawk.tomshardware.com
URL: https://hawk.tomshardware.com/hl/es6/hawklinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

a7fa0af6aada057915816758d27595cbbd2beca52c263d5891c29c751196afb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.tomshardware.com
vary: Accept-Encoding
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H2 200 react.js Show response
slice.vanilla.futurecdn.net/0-6-26// 128 KB
42 KB 78ms
22ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://slice.vanilla.futurecdn.net/0-6-26//react.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: aa33ff28df27cb82f3db3f7e5b9f726796099b323565ef93a867a2b4b440154f

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-trace-id: 0000000000000000a8c4ecd817007b7f
x-ftr-backend-server: http.van-prod
date: Wed, 11 Aug 2021 05:39:12 GMT
content-encoding: gzip
last-modified: Wed, 30 Jun 2021 14:21:24 GMT
cache-control: public, max-age=2592000
etag: W/"1fe35-17a5d4bc2a0"
x-hw: 1628660352.cds097.fr8.hn,1628660352.cds142.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-ftr-request-id: 00000000:F32A_00000000:0050_60DC8C5F_A1B620:3536
x-ftr-backend: van-prod-slice
accept-ranges: bytes
content-length: 42348
x-ftr-balancer: fteproxyred

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1856492720&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&ul=en-us&de=UTF-8&dt=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS%20%7C%20Tom%27s%20Hardware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Affiliates&ea=HawkLinks%20appeared%201%2F1&el=HawkLink&_u=6GDAAEABAAQCAC~&jid=1871200574&gjid=384428317&cid=903688957.1628660351&tid=UA-72111741-12&_gid=54513274.1628660351&_r=1&cd1=news&cd3=cryptocurrency%7Cmalware&cd4=Tech_Toms_Hardware%2F&cd5=Abp7qKeBu7tsnCMUMqSBKS&cd6=%7Cmonero%7Ctype_news%7Cchannel_computing%7Cserversidehawk&cd7=nathaniel_mott&cd8=10-08-2021&cd10=EN-US&cd27=319417&cd33=null&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS%7CAU%7CSG&cd128=10-08-2021&cd31=10&cd30=4g&cd12=null&cd14=microsoft.com&cd16=null&cd17=1&cd25=null&cd37=null&cd48=Network%20Level%20Authentication&cd53=null&cd60=null&cd65=null&cd73=3896698923874091000&cd75=null&cd76=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fremote-desktop-allow-access&cd84=null&cd90=1392648180802738427&cd105=1855&cd111=null&cd115=null&cd116=null&cd117=null&cd118=null&cd124=null&cd125=null&cm1=1401&cm27=9171&z=2062750835

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tomshardware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
464 B 41ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-72111741-12&cid=903688957.1628660351&jid=1871200574&gjid=384428317&_gid=54513274.1628660351&_u=6GDAAEAAAAQCAC~&z=1844937512

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 05:39:12 GMT
content-type: text/plain
access-control-allow-origin: https://www.tomshardware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK xenforo-comments-readmore.9d2426c06e7737eb39f4.chunk.js Show response
vanilla.futurecdn.net/tomshardware/media/shared/js/ 2 KB
2 KB 75ms
74ms Script
application/javascript 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/media/shared/js/xenforo-comments-readmore.9d2426c06e7737eb39f4.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/main.c195831eafe2af860e56.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: d59e716d51fb15ef85fcf4072a412928e0dd66727e8af2dcf82957637797b872

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Jul 2021 14:20:11 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 1869541
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:BA1C_00000000:0050_60F6DB9B_236E7E:03B5
Server: Footprint Distributor V6.1.1162
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
X-Smartersafe-Version: 1-2-1
Expires: Thu, 19 Aug 2021 14:20:11 GMT

GET
H/1.1 200
OK region-redirect.21eee535ca87ba02600c.chunk.js Show response
vanilla.futurecdn.net/tomshardware/media/shared/js/ 5 KB
3 KB 86ms
86ms Script
application/javascript 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/media/shared/js/region-redirect.21eee535ca87ba02600c.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/main.c195831eafe2af860e56.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 8cc20909d5d55bdff8507eb011162fd35886ad825abc8bf79fdb9b781f4c5c14

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 13:05:30 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 405222
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 1934
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:956E_00000000:0050_610D3396_1877202:03B7
Server: Footprint Distributor V6.1.1162
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Sun, 05 Sep 2021 13:09:27 GMT

GET
H/1.1 200
OK suggestion-box.c9544f560cf5cbc61510.chunk.js Show response
vanilla.futurecdn.net/tomshardware/media/shared/js/ 19 KB
3 KB 100ms
25ms Script
application/javascript 67.27.233.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/media/shared/js/suggestion-box.c9544f560cf5cbc61510.chunk.js
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/main.c195831eafe2af860e56.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 0bc8319322da0cf3e9f9dc13928f48aeecb073fca5c88471e867c41a9608e1ab

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 13:05:30 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 405222
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 2759
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:85FA_00000000:0050_610D3397_187720B:03B7
Server: Footprint Distributor V6.1.1162
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Sun, 05 Sep 2021 13:09:27 GMT

GET
H/1.1 200
OK Gnj8yqGw97JKzxwz2cKbCf-1024-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 94 KB
95 KB 69ms
69ms Image
image/webp 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mos.cms.futurecdn.net/Gnj8yqGw97JKzxwz2cKbCf-1024-80.jpg.webp
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.19.0 /
Resource Hash: a6182c60f8719cc0e93d50c1c92efdcdf4d7bd9492988de31e3207c7a2f9450d

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:09:43 GMT
X-Backend: default
Age: 48569
X-FTR-DC: uk-lon-pub
X-FTR-Realm: pip
X-FTR-Backend: mos_kodiak
Connection: keep-alive
X-FTR-Cache-Status: MISS
Content-Length: 96628
X-FTR-Balancer: bulk-proxy-1
X-FTR-Request-ID: 00000000:C006_00000000:0050_6112A4C6_559440E:BBBC
Server: nginx/1.19.0
ETag: 8246d94b7ca42c02e63b815f1eb09cc6
X-Served-By: kodiak-varnish-7cf5d4cc4d-2gh8v
Content-Type: image/webp
X-FTR-Backend-Server: kube
Cache-Control: max-age=5184000
Accept-Ranges: bytes
Expires: Sat, 09 Oct 2021 16:13:17 GMT

GET
H2

200

beacon.js Show response
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain

https://sb.scorecardresearch.com/cs/10055482/beacon.js
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

4 KB
4 KB

36ms
36ms

Script
application/javascript

13.224.96.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-37.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:22:05 GMT
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
etag: "5b0f9f0704a703b8da651007721fac57"
last-modified: Thu, 04 Mar 2021 13:31:34 GMT
server: AmazonS3
age: 1029
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 3690
x-amz-cf-id: LplEV4ZZvcESZR5Ac_Nf_9Gl9IiNDDLdV5IFsert-1MMntlSMSu1Qw==

Redirect headers

date: Wed, 11 Aug 2021 05:39:13 GMT
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: /internal-cs/default/beacon.js
content-length: 52
x-amz-cf-id: cKuTUcE6PbM92zilLzl0STnP1OoDi-5CFtnp0yMlYesXpH-Sh9u_Gw==

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=10055482&cs_cmp_nc=1&cs_it=b2&cv=3.8.0.210223&ns__t=1628660353398&ns_c=UTF-8&c7=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-m...
https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_cmp_nc=1&cs_it=b2&cv=3.8.0.210223&ns__t=1628660353398&ns_c=UTF-8&c7=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-...

64 B
330 B

44ms
43ms

Image
image/gif

13.224.96.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_cmp_nc=1&cs_it=b2&cv=3.8.0.210223&ns__t=1628660353398&ns_c=UTF-8&c7=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&c8=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS%20%7C%20Tom%27s%20Hardware&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-37.zrh50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:13 GMT
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: RuFkoWYvapFQWt3nNRHtwGL29BV7sOvtZqak4XgTI41gF5hvF2MNWQ==

Redirect headers

date: Wed, 11 Aug 2021 05:39:13 GMT
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_cmp_nc=1&cs_it=b2&cv=3.8.0.210223&ns__t=1628660353398&ns_c=UTF-8&c7=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&c8=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS%20%7C%20Tom's%20Hardware&c9=
content-length: 358
x-amz-cf-id: JTIPXRuyEc0WeT9hXsEk3byLt1GXdBOKlda3OEDs22QgRYKIahJnTQ==

GET
H/1.1 200
OK app.js Show response
vanilla.futurecdn.net/tomshardware/319417/media/shared/js/ 328 KB
85 KB 168ms
86ms Script
application/javascript 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/app.js
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 6c6f5cb46371738300a33bdbc132704f028bb51a01ab619503d4c250de2500fe

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 16:10:44 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 48511
X-FTR-Backend-Server: http.van-prod
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
Content-Length: 86780
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:D426_00000000:0050_6112A501_239F5A0:7D97
Server: Footprint Distributor V6.1.1162
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
X-Smartersafe-Version: 1-2-1
Expires: Thu, 09 Sep 2021 16:11:40 GMT

GET
H/1.1 200
OK related Show response
api.vanilla.futurecdn.net/article/v3/ 2 KB
2 KB 114ms
30ms Fetch
application/json 185.113.25.61
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vanilla.futurecdn.net/article/v3/related?articleTerritory=US&count=3&site=tomshardware
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.61 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
Software: /
Resource Hash: 18fbdf7b54a6b6287b395246e3dc770b913d175efa634d89f55eb88dac3264bb

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 05:39:15 GMT
Content-Encoding: gzip
Xkey: tomshardware-article, tomshardware-article-latest, tomshardware-article-api-6cf7c65c65-ng2wp
Age: 29
Transfer-Encoding: chunked
X-FTR-DC: TC
X-FTR-Realm: pip
X-FTR-Backend: van-prod
X-Backend: default
X-FTR-Cache-Status: HIT
X-FTR-Balancer: apiproxyprodred
X-FTR-Request-ID: 00000000:29E6_00000000:01BB_61136283_43730BD:2D1B
X-Served-By: cache-api-79cb4f9fbc-bmvb2
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
X-FTR-Backend-Server: http.van-prod
Cache-Control: public,max-age=900
Access-Control-Allow-Origin: https://www.tomshardware.com
Expires: Wed, 11 Aug 2021 05:53:45 UTC

GET
H/1.1 200
OK related Show response
api.vanilla.futurecdn.net/article/v3/ 12 KB
5 KB 144ms
29ms Fetch
application/json 185.113.25.61
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vanilla.futurecdn.net/article/v3/related?articleTerritory=US&articleType=news&count=15&site=tomshardware
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.61 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
Software: /
Resource Hash: ab33833bc640c1e1f87df23da79b5147d840c88a259298b0281265629d2f48e6

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 05:39:15 GMT
Content-Encoding: gzip
Xkey: tomshardware-article, tomshardware-article-latest, tomshardware-article-api-6cf7c65c65-mpsqg
Age: 623
Transfer-Encoding: chunked
X-FTR-DC: TC
X-FTR-Realm: pip
X-FTR-Backend: van-prod
X-Backend: default
X-FTR-Cache-Status: HIT
X-FTR-Balancer: apiproxyprodred
X-FTR-Request-ID: 00000000:29E6_00000000:01BB_61136283_43730BF:2D1B
X-Served-By: cache-api-79cb4f9fbc-bmvb2
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
X-FTR-Backend-Server: http.van-prod
Cache-Control: public,max-age=900
Access-Control-Allow-Origin: https://www.tomshardware.com
Expires: Wed, 11 Aug 2021 05:43:51 UTC

GET
H/1.1 200
OK related Show response
api.vanilla.futurecdn.net/article/v3/ 12 KB
5 KB 451ms
280ms Fetch
application/json 185.113.25.61
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vanilla.futurecdn.net/article/v3/related?articleTerritory=US&articleType=news&count=15&site=tomshardware
Requested by: Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.61 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
Software: /
Resource Hash: ab33833bc640c1e1f87df23da79b5147d840c88a259298b0281265629d2f48e6

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 05:39:15 GMT
Content-Encoding: gzip
Xkey: tomshardware-article, tomshardware-article-latest, tomshardware-article-api-6cf7c65c65-mpsqg
Age: 623
Transfer-Encoding: chunked
X-FTR-DC: TC
X-FTR-Realm: pip
X-FTR-Backend: van-prod
X-Backend: default
X-FTR-Cache-Status: HIT
X-FTR-Balancer: apiproxyprodred
X-FTR-Request-ID: 00000000:29E6_00000000:01BB_61136283_43730C4:2D1B
X-Served-By: cache-api-79cb4f9fbc-bmvb2
Vary: Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
X-FTR-Backend-Server: http.van-prod
Cache-Control: public,max-age=900
Access-Control-Allow-Origin: https://www.tomshardware.com
Expires: Wed, 11 Aug 2021 05:43:51 UTC

GET
H/1.1 200
OK missing-image.svg
vanilla.futurecdn.net/tomshardware/media/img/ 985 B
1 KB 25ms
25ms Image
image/svg+xml 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/tomshardware/media/img/missing-image.svg
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: cabcc14eef05a71ce9dec2def4ea1d0b1e96212339b673beba93c11c329561ff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 16:51:48 GMT
Content-Encoding: gzip
X-CS-Bucket: vanilla-assets-prod
Age: 650847
X-FTR-Backend-Server: http.van-prod
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: van-prod
Connection: keep-alive
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:A861_00000000:0050_61097425_1538CBC:03B7
Server: Footprint Distributor V6.1.1162
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
X-Smartersafe-Version: 1-2-1
Expires: Thu, 02 Sep 2021 16:51:52 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1534
date: Wed, 11 Aug 2021 05:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 07:13:41 GMT

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 105ms
32ms Script
application/javascript 52.84.45.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-35.mrs52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 07 Aug 2021 18:42:13 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 17:38:57 GMT
Server: AmazonS3
Age: 298624
ETag: W/"51636de3ce868a2172f9e6996c2934e0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 246214ef31ed453f8169b5e54f10a176.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: MRS52-P1
X-Amz-Cf-Id: gYmwsEkYEG0q3IabL_fqgPYB4EWR95OUy-bnjSUVIPV163G89KExyQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 71 KB
25 KB 100ms
39ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

a33ec449c27e08c995d7a4daf8f56d434feab6601fbced963a7f33d4113bdd5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "955 / 469 of 1000 / last-modified: 1628633652"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25148
x-xss-protection: 0
expires: Wed, 11 Aug 2021 05:39:16 GMT

GET
H2 200 script.js Show response
d4el4parm0zb3.cloudfront.net/ 111 KB
37 KB 53ms
14ms Script
application/javascript 2600:9000:2057:3c00:16:61ad:2fc0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d4el4parm0zb3.cloudfront.net/script.js
Requested by: Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:3c00:16:61ad:2fc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 333d854293d1e3e611f84e5056f88ab279669c2421d8f60d16a5d79e12110ab8

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:33:39 GMT
content-encoding: gzip
last-modified: Tue, 10 Aug 2021 19:40:29 GMT
server: AmazonS3
age: 338
etag: W/"8f05744697ff751ec9e14dcaa86ca5ce"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
cache-control: max-age=600,public,must-revalidate
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: QRXGfC6vOH96NITKXLOtPQU4UpbKuOCIGfw1owraH8vorIURMywZqg==

GET
H2 200 hybrid_id Show response
ads.servebom.com/ 43 B
361 B 353ms
282ms Fetch
application/json 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servebom.com/hybrid_id
Requested by: Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 58a997b617dfac0415762726843d9062e24b41a0ce9d4f18da7a28798ff60c94

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://www.tomshardware.com
date: Wed, 11 Aug 2021 05:39:16 GMT
content-encoding: gzip
access-control-allow-credentials: true
content-length: 69
x-hw: 1628660356.cds158.fr8.hn,1628660356.cds125.fr8.sc,1628660356.cds125.fr8.p
content-type: application/json

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 334ms
334ms XHR
application/octet-stream 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.17.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 11 Aug 2021 05:39:17 GMT
via: 1.1 google
server: nginx/1.17.4
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
alt-svc: clear
content-length: 0

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 676ms
318ms Preflight
text/plain 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.17.4 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.tomshardware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.17.4
date: Wed, 11 Aug 2021 05:39:17 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-max-age: 1728000
content-type: text/plain; charset=utf-8
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H3-29 200 pubads_impl_2021080901.js Show response
securepubads.g.doubleclick.net/gpt/ 330 KB
115 KB 62ms
31ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080901.js?31062219

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

ee42c91f297eb0f204bf184600c3194d54e6908830639db14e37b5b158ea0ee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 08:37:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117636
x-xss-protection: 0
expires: Wed, 11 Aug 2021 05:39:16 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 290 B
173 B 88ms
33ms XHR
application/json 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.tomshardware.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

f37388999381aafbfa45c55ead9692cf7d68f9b2910d666a6e93d81c83436403

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 05:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148
x-xss-protection: 0
expires: Wed, 11 Aug 2021 05:39:16 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
464 B 40ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-72111741-12&cid=903688957.1628660351&jid=969738210&gjid=1888582895&_gid=54513274.1628660351&_u=6GDAgEABAAQCAG~&z=1792649286

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 05:39:17 GMT
content-type: text/plain
access-control-allow-origin: https://www.tomshardware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 6ms
6ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1856492720&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&ul=en-us&de=UTF-8&dt=Splunk%20Details%20Monero-Mining%20Malware%20Targeting%20Windows%20Servers%20on%20AWS%20%7C%20Tom%27s%20Hardware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=future_id&ea=set%20hybrid_id&el=&_u=6GDAgEABAAQCAC~&jid=969738210&gjid=1888582895&cid=903688957.1628660351&tid=UA-72111741-12&_gid=54513274.1628660351&cd57=null&cd40=Server&cd41=Malware%7CSplunk%7CBotnet%7CCryptocurrency%7CServer_computing&cd42=Splunk&cd43=Amazon_company&cd45=Server&cd46=monero&cd47=Splunk_Details_Monero-Mining_Malware_Targeting_Windows_Servers_on_AWS&cd50=5&cd51=false&cd58=monero%7CCryptocurrency%7CMalware&cd74=&cd1=news&cd3=cryptocurrency%7Cmalware&cd4=Tech_Toms_Hardware%2F&cd5=Abp7qKeBu7tsnCMUMqSBKS&cd6=%7Cmonero%7Ctype_news%7Cchannel_computing%7Cserversidehawk&cd7=nathaniel_mott&cd8=10-08-2021&cd10=EN-US&cd27=319417&cd33=text%2Cembed%2Ctext&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS%7CAU%7CSG&cd128=10-08-2021&cd31=10&cd30=4g&cd77=C46ADFD16FDA48D398CAD931ADB0F25D&z=1705604666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Aug 2021 08:02:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 77789
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 2 KB
2 KB 113ms
42ms XHR
application/json 54.194.212.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=923193&slot=%7Bid:bordeaux-preemptive-ad-0,ss:%5B728.90,970.90,970.250,980.240%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-1,ss:%5B300.250,300.251,300.600,300.601%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-2,ss:%5B300.250,300.252,300.600,300.602%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-3,ss:%5B300.250,300.253,300.600,300.603%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-4,ss:%5B1.1%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-5,ss:%5B10.10,600.120%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-6,ss:%5B1.1%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-7,ss:%5B970.90,728.90,728.91%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-8,ss:%5B120.600,160.600%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&slot=%7Bid:bordeaux-preemptive-ad-9,ss:%5B120.600,160.600%5D,p:10518929/Tech_Toms_Hardware/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=37d2e086-244f-6f5e-f7f9-1ba4cfb7b0f0&url=https%253A%252F%252Fwww.tomshardware.com%252Fnews%252Fsplunk-details-crypto-mining-malware-targeting-aws
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.212.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-212-219.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1738d1f9bff305d5c00707be7f792ccb88f13f5ca40fc86ebcd5e7587304f363

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:17 GMT
x-server-name: app21.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.tomshardware.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 integrator.js Show response
adservice.google.be/adsid/ 107 B
853 B 49ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.be/adsid/integrator.js?domain=www.tomshardware.com

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 05:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 23ms
22ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tomshardware.com

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 05:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 MB
321 KB 611ms
610ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3119431787710936&correlator=3414569910219054&output=ldjh&impl=fifs&eid=31062209%2C31062219%2C20211866&vrg=2021080901&ptt=17&rdp=1&gdpr=1&us_privacy=1YYY&sc=1&sfv=1-0-38&ecs=20210811&iu_parts=10518929%2CTech_Toms_Hardware%2Carticle&enc_prev_ius=0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2&prev_iu_szs=728x90%7C970x90%7C970x250%7C980x240%2C300x250%7C300x251%7C300x600%7C300x601%2C300x250%7C300x252%7C300x600%7C300x602%2C300x250%7C300x253%7C300x600%7C300x603%2C1x1%2C320x50%7C10x10%7C600x120%2C1x1%2C970x90%7C728x90%7C728x91%2C120x600%7C160x600%2C120x600%7C160x600&fluid=0%2C0%2C0%2C0%2C0%2Cheight%2C0%2C0%2C0%2C0&ists=40&ppid=C46ADFD16FDA48D398CAD931ADB0F25D&prev_scp=pos%3D1%26placement%3Ddfp_rs_desktop_leaderboard_1%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e58-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%2C90%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%2C80%7Cpos%3D1%26placement%3Ddfp_rs_desktop_mpu_1%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e59-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpos%3D2%26placement%3Ddfp_rs_desktop_mpu_2%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e5a-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpos%3D3%26placement%3Ddfp_rs_desktop_mpu_3%26format%3Dadx%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e5b-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cplacement%3Ddfp_rs_desktop_overlay_oop_1%26oop%3Doverlay%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e5c-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpos%3D1%26placement%3Ddfp_rs_desktop_in_article_ad_1%26format%3Din-article-ad%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e5d-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cplacement%3Ddfp_rs_desktop_skin_oop_1%26format%3Droadblock%26oop%3Dskin%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e5e-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpos%3Danchored%2Csticky%26placement%3Ddfp_rs_desktop_anchored_leaderboard%2Cdfp_rs_desktop_sticky_leaderboard%26format%3Droadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e5f-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpos%3Dleft%2Csticky%2Cleft-sticky%26placement%3Ddfp_rs_desktop_skyscrapper-1%26format%3Dskyscraper%2Croadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e60-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpos%3Dright%2Csticky%2Cright-sticky%26placement%3Ddfp_rs_desktop_skyscrapper-2%26format%3Dskyscraper%2Croadblock%26incremental%3Dno%26refresh%3Dno%26additional%3Dno%26lazyload%3Dno%26id%3D78042e61-fa66-11eb-a55e-0aeb40f66fa8%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70&eri=1&cust_params=site%3Dtomshardware%26url%3Dhttps%253A%252F%252Fwww.tomshardware.com%252Fnews%252Fsplunk-details-crypto-mining-malware-targeting-aws%26test%3DA%26screen%3Dlarge%26h_id%3DC46ADFD16FDA48D398CAD931ADB0F25D%26source%3D%26product%3D%26kw%3Dmonero%26genre%3D%26vertical%3D%26pagetype%3Dnews%26manu%3D%26articleid%3DAbp7qKeBu7tsnCMUMqSBKS%26sitePlatform%3Dvanilla%26fepPrimaryProduct%3DServer%26fepSecondaryProducts%3DMalware%252CSplunk%252CBotnet%252CCryptocurrency%252CServer%2520computing%26fepCompanies%3DAmazon%2520company%26fepCategory%3Dmonero%26fepGroups%3Dmonero%252CCryptocurrency%252CMalware%26fepPrimaryCompany%3DSplunk%26primaryCategory%3Dmonero%26secondaryCategories%3Dmonero%252CCryptocurrency%252CMalware%26bordeauxLayout%3Dresponsive-desktop-article%26bordeauxFormat%3Dresponsive-desktop-article%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_1506123_PG%252CIAS_1785_KW&cookie_enabled=1&bc=31&abxe=1&lmt=1628613078&dt=1628660358635&dlt=1628660351153&idt=5894&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C965%2C965%2C965%2C-12245933%2C635%2C-12245933%2C315%2C135%2C1345&adys=185%2C543%2C1571%2C2861%2C-12245933%2C1575%2C-12245933%2C1110%2C365%2C365&adks=1942330144%2C418750488%2C1984323106%2C1200850996%2C2418174154%2C3391628957%2C2418174152%2C2969241683%2C2434903719%2C2434903716&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.tomshardware.com%2Fnews%2Fsplunk-details-crypto-mining-malware-targeting-aws&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x-1%7C300x-1%7C300x-1%7C300x-1%7C0x0%7C602x350%7C0x0%7C1600x-1%7C160x-1%7C160x-1&msz=728x-1%7C300x-1%7C300x-1%7C300x-1%7C0x0%7C10x10%7C0x0%7C1600x-1%7C160x-1%7C160x-1&ga_vid=903688957.1628660351&ga_sid=1628660359&ga_hid=1856492720&ga_fc=false&fws=644%2C644%2C644%2C644%2C132%2C644%2C132%2C644%2C644%2C644&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C0%7C1%7C2%7C-1%7C3%7C-1%7C0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080901.js?31062219

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

11d155e10b3b6a9c690fff71d3d295654bac79e29ecdd0d0b77369c0f620ebe3

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKLZkdGgqPICFU6D3godW_0LZg&gqi=&layout=/sadbundle/%24csp%253Der3%24/5410103679490578372/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKLZkdGgqPICFU6D3godW_0LZg&gqi=&layout=/sadbundle/%24csp%253Der3%24/5410103679490578372/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
google-creative-id: -1,-1,-1,-1,-2,-1,-2,-1,-1,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 328530
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-2,-1,-2,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Wed, 11 Aug 2021 05:39:19 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tomshardware.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7CFA 6 KB
3 KB 46ms
14ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.tomshardware.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.tomshardware.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 05:39:18 GMT
expires: Thu, 11 Aug 2022 05:39:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame 1203 188 KB
55 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 1203 13 KB
5 KB 38ms
18ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 1203 87 KB
27 KB 39ms
18ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 1203 4 KB
2 KB 40ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 1203 40 KB
13 KB 40ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
DATA 200
OK truncated
/ Frame 1203 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b21404375f410001d197ea154cf07fd35e0b9b6f9816851c3a0a74a4cab51fdc

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 1203 4 KB
5 KB 26ms
7ms Image
image/jpeg 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQwLdzFgIg3NcaEHcx3CVK7CfXK4OaiVVIpufgCmeZQn26YhrGL&usqp=CAI

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66f7603ae0f1fbff772f5ac2d0983d0a06508dc41f91e8d0d6fb5d15d2513068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 11:33:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 30 Sep 2020 07:22:45 GMT
server: sffe
age: 65139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4178
x-xss-protection: 0
expires: Wed, 10 Aug 2022 11:33:40 GMT

GET
H3-29 200 40933678460698624
tpc.googlesyndication.com/simgad/ Frame 1203 1 KB
755 B 6ms
6ms Image
image/svg+xml 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/40933678460698624

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 17:18:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Thu, 26 Oct 2017 18:18:20 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:18:36 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1203 0
0 49ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqjsNhmITYZv-LM6G-gbb-q-wBvDt0Yhi_arE3p8NuO761fEoEAEg5-WiGGC5-MeA3AGgAe3FxOIDyAEGqQL65EppBKyzPuACAKgDAcgDCqoEhQJP0OqX9x0OCaFOxcZu7md8ahx8fmKtU_TvmVyammAeTjUSnJEkZI0zpuiT5ILFaLCq9WWROH5K7_XBz0CNXa5KtA0eC1TIASaRXXpZpyWPTqxJhvTDB_MCK9rUgqBgVfGPNGKgUhr_vdHX-F8_Qg7xAhPSt2ncHCXYynC0H8ULmJ1ED4ov4Tm9y6IrlkOdeb6PlAPsJ1O0FHHxLyEH6wrAXM8y5RN3G4MV5xXjYwgnlxhGamB1Mfa_A9O_YrD-JSm-1Z03yWm9Kw1Ntxh-sHGJS6ps7OtQ8ahXR1A6JJswOGbhCvji-qogvth_-8JLQKgU4MNE1dWBw_rbL8HJ-3mSjoIRYo3ABLvxxN-yAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAf7ubsdqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHAxD3VdIICQiA4YBwEAEYHYAKA8gLAdgTC9AVAZgWAYAXAbIXHgocCAASFHB1Yi01Nzg3NTkyNDgzNzY2NzYwGIHHFA&sigh=uD8ZRUQlMo8&template_id=493
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1203 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1203 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame 7A40 188 KB
54 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 7A40 13 KB
5 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 7A40 87 KB
27 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 7A40 4 KB
2 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 7A40 40 KB
13 KB 28ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A40 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A40 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
DATA 200
OK truncated
/ Frame 7A40 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 026b84e95c55e27bb581c5247aee83779725246c1a71167d45799b8e631bbbc3

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame A64A 188 KB
54 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame A64A 13 KB
5 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame A64A 87 KB
27 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame A64A 4 KB
2 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame A64A 40 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A64A 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A64A 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
DATA 200
OK truncated
/ Frame A64A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a15cc0b52643e6a4f004e6417943e59c32db14902166ba7317ca06a169f859d

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame 8A80 188 KB
54 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 8A80 13 KB
5 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 8A80 87 KB
27 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 8A80 4 KB
2 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 8A80 40 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8A80 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8A80 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
DATA 200
OK truncated
/ Frame 8A80 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad61c121fee28bce385f3468985f88047885b5500b755048d487d949a6381119

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame B463 188 KB
54 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame B463 13 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame B463 87 KB
27 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame B463 4 KB
2 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame B463 40 KB
13 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame B463 4 KB
617 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 04:09:15 GMT
server: ESF
date: Wed, 11 Aug 2021 05:39:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 05:39:19 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame B463 4 KB
617 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 04:03:05 GMT
server: ESF
date: Wed, 11 Aug 2021 05:39:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 05:39:19 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B463 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B463 295 B
319 B 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
DATA 200
OK truncated
/ Frame B463 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a89eeb21886a6eea35cf014222116f309b6fee699cb144a155c6ceca9de1b97

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 container.html Show response
99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1527 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.tomshardware.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.tomshardware.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 05:39:18 GMT
expires: Thu, 11 Aug 2022 05:39:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame 231C 188 KB
54 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 231C 13 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 231C 87 KB
27 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 231C 71 KB
16 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-animation-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b31a2dfb910d5e0292d6639f0c1a9b6ecc2471ba71ba18e3dc27cd5a033cf463

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131554
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16686
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6eea2bcb2a8fbd9d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:45 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 231C 4 KB
2 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 231C 40 KB
13 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 231C 2 KB
2 KB 9ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 231C 295 B
319 B 9ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
DATA 200
OK truncated
/ Frame 231C 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 280bafc52615c7f086cdd177161e2a3675f0b3f1ca90bd5ade6b6a076e86984e

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012107240354000/ Frame 279B 188 KB
54 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55201
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56e2a7f7d448fcb3"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 279B 13 KB
5 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4865
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff227f97ed674b5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 279B 87 KB
27 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-analytics-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27852
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3719646983ab1de2"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 279B 71 KB
16 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-animation-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b31a2dfb910d5e0292d6639f0c1a9b6ecc2471ba71ba18e3dc27cd5a033cf463

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131554
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16686
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6eea2bcb2a8fbd9d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:45 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 279B 4 KB
2 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-fit-text-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "687e73129cfc4c8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012107240354000/v0/ Frame 279B 40 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012107240354000/v0/amp-form-0.1.mjs

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 131555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12828
x-xss-protection: 0
server: sffe
date: Mon, 09 Aug 2021 17:06:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4abe217821914203"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 17:06:44 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 279B 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8401
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 279B 295 B
319 B 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59498
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
DATA 200
OK truncated
/ Frame 279B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a46aabc490b71402c5b01c1cc8bcd64961454f712fe7c2fe88061eef1df968c5

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13040677796698312270/ Frame 7A40 10 KB
10 KB 15ms
11ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13040677796698312270/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIqgIQnAEYASABLQAAAD8wqgI4nAFFAACAPw&rs=AOga4qm_TlAog1-VWsCadnTepYkpXbi5iA

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a339ca42bf61be144b6d25a7b86245bd2f584713491ec5172e4bc0a9a5c3715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Aug 2021 07:41:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Nov 2020 07:06:12 GMT
server: sffe
age: 251857
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10536
x-xss-protection: 0
expires: Mon, 08 Aug 2022 07:41:42 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8459176136241735230/ Frame 7A40 23 KB
23 KB 15ms
12ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8459176136241735230/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qlt27VqnoeE32CyTvLLeduafv-bXg

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fa9f6daeb5ea015127452f1da970c52305740e71faf2020c901370ce21a8aa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 01:40:47 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Apr 2020 20:21:36 GMT
server: sffe
age: 100712
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23122
x-xss-protection: 0
expires: Wed, 10 Aug 2022 01:40:47 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7A40 0
0 51ms
47ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7b8whmITYZz-LM6G-gbb-q-wBvrmnNJjirWQ5b0M0_7c78coEAEg5-WiGGC5-MeA3AGgAZXn19QDyAEG4AIAqAMByAMKqgSJAk_QZh6MPu_YO7FnoIkSrs7JOTab1__E9TWWivdQqcjWopsDryPY22QceOHGAMvG_pVWfD_1h6Mm1uRlDPb5EaP1bN6jMo3Pw7ltFe9KHHMrn-I_4lJiv42eH1kISD8XdBNmSyG8uFqxfZQuSOyWw6vFM-W4Eh6UxLYYOV-1E_f2ytDYCFOcJGVlVwUjfnqEiCPWrvMCWp959ouBDWAifWbsZUS7NWPzS8ALEhT9739qHMbbNV3kIPK3D7q1m0WfFy3s1Zx59yZI8xOaXMjkG4pdy__GC3zlbNeoHzDFnTzmxCUBXU0Wiqsrv20VsCMB000O7LLvI9Bm9_3jZwFL2W9vo-mbaGBTUDLABIfl47SPA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAfTmKgrqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcDEPdV0ggJCIDhgHAQARgdgAoDyAsB2BMMiBQB0BUBmBYBgBcBshceChwIABIUcHViLTU3ODc1OTI0ODM3NjY3NjAYgccU&sigh=xwFiTv-NcDQ&template_id=492
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7A40 0
0 18ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR6ZVgK3BXs2UaBQshXSUCLTuNZu5xlsSYhWR6oFXpuFF71CVp472FcwPp7a6WZOs82Q0IU
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5215189444192975190/ Frame A64A 19 KB
20 KB 13ms
8ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5215189444192975190/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIqgIQnAEYASABLQAAAD8wqgI4nAFFAACAPw&rs=AOga4qk_NuduMeVMf7barQolD8uuq3qjFg

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aefcc7bb5b382505a0609d91d1cd22cb92cefbc5cb1c89ac522b51420bf4364

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Aug 2021 17:45:54 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Jul 2021 15:40:26 GMT
server: sffe
age: 302005
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19955
x-xss-protection: 0
expires: Sun, 07 Aug 2022 17:45:54 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5275211598948629496/ Frame A64A 39 KB
39 KB 18ms
15ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5275211598948629496/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qnV_MNFEcRAUNPDcMmEpNnWTG6wVw

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87600e9b1292376db680e8eeac7e4dd19ab18461786ca3a596a404e4867c14dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 20:13:11 GMT
x-content-type-options: nosniff
last-modified: Thu, 04 Mar 2021 09:33:41 GMT
server: sffe
age: 465968
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39703
x-xss-protection: 0
expires: Fri, 05 Aug 2022 20:13:11 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A64A 0
0 61ms
58ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLzjUhmITYZ3-LM6G-gbb-q-wBreP-olkvt_t-50OnPXUiJIJEAEg5-WiGGC5-MeA3AGgAefTp98DyAEGqQL65EppBKyzPuACAKgDAcgDCqoEiQJP0DuMXPKkR-YwAv_e6vyjYF1_Ua67Gt-Ot8kipRSVQHRqA_gSXbkbDixfH9C-Zwf8iHIgRa36Vy4HeXW4j2L19sN-OUfPJdejOmnwuyrxw6UvaPGMPTFl2u_omv9OuD3zY-DAgda7NV__tqHpc_ooBEdIiWRzKvogF3-KUBSnMxoxgqGPkX_lw1NWGd8M71q65A1UefABtwFkvE2bQNyoXd5QK2ELnXygAH8GcQ-GzUvNdmzWAlgSFU1BdiDXdWs2ZFjjs6hFw1soB05jI3IYn1mQQg2eE57dExszQiRequVBBeG4UDaMSQV8oCqnrhSeP0lIbU8vsIw2XkPYVpQnfvjn0eXMjH2IwAStjPuQ0wPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AH9p_RI6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHAxD3VdIICQiA4YBwEAEYHYAKA8gLAdgTDYgUA9AVAYAXAbIXHgocCAASFHB1Yi01Nzg3NTkyNDgzNzY2NzYwGIHHFA&sigh=gG06PDlLbPw&template_id=492
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A64A 0
0 16ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRLSxXC0dJFm4RQs_vPbYmfNtHgcDYw9tJwPG9OMCe8Fw_BfD7WxOe6ZDjFRxtJmS5sly8a
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 8415541356622521747
tpc.googlesyndication.com/simgad/ Frame 8A80 100 KB
100 KB 24ms
20ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8415541356622521747?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm5gVH6hGBrNDTIfxzjB7SlbADp2Q

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97bca555c0eccbb59d7eac3fa274571cc4aed29c360c3d71c6e340d0e0fc7261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 11:02:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Jul 2021 08:03:24 GMT
server: sffe
age: 499006
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102317
x-xss-protection: 0
expires: Fri, 05 Aug 2022 11:02:33 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8A80 0
0 51ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CF2CLhmITYZ7-LM6G-gbb-q-wBp64oqBkjrOSqfwNvNaro_obEAEg5-WiGGC5-MeA3AGgAYeiqdwCyAEC4AIAqAMByAMIqgSHAk_Q---iDRjnn01HRkKtu3i-qnkdv_9GLfZJ8jKyeJlwNB7fUnwSyzc3I5VSlJ9kMl6Oqy9Sa95Rj6G0qKPddwMe2ZpbzDraF3HAUX4x2B3J3MJQBERHQ2HOAXHYXBydjjTjQnm-eDXn_6fAjZh-OTZNidwqy2dV3ahhN1NEwve3yNVuTO6ezstwL6OQ0C75An4hIuq799dY0bWQfkDzyp9WIrVqDXVrKUKYnRAKXBrD8iy-GoC3TnsWF7utFCbK7WKl1Hf94at2bjR5uStqLFlTWAh9Niek7Ed_ecx-oAvf9PV33jeITUOIuvOpKFAJr5jjYJjAfzUDlduQ-XYugDZkPIansSyfwATavNX8tQPgBAGSBQQIBBgBkgUECAUYBKAGAoAHxOe_3gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQo9gO0ggJCIDhgHAQARgdgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTU3ODc1OTI0ODM3NjY3NjAYgccU&sigh=LLVFm4AUP6k
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/446304431596673765/ Frame B463 27 KB
27 KB 20ms
17ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/446304431596673765/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQugIYASABLQAAAD8&rs=AOga4qm5qzFJVIllgYQwIKGG6zFCqdd4eg

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9bc0e4626a51a8027a28cd8373510b395371146026676626fd3dd65d6213fe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:33:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 14:47:01 GMT
server: sffe
age: 352
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27836
x-xss-protection: 0
expires: Thu, 11 Aug 2022 05:33:27 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3807857892057514186/ Frame B463 15 KB
15 KB 29ms
27ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3807857892057514186/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qngefEsXWfoilsvQ-uDmlNfUSV1Bw

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1ec0948721d268551e2b5c9de2f7b2046682493ce8b56f5fd94532624e76db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 14:47:01 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14933
x-xss-protection: 0
expires: Thu, 11 Aug 2022 05:39:19 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B463 0
0 60ms
58ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CjhzQhmITYaD-LM6G-gbb-q-wBvPc2KxknZ208I8OloLNhYgWEAEg5-WiGGC5-MeA3AGgAYequdEDyAEGqQL65EppBKyzPuACAKgDAcgDCqoEkgJP0H9bkpsj7oqZJLu3zQNtkadTURIiGtoe0bvKujW3PnrwWonDyzyYr9tadoQrstTI74rqdVNl5KUUfRom4Harcq6HvXq76094D1pDRAZd0pFjsW_gCOa5DNjYWddAFMB1Cd2BRGL5V3W4IAZP8nLmOpG1Uo7xmSegeNNTmxpxIuo0an8xtH3EhDo9Xs3GjmNCv7QPViDztB5e6-D9trxHqeZW7BmlOpr2FUA7cdruSgXsl_SJHF_FFrtqtSrLSfPPNPKQBvDiBUu3WUHpL1bnytpN9KgLnEZdVLtC6GUaDIi_Md-dcEmK2FZD6AzBateyxWWbtfXr21waocYGFPZnfHx6myeh4-0ibBq-V2KL-keXwAS86-S02gPgBAGSBQQIBBgBkgUECAUYBKAGN4AH4dXGLqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHAxD3VdIICQiA4YBwEAEYHYAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi01Nzg3NTkyNDgzNzY2NzYwGIHHFA&sigh=b8D9ayaupyI&template_id=492
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 231C 0
0 60ms
57ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDW04hmITYaP-LM6G-gbb-q-wBqqh0Kdk0JDPp-INlt2ZeRABIOflohhgufjHgNwBoAG71L7fA8gBCakCOF2XdkGnqD7gAgCoAwHIAwiqBIkCT9DvY8p8lCu3APZU1tSsyAijdsDXviR7D7QpHVxfWXJTiR74MGeT41QURQA3sVr2K9TLrbl00BcfDGXzJRuhgJSyC6lXuUrIL96N2nazwp9gkDiEGb7zAyJi6lQXeX5FEK1EaEX7sJ7Ew-DFCdL58T4GlBk_rvr-ZxDJlI7CL-X5vg_7OPpI9U8XWarjUvQojvi4r0tK_PbzWy9UycaNf_zMGbr9WHUZkn6X37PdznKC7u_zUCwrq1SOjWSoKdGmaIR3ZNzpo_fT6WiFAfKJP0jXW1aFwT5Wnn-FowKTXyQHUNFzMSp946dGRR3T0uN747UJ4eW0Vck9fYK71LO9wotO7HCaZaYqNsAE9LTaud0D4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB62rwSCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQwIot0ggJCIDhgHAQARgdgAoDyAsB2BMNiBQD0BUBmBYBgBcBshceChwIABIUcHViLTU3ODc1OTI0ODM3NjY3NjAYgccU&sigh=QLhT0js6wfI&template_id=419
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 231C 115 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39a9be75f37f52ea6cde06859a1bccb23398f94b9f886cb14be67e4ab0bfb195

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 279B 0
0 14ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQACoJJrF6ZL4Ilb5IFc7zRx_eEwRrVUBfVRSICTcGGiueeEOsgaw_quoU6tbDrZHBdKkoh
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 279B 0
0 82ms
81ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CrLHUhmITYaT-LM6G-gbb-q-wBqqh0Kdk0JDPp-INlt2ZeRABIOflohhgufjHgNwBoAG71L7fA8gBCakCOF2XdkGnqD7gAgCoAwHIAwiqBIkCT9BaJD_Gw__2CUan6juDfNU2LlVObiTyjNOUzNlcffYWvvWlNjqKDyNLTOcAZgaGqCDzZ9D5X-PKkeJmlZ_3p23ENvAspTbg46jJ4eB_jKge9qc15z_pvDoaM4BwCEBaxmkgvX8CZ5b7SCv1XdeuWp7vUIZfPECSeFal9eu9c7c2rW6d2-2WogNMStJ4QsxREu4ER8zEDdIX_1KXdHMQHUZsw-bOfDY-qyEhXi6ew4G9WwlklmcVHFa9EzVqnCj0YcGBNYmVRupx-yhDZssogYBJ3cuJurzNuxtmxSKdr5PDSTLs37Lp_PRQZZRRoSezz0cUwFok_KTOXHFqDQjm0vcJS79JHnR8dcAE9LTaud0D4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB62rwSCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwMQ91XSCAkIgOGAcBABGB2ACgPICwHYEw2IFAPQFQGYFgGAFwGyFx4KHAgAEhRwdWItNTc4NzU5MjQ4Mzc2Njc2MBiBxxQ&sigh=WQlefTL0E3A&template_id=419
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 279B 115 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39a9be75f37f52ea6cde06859a1bccb23398f94b9f886cb14be67e4ab0bfb195

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eecda7280d7a8779cb5ff8bf7459b430bf970052106a1c4b186ff2eddd8c82d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508781313717"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27998
x-xss-protection: 0
expires: Wed, 11 Aug 2021 05:39:19 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 28ms
28ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021080901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080901.js?31062219

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bad9ce8b7a8ff2f11d2d64c6471814ce99014c5fc55f29e96a7ffb84fea03dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 05:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8644
x-xss-protection: 0

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame B463 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.tomshardware.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:17:27 GMT
x-content-type-options: nosniff
age: 44512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 17:17:27 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame B463 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.tomshardware.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 126775
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 18:26:24 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 11 Aug 2021 05:39:19 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 1203
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Aug 2021 05:39:19 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7A40
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
15ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Aug 2021 05:39:20 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame A64A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Aug 2021 05:39:20 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8A80
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Aug 2021 05:39:20 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/ Frame FBBD 34 KB
7 KB 7ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33fadf7d5891836679e316c95edc74f50860fc1aaa3f892118b2c00d94833b5e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/5410103679490578372/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Mon, 09 Aug 2021 00:26:57 GMT
expires: Tue, 09 Aug 2022 00:26:57 GMT
last-modified: Fri, 19 Mar 2021 15:24:21 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 6696
age: 191543
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1527 0
0 48ms
47ms Fetch
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CuSQ0hmITYaL-LM6G-gbb-q-wBr6cnp9k6enVvuINpOfy7ZUCEAEg5-WiGGC5-MeA3AGgAb38_JwDyAEJqQL65EppBKyzPuACAKgDAcgDCKoEiwJP0JuolMcfVxk01xWZ1CxgHmKEWstID3yWpALfYepPr8TGwQlm2kUwD_wKHfWhIC3chgFLq2gwUHNb4LAhop88lAchH5lUkpvXgI9-mHHphWqvzLL__wX2o-FI3LvzNC0m38NVxK1w1z-pslMoa7SS8VCj5T8sjwKSTlNsaHsK3XoFNq4NkELpzwTxbgty18vELOcQkcgrJ93eAgrvesOCtE5gULJivdB1IvN8TAVRz6c_Uxo0WntAOV2SAvWJOXEjefC6NtKQq1YFYjLYeW-vefKmRAG8KRJw-L8vyLbb-wKck05HNbE33vYvy23HUt6YQYeQN05Drz5kLlMpw11nJk9GDxQ6hwSQYXzABJzp5eiAA-AEAZIFBAgEGAGSBQQIBRgEoAYugAerg4NjqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEJjnB9IICQiA4YBwEAEYHYAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi01Nzg3NTkyNDgzNzY2NzYwGIHHFA&sigh=0X5hgZBUSGQ&template_id=419
Requested by: Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 1527 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Host: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
URL: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 05:12:57 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 1527 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
URL: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 04:59:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 04:59:18 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1527 124 KB
37 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
URL: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:20 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 05:39:20 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 1527 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
URL: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:25:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 851
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 05:25:09 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13040677796698312270/ Frame 7A40 10 KB
10 KB 9ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a339ca42bf61be144b6d25a7b86245bd2f584713491ec5172e4bc0a9a5c3715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Aug 2021 07:41:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Nov 2020 07:06:12 GMT
server: sffe
age: 251858
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10536
x-xss-protection: 0
expires: Mon, 08 Aug 2022 07:41:42 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8459176136241735230/ Frame 7A40 23 KB
23 KB 9ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fa9f6daeb5ea015127452f1da970c52305740e71faf2020c901370ce21a8aa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 01:40:47 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Apr 2020 20:21:36 GMT
server: sffe
age: 100713
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23122
x-xss-protection: 0
expires: Wed, 10 Aug 2022 01:40:47 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A40 2 KB
2 KB 10ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8402
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A40 295 B
330 B 10ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59499
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5215189444192975190/ Frame A64A 19 KB
20 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aefcc7bb5b382505a0609d91d1cd22cb92cefbc5cb1c89ac522b51420bf4364

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Aug 2021 17:45:54 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Jul 2021 15:40:26 GMT
server: sffe
age: 302006
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19955
x-xss-protection: 0
expires: Sun, 07 Aug 2022 17:45:54 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5275211598948629496/ Frame A64A 39 KB
39 KB 11ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87600e9b1292376db680e8eeac7e4dd19ab18461786ca3a596a404e4867c14dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 20:13:11 GMT
x-content-type-options: nosniff
last-modified: Thu, 04 Mar 2021 09:33:41 GMT
server: sffe
age: 465969
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39703
x-xss-protection: 0
expires: Fri, 05 Aug 2022 20:13:11 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A64A 2 KB
2 KB 9ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8402
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A64A 295 B
330 B 10ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59499
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29 200 8415541356622521747
tpc.googlesyndication.com/simgad/ Frame 8A80 100 KB
100 KB 11ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8415541356622521747?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm5gVH6hGBrNDTIfxzjB7SlbADp2Q

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97bca555c0eccbb59d7eac3fa274571cc4aed29c360c3d71c6e340d0e0fc7261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 11:02:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Jul 2021 08:03:24 GMT
server: sffe
age: 499007
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102317
x-xss-protection: 0
expires: Fri, 05 Aug 2022 11:02:33 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8A80 2 KB
2 KB 10ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8402
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8A80 295 B
330 B 11ms
9ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59499
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame B463
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Aug 2021 05:39:20 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/446304431596673765/ Frame B463 27 KB
27 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9bc0e4626a51a8027a28cd8373510b395371146026676626fd3dd65d6213fe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:33:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 14:47:01 GMT
server: sffe
age: 353
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27836
x-xss-protection: 0
expires: Thu, 11 Aug 2022 05:33:27 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3807857892057514186/ Frame B463 15 KB
15 KB 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1ec0948721d268551e2b5c9de2f7b2046682493ce8b56f5fd94532624e76db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 05:39:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 14:47:01 GMT
server: sffe
age: 1
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14933
x-xss-protection: 0
expires: Thu, 11 Aug 2022 05:39:19 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B463 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8402
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B463 295 B
330 B 7ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59499
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 231C 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8402
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 231C 295 B
330 B 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59499
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 279B 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 8402
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:19:18 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 279B 295 B
330 B 8ms
8ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 10 Aug 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 59499
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Aug 2021 13:07:41 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 6CFA 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.tomshardware.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.tomshardware.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Tue, 10 Aug 2021 15:01:28 GMT
expires: Wed, 10 Aug 2022 15:01:28 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 52672
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BDE0 783 B
533 B 15ms
15ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: d4el4parm0zb3.cloudfront.net
URL: https://d4el4parm0zb3.cloudfront.net/script.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

76fe33c8be19d754ced79db88a4ce7a57a5bcf6168036e15166d4368df128fd9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ewj512xmIrTEMLD9E2fN6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.tomshardware.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.tomshardware.com/

Response headers

expires: Wed, 11 Aug 2021 05:39:20 GMT
date: Wed, 11 Aug 2021 05:39:20 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Ewj512xmIrTEMLD9E2fN6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D17B 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
URL: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlYOgTg5qXnRbpae-at-jQi04o8pQg0l91OJD713bAF7re1dlSffl8erQiS6Vo; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 05:16:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1527 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17210441eb1fe78d0542691fd23d8bee0996d961d7335c9648aa39c15be73617

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame FBBD 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 23:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 11 Aug 2021 23:05:48 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame FBBD 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40087
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 11 Aug 2021 18:31:13 GMT

GET
H3-29 200 f26fdea10cef6ab9d68e407cf7c21487.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/ Frame FBBD 74 KB
19 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/f26fdea10cef6ab9d68e407cf7c21487.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4427a7a29dd9086c912a5c9ae99901585889e2e24f4120a13c69e8c13a49ce88

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 193062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19283
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 15:24:21 GMT
server: sffe
date: Mon, 09 Aug 2021 00:01:38 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 00:01:38 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame FBBD 5 KB
690 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400|Montserrat:800|Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/f26fdea10cef6ab9d68e407cf7c21487.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e698b324b44b78001346a831c0cf96da80f9edf3444ddaef06d01fa86f23cd59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 05:16:54 GMT
server: ESF
date: Wed, 11 Aug 2021 05:39:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 05:39:20 GMT

GET
H3-29 200 fcdf76be4d2a24bd5905e7ec2696c125.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/media/ Frame FBBD 34 KB
34 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/media/fcdf76be4d2a24bd5905e7ec2696c125.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b83607919d80709ce94ae9890ddfff1e39ee9b1b9633fbd51dc1f49ddd0abe7c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 193062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35291
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 15:24:21 GMT
server: sffe
date: Mon, 09 Aug 2021 00:01:38 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 00:01:38 GMT

GET
H3-29 200 3b749e2a3b687be203005f8ecef7f6fd.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/media/ Frame FBBD 679 B
469 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/media/3b749e2a3b687be203005f8ecef7f6fd.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52cba504db8540c0ce693d325ae20b20730dbe808cd3f57706d38371c7c19932

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 193062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 434
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 15:24:21 GMT
server: sffe
date: Mon, 09 Aug 2021 00:01:38 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 00:01:38 GMT

GET
H3-29 200 db5f570a11c2c19132aaf376e837f669.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/media/ Frame FBBD 3 KB
2 KB 8ms
8ms Image
image/svg+xml 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/media/db5f570a11c2c19132aaf376e837f669.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5410103679490578372/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f0fb5e7aee1812174996e6d522c9920704a3c9397d1599000fa9a79070e446d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 193062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1527
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 15:24:21 GMT
server: sffe
date: Mon, 09 Aug 2021 00:01:38 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 00:01:38 GMT

GET
DATA 200
OK truncated
/ Frame FBBD 356 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a6f8bfaef875088ab0791e9118f7884ddfb82296331ba2b32b5598298c941293

Request headers

Origin: null
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame FBBD 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400|Montserrat:800|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 63559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 12:00:01 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_c5H3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame FBBD 20 KB
20 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_c5H3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400|Montserrat:800|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3202c5584350517cab7f1de0d43d54db0979c449df18fe70241e8c35de80919

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 09:03:52 GMT
x-content-type-options: nosniff
age: 74128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20016
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:21:37 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 09:03:52 GMT

GET
H3-29 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame FBBD 19 KB
19 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400|Montserrat:800|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:32:15 GMT
x-content-type-options: nosniff
age: 104825
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:32:15 GMT

GET
DATA 200
OK truncated
/ Frame FBBD 13 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d867f01ddeb0046fff1579890a34e0f0aca6b83f0380181c8d81ca38429bd43c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
DATA 200
OK truncated
/ Frame FBBD 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38817a74140cf776573a0449151634e3b0d493f406326904cd33fdfe93fddb24

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H3-29 200 iRicVbaePdLi90mWh_i3qmjfYPepQ9h53Asz6zNDGI4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6CFA 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iRicVbaePdLi90mWh_i3qmjfYPepQ9h53Asz6zNDGI4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89189c55b69e3dd2e2f7499687f8b7aa68df60f7a943d879dc0b33eb3343188e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 01:49:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 532165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Aug 2022 01:49:55 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D17B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
URL: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlYOgTg5qXnRbpae-at-jQi04o8pQg0l91OJD713bAF7re1dlSffl8erQiS6Vo; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 11 Aug 2021 05:39:20 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 11-Aug-2021 06:39:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 11 Aug 2021 05:39:20 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 11 Aug 2021 05:39:20 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 29ms
28ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021080901&jk=3119431787710936&bg=!ICOlI2fNAAbOj6irzo87ACkAdvg8Wu_KeDOlTYca3EVfWHhBJdNFLKri45DJE_CHtEqJgn7_7x4IlQIAAAB6UgAAAAxoAQcKAD0cSUXuTd9V-TfxNTm9J4ByDW_W7fQOQEe5PNF0pHmNlejMOexpNbPFu2vzDwD0MgDug8d09Z0MqPaK3gQGmQKE0Y99XCWNXRh0Re4yX4kwr7XjYlkiW-So1HKAj5ieqRnGDhEY-2wAXgQwgHZAbuGbGam7PRajFDFVGL6XIn2EMm54lLl7e8LqvM3K89-5iWMjBg-i73wqIpZEhBcLLLeq99-GYnfP92JUxPPHed7sma9cVftwBgcA80Vy8jSwwrfTYSIQDXtPEFK1dcJ432evxVkH00iMEmC0WyQ801UHD0JB-IMFz_D-6rtkksQxyHinA2MnJFmqM5C-I_fcekew63rP901Xzs2-k56bN8eYEVBauDNPErdEKr2uMTvIfDOPOVqy9BLOwP2l4Zxqm7Yb8are6yJa3LlXseEBkQp_rdEMrhT-k53JArYMV5S7Su1MabY9c5jxH3SBL8kfRlNqedUCBRO8YvKRo_SwQRKsANLQObnRY-WqsL7WIzSsyehYVQfbBG0Ffyk5rGz5mzn8XRT53ervq2K1Lv9AnePTBF0wiQRt_eBTzWBaRsHu4QQoYzXFA7N8o0zX8GjOi4TlfwUodxMhZyBFqH-HuK7FiTf5FQUNOeC-xs3UEp0VGEOK2fJvIrDn8_lfDPcCDk7qg-wVuPefK-2wtmngjjjf8dYhKTlYviWCv10k7OnkUOHS9rOfGTbxnsDodtrHOv7BFoMBEniPXAx5IKSncytk-lQKzL_RqPt8gQsbzCxd6j-AZ6XyQrqP-71Qb_Y7opULvGuVCilHGbjA_HOYCk6qwsZqRs6oCh-JnCGzkvh-tgB84O52BMES2IA2aNH6yieLq-Un3VQv2mDU9MoPG8xx6EXECWqWeQMDYE7HfXTyRYfeDm3-YMFS0rbwhc3ENrQkTKJEIJoRlLnZwYHDnzeQ2xP-OIA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1203 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstHzLZn947TtUsnwWPkORojHSaN2UteVtx2ODK6GTwlvbr6g99UZjSHnmvMnrS0ilB0cJJgx2vbDzmfCI1oicFaqizwBIgahPljPLpqgxm5a5kBrjzK7shxCN8gCw&sai=AMfl-YT8_IDJN8BXb1WLiEKGM7y_hddSYq-KW4e1_7_mPsI7yGmYvpbc1keFMq6VTid9q3Ev46cPTcs-T-DU684AKIfFVp2SdM7Mtnkx7ov9-MCX4PuVdEkVQa33xhtpx9T4gmG0Qi16otExseNi3iE&sig=Cg0ArKJSzN29M9ecl_wMEAE&cid=CAASPeRo7qgf-N_P5q6K7EFE_gs5QgR9k6atLvkY9XLaP67eiiSoNcB-kT5S8ozdU0PWGuuq8tMza931VUnqTkg&id=ampim&o=436,185&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=511&tls=1512&g=100&h=100&tt=1512&r=v&avms=ampa&adk=1942330144

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7A40 42 B
64 B 18ms
17ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss2bxshhuWPxJmHJ6l-IFWQSG3m8qy2AaWYuE2i7b_YeUYPmCwbwg6USoR4O5cG6SahDuL1F3c5zix7dnRl_caqOiW262E2nX5GjcllD8DCDqGcQw3XrmPlHx2JVw&sai=AMfl-YRcsZzxgiMWKDgVhdjC2-LtsEBrAAnei4UV84ZNBVp3jv-OtAj3XKob344KCG_deXkoJtvUPkI0bc6R7B0x3QYloHmoXQVBI1dohXxj5R6UjuaqzVysNBCNjlDpdbucNnHWYsS5I0YCBaPx4Oc&sig=Cg0ArKJSzBpHVp6FfmkWEAE&cid=CAASPeRo7pw-4uGgRi4DD-6MbqyV-lM3_PmBcgBGWNh99uG14PIFiMtjiA8SA5OfcBb3nFOSlvh2nkPiRraLOE8&id=ampim&o=965,543&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=455&tls=1455&g=100&h=100&tt=1455&r=v&avms=ampa&adk=418750488

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1527 42 B
64 B 16ms
15ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssprHVK73XoWFFF0g1nKrmvvBC-HIduMqGv33uX9Fy_gR4vUdRsEjfufUDX7cvEZzqEksT_akydXK8qoT8H6LRkWcbuFNtDFL6g_LlIw3F2iHiLpNakWwv_eY_9rA&sai=AMfl-YSrm2YTIzXgn4nY8Wz1_STJm1j6vIvv82M67zEO1CRbVLE3nQBsmsE2W9_ITaYInFBjDscNCL0KfQF81yVKuQempH3Wwhnd84tBR-joP4VJUaUF7tK-W6F--HNKNswr_bxX10DR2_Hmi1zmDiM&sig=Cg0ArKJSzFgX2M_SFfU5EAE&cid=CAASPeRoTHR1V0r4cFOLM5NH66fhNjK3fiM2FMwzIUdLve9FzW2bzWD1yZqe05ZUNNbxYDP8RVKvECMNiObMnfU&id=lidar2&mcvt=1000&p=1110,436,1200,1164&asp=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210809&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2969241683&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628660359607&dlt=37&rpt=909&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.tomshardware.com
URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 231C 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9z3HyIzcJGeV8LT4aK2tgd1bFrYufKh4YN0tMqsf-lloSAvQjNB7_9MQZdXtethYDtZG-DTZrCXOx929LY5HcDvj4Tj3hqBcsCSoNfmxLMSeWSM9zAKsRrDgdlw&sai=AMfl-YQ2aH7gjuzFPTP7T1OIKfgtjwg7cSR-8zYSFuT4fmZ3EWTpo0YRmAmvGRzABtveSQqYfE9WuLt2G_7N4FyhWVD3uBtkJgd_KC7C4y9Ud84719Qyu8LXs_3_PEtGhXO-7hk6cmFIG6ccfy8Bkfo&sig=Cg0ArKJSzPNdld3_GGxnEAE&cid=CAASPeRoIo4yV4KwtJWKYaXVKqGOS1RLCAszXd267rZplfuqvyJKDYCW6nAG-GJoS28yFJ0VCRuM3h9AMOmqWMs&id=ampim&o=115,365&d=160,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=548&tls=1548&g=100&h=100&tt=1549&r=v&avms=ampa&adk=2434903719

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 279B 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXC9ZB4Z94f_MN0lMB7Pypo1D7-tH-pQ2aHxv6LpjGM2-pLZQt6u31edoYkLWtTPKftQmbVJV4Bz3X1FjggqXBqhxh_Hkik7wGL6ev9xtKmNYxWz6-K_IVa1u63A&sai=AMfl-YQRBcgcmbY1YD7ewVmhji9U7rAA1ZEXhNSVaD7iPp-o-xbwEJDQzPWuO6z-qQWADN2RdYluOFtQs7ORQZyt7kGO16fpQ_knY1AMpGrHX_SbEuMPImScKrKqbHrEUdVHwBnkve1j_ocwV6SRHoE&sig=Cg0ArKJSzGW5ZKV1vm2IEAE&cid=CAASPeRoamslQG20PN_pYEZ7HOm5wUlyCV7ZuRhX3_uQuYlnu1NRfh0KLgJNZik-cIEAwq05ndBNkGiZDDbu5LU&id=ampim&o=1325,365&d=160,600&ss=1600,1200&bs=1600,1200&mcvt=1002&mtos=0,0,1002,1002,1002&tos=0,0,1002,0,0&tfs=563&tls=1565&g=100&h=100&tt=1565&r=v&avms=ampa&adk=2434903716

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tomshardware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 05:39:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tomshardware.com/	1970-01-20 05:53:44	Name: _parsely_visitor Value: {%22id%22:%22pid=2ed64bd83e191fcd7be9d0fa4cc7c3ad%22%2C%22session_count%22:1%2C%22last_session_ts%22:1628660351378}
.tomshardware.com/	1970-01-19 20:24:22	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws%22%2C%22sref%22:%22%22%2C%22sts%22:1628660351378%2C%22slts%22:0}
.tomshardware.com/	1970-01-19 20:24:20	Name: _gat_hawkWidgetsAffiliate Value: 1
.www.tomshardware.com/	1969-12-31 23:59:59	Name: FTR_Country_Code Value: BE
.tomshardware.com/	1970-01-19 20:25:46	Name: _gid Value: GA1.2.54513274.1628660351
.tomshardware.com/	1970-01-19 20:24:23	Name: AMP_TOKEN Value: %24NOT_FOUND
.tomshardware.com/	1970-01-20 13:55:32	Name: _ga Value: GA1.2.903688957.1628660351
.www.tomshardware.com/	1969-12-31 23:59:59	Name: FTR_Cache_Status Value: (null)

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	warning	URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js(Line 1) Message: Permutive was not initialized. localStorage not supported
console-api	error	URL: https://quantcast.mgr.consensu.org/tcfv2/28/cmp2.js?referer=www.tomshardware.com(Line 1) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws(Line 375) Message: tomshardware loaded successfully.
console-api	log	URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws(Line 296) Message: DOMContentLoaded at 894
console-api	log	URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/main.c195831eafe2af860e56.bundle.js(Line 14) Message: No archive filter present
console-api	log	URL: https://vanilla.futurecdn.net/tomshardware/319417/media/shared/js/main.c195831eafe2af860e56.bundle.js(Line 14) Message: no primary nav
console-api	log	URL: https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws(Line 297) Message: PageLoad at 1762
console-api	warning	URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 1) Message: %c BORDEAUX background: #800020; color: #ffffff Error ignored because of sample rate
console-api	error	URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 1) Message: %c BORDEAUX background: #800020; color: #ffffff Error: CMP __tcfapi timeout after 5000ms
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080901.js?31062219(Line 6) Message: Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080901.js?31062219(Line 6) Message: [GPT] Exception in googletag.cmd function: TypeError: Cannot read property 'getItem' of null.
console-api	warning	URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 1) Message: %c BORDEAUX background: #800020; color: #ffffff DFP issue: missing ad unit. Replacing with default: /article
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws
console-api	info	URL: https://cdn.ampproject.org/rtv/012107240354000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2107240354000 https://www.tomshardware.com/news/splunk-details-crypto-mining-malware-targeting-aws

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
99924c95fcddb7fd005c77148c8930be.safeframe.googlesyndication.com
ads.servebom.com
adservice.google.be
adservice.google.com
ampcid.google.com
ampcid.google.de
api.vanilla.futurecdn.net
bordeaux.futurecdn.net
cdn.adsafeprotected.com
cdn.ampproject.org
cdn.mos.cms.futurecdn.net
cdn.onesignal.com
cdn.parsely.com
champagne.futurecdn.net
d4el4parm0zb3.cloudfront.net
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
freyr.futurecdn.net
googleads.g.doubleclick.net
hawk.tomshardware.com
i.clean.gg
p1.parsely.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
quantcast.mgr.consensu.org
r.skimresources.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
slice.vanilla.futurecdn.net
stats.g.doubleclick.net
tpc.googlesyndication.com
uk-script.dotmetrics.net
vanilla.futurecdn.net
www.google-analytics.com
www.google.com
www.googletagservices.com
www.tomshardware.com
13.224.96.37
142.250.186.66
151.101.14.114
151.139.128.11
185.113.25.61
199.232.198.114
2600:9000:2057:3c00:16:61ad:2fc0:21
2600:9000:2190:5400:9:46dc:4700:93a1
2606:4700::6812:551
2606:4700::6812:e234
2a00:1450:4001:801::2003
2a00:1450:4001:802::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:812::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:830::2001
2a00:1450:4001:830::200a
2a00:1450:400c:c0c::9c
34.95.69.49
35.190.59.101
52.205.167.202
52.84.45.35
54.194.212.219
65.9.7.60
67.27.233.124
8.248.113.252
99.86.4.12
026b84e95c55e27bb581c5247aee83779725246c1a71167d45799b8e631bbbc3
08232f84e43272025c2b36f3137dea704c163a437063ce28b39b64222658001e
09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee
0bc8319322da0cf3e9f9dc13928f48aeecb073fca5c88471e867c41a9608e1ab
0ccc52d64165826b4617b8562fc6014853a380bebb2dbb01653b4e003b2af9ec
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
11d155e10b3b6a9c690fff71d3d295654bac79e29ecdd0d0b77369c0f620ebe3
12b9d92963b594157b22adeebfbcf463b80c5d504f0fefe3bee1533e20a996c9
16022a1d920c53cf18ede216a4cad4fda672916cf4a1491601a119de61898db2
1609bdcf4696c8146359638f33c35febdaba621dea00137283c61efc17504909
17210441eb1fe78d0542691fd23d8bee0996d961d7335c9648aa39c15be73617
1738d1f9bff305d5c00707be7f792ccb88f13f5ca40fc86ebcd5e7587304f363
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18fbdf7b54a6b6287b395246e3dc770b913d175efa634d89f55eb88dac3264bb
1d51a4ce647d02f462b4fb57f1607009cab8c1c7beae1b837c1bfcf52e9e09ca
280bafc52615c7f086cdd177161e2a3675f0b3f1ca90bd5ade6b6a076e86984e
29507fd3a172d0d54a23c53defa95fe78dbf477c5577b7b789abc2946c8a40d8
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
333d854293d1e3e611f84e5056f88ab279669c2421d8f60d16a5d79e12110ab8
33fadf7d5891836679e316c95edc74f50860fc1aaa3f892118b2c00d94833b5e
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
38817a74140cf776573a0449151634e3b0d493f406326904cd33fdfe93fddb24
398768439ab0daad8ea31df8026e5c258d269507912e63506bcdaaa78856f093
39a9be75f37f52ea6cde06859a1bccb23398f94b9f886cb14be67e4ab0bfb195
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
3e9468665c5acce5c3dae0f39f6960c6a2556cb15ae40568ede28237920830f5
3f2dabfb416c5178cc141e0b750a4ec8266a10e5a84d163bbc675aed7e0972a4
4075d8c0c312c24df5548f967cab5fbf808fe78fdcef9d4032bad92f6cacbb70
4427a7a29dd9086c912a5c9ae99901585889e2e24f4120a13c69e8c13a49ce88
4ca739a13d804ea8806c9878d5b463d2a2c2a75b61a1b2f8a8e104e9b0daecb5
4f0fb5e7aee1812174996e6d522c9920704a3c9397d1599000fa9a79070e446d
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
52cba504db8540c0ce693d325ae20b20730dbe808cd3f57706d38371c7c19932
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
58a997b617dfac0415762726843d9062e24b41a0ce9d4f18da7a28798ff60c94
5a15cc0b52643e6a4f004e6417943e59c32db14902166ba7317ca06a169f859d
5c0e5b8ab432dbc1aa10af697ef5e0205b565c913fcdda2fcb31c16e529cdb81
5fbb36bdcd7fcb6a1962d355dccfab3262736d4d198a389ffb85a3fa3d2440d4
63757fb1a6cbb90253ca9e7a6123c8c6b60728a30ac3fd9f6e6f7203c96d9cef
645a80058a6a22a957751f3ddb0614e4704e0440f97daf7dbca263be8af8234b
66f7603ae0f1fbff772f5ac2d0983d0a06508dc41f91e8d0d6fb5d15d2513068
6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda
6aefcc7bb5b382505a0609d91d1cd22cb92cefbc5cb1c89ac522b51420bf4364
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c6f5cb46371738300a33bdbc132704f028bb51a01ab619503d4c250de2500fe
6ed0702c109875dca01cfa51b44aa5c9da3f51892f8e9ba54e523d772ca20afb
6fa9f6daeb5ea015127452f1da970c52305740e71faf2020c901370ce21a8aa1
76fe33c8be19d754ced79db88a4ce7a57a5bcf6168036e15166d4368df128fd9
78e0bdeabeebc2dc279c8a9321a3c05dfee71e89123ee3d480fb83fe9d308aed
7a223174668e40dccd38462d34304503b75e31e700bff92b7e9e8fdda3274670
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83070c6af3b52c94b17addaa2bcdf1a8a920fefff6e205a4a569c63d8599aa01
83113ce831f3f1ec8841232d895e17f722444b1939f5230891f7ff17a7c53618
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a
87600e9b1292376db680e8eeac7e4dd19ab18461786ca3a596a404e4867c14dd
87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad
89189c55b69e3dd2e2f7499687f8b7aa68df60f7a943d879dc0b33eb3343188e
8a89eeb21886a6eea35cf014222116f309b6fee699cb144a155c6ceca9de1b97
8cc20909d5d55bdff8507eb011162fd35886ad825abc8bf79fdb9b781f4c5c14
97bca555c0eccbb59d7eac3fa274571cc4aed29c360c3d71c6e340d0e0fc7261
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a339ca42bf61be144b6d25a7b86245bd2f584713491ec5172e4bc0a9a5c3715
a1a34fb861006bf7627d4df4c082a1a30e2897f697a405eed1dfdc938d331605
a3202c5584350517cab7f1de0d43d54db0979c449df18fe70241e8c35de80919
a33ec449c27e08c995d7a4daf8f56d434feab6601fbced963a7f33d4113bdd5e
a46aabc490b71402c5b01c1cc8bcd64961454f712fe7c2fe88061eef1df968c5
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6182c60f8719cc0e93d50c1c92efdcdf4d7bd9492988de31e3207c7a2f9450d
a6f8bfaef875088ab0791e9118f7884ddfb82296331ba2b32b5598298c941293
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7fa0af6aada057915816758d27595cbbd2beca52c263d5891c29c751196afb9
aa33ff28df27cb82f3db3f7e5b9f726796099b323565ef93a867a2b4b440154f
ab33833bc640c1e1f87df23da79b5147d840c88a259298b0281265629d2f48e6
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
ad61c121fee28bce385f3468985f88047885b5500b755048d487d949a6381119
b21404375f410001d197ea154cf07fd35e0b9b6f9816851c3a0a74a4cab51fdc
b31a2dfb910d5e0292d6639f0c1a9b6ecc2471ba71ba18e3dc27cd5a033cf463
b3f65288fd447fe63bd30350e2343a2181703816b5f13bdcd43f1fd1b99c63ba
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b826f485873b923a0a9046262b9d026e8f4d2094da1e98e527f279eb9b148d6c
b83607919d80709ce94ae9890ddfff1e39ee9b1b9633fbd51dc1f49ddd0abe7c
bad9ce8b7a8ff2f11d2d64c6471814ce99014c5fc55f29e96a7ffb84fea03dd7
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c8398e31b3b73e52aa057275f126aa35ade28a0ad82e6cbf2b11236ad2c7018c
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cabcc14eef05a71ce9dec2def4ea1d0b1e96212339b673beba93c11c329561ff
cc1ec0948721d268551e2b5c9de2f7b2046682493ce8b56f5fd94532624e76db
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d361027033a4488c38b28940726f768642dde03b9139de834fad457a8afa92fe
d59c1fc18a0c051602414550c5d8d96cb7a87af8674e67298ed58118826d2dff
d59e716d51fb15ef85fcf4072a412928e0dd66727e8af2dcf82957637797b872
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d867f01ddeb0046fff1579890a34e0f0aca6b83f0380181c8d81ca38429bd43c
d9bc0e4626a51a8027a28cd8373510b395371146026676626fd3dd65d6213fe6
dd93985eea800fc37126144256a16050847e783c4e53afac03c10ae1ba7e9e15
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e2fa6d1855227e4e14798ec81eb6b99fc1bba60cbe4a13f6e7dc93ca1d37a924
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e698b324b44b78001346a831c0cf96da80f9edf3444ddaef06d01fa86f23cd59
ee42c91f297eb0f204bf184600c3194d54e6908830639db14e37b5b158ea0ee7
eecda7280d7a8779cb5ff8bf7459b430bf970052106a1c4b186ff2eddd8c82d7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a873716ff3480e85d10a6ed6eab27efebd838cef25975318acb061f2593813
f1f26c189e8654d5343556c28de86cbbcc0629da4199f6d6060fd40f7c7969ee
f37388999381aafbfa45c55ead9692cf7d68f9b2910d666a6e93d81c83436403

www.tomshardware.com Open in urlscan Pro 199.232.198.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

192 Requests

100 %HTTPS

55 %IPv6

23 Domains

39 Subdomains

34 IPs

5 Countries

3204 kBTransfer

9310 kBSize

8 Cookies

22 Outgoing links

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tomshardware.com Open in urlscan Pro
199.232.198.114 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

100 %
HTTPS

55 %
IPv6

23
Domains

39
Subdomains

34
IPs

5
Countries

3204 kB
Transfer

9310 kB
Size

8
Cookies

192 HTTP transactions
13 data transactions