www.zawya.com Open in urlscan Pro
45.75.204.24 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Submission: On November 05 via api (November 5th 2021, 6:19:13 am UTC) from GB — Scanned from GB

Summary HTTP 114 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 41 IPs in 7 countries across 26 domains to perform 114 HTTP transactions. The main IP is 45.75.204.24, located in Hoddesdon, United Kingdom and belongs to DIGITAL-REALTY-UK, GB. The main domain is www.zawya.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on January 22nd 2020. Valid for: 2 years.

This is the only time www.zawya.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	45.75.204.24 45.75.204.24	49425 (DIGITAL-R...) (DIGITAL-REALTY-UK)
8	2a00:1450:400... 2a00:1450:400e:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21f... 2600:9000:21f3:400:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:21f... 2600:9000:21f3:9400:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:400e:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400e:802::2008	15169 (GOOGLE) (GOOGLE)
1	162.215.209.216 162.215.209.216	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	142.250.179.130 142.250.179.130	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400e:80f::2002	15169 (GOOGLE) (GOOGLE)
6	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400e:801::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba11	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	13.224.193.4 13.224.193.4	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1 6	34.240.225.16 34.240.225.16	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:20e... 2600:9000:20eb:8600:1f:612c:5a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.1.28.182 52.1.28.182	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	2a00:1450:401... 2a00:1450:4013:c00::9b	15169 (GOOGLE) (GOOGLE)
18	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
10	52.34.133.113 52.34.133.113	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400e:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	104.16.138.31 104.16.138.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f00... 2a03:2880:f007:1:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f04... 2a03:2880:f045:12:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	151.101.128.84 151.101.128.84	54113 (FASTLY) (FASTLY)
1 2	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
114	41

15 45.75.204.24 (Hoddesdon, United Kingdom)

ASN49425 (DIGITAL-REALTY-UK, GB)

www.zawya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400e:810::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:400:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21f3:9400:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80f::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:802::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.215.209.216 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-215-209-216.unifiedlayer.com

rtbonecode.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.179.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams17s10-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400e:80f::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400e:801::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba11 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-4.fra2.r.cloudfront.net

t.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.240.225.16 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-225-16.eu-west-1.compute.amazonaws.com

collector.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (San Francisco, United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:8600:1f:612c:5a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

detect-survey.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.1.28.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-28-182.compute-1.amazonaws.com

survey.effectivemeasure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4013:c00::9b (Groningen, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

load.sumome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.34.133.113 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-133-113.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:803::200e (Ireland)

ASN15169 (GOOGLE, US)

clients6.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.138.31 (None, )

ASN13335 (CLOUDFLARENET, US)

api.bufferapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f007:1:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f045:12:face:b00c:0:2 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

api.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.84 (United States)

ASN54113 (FASTLY, US)

widgets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.140 (United States) 1 redirects

ASN54113 (FASTLY, US)

reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	sumo.com load.sumo.com sumo.com	641 KB
15	zawya.com www.zawya.com	474 KB
11	googlesyndication.com pagead2.googlesyndication.com f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com tpc.googlesyndication.com	187 KB
10	effectivemeasure.net 1 redirects t.effectivemeasure.net collector.effectivemeasure.net detect-survey.effectivemeasure.net survey.effectivemeasure.net	11 KB
10	doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net	152 KB
7	google.com adservice.google.com www.google.com clients6.google.com	2 KB
5	google-analytics.com www.google-analytics.com	21 KB
5	google.co.uk adservice.google.co.uk www.google.co.uk	2 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
3	optad360.io cmp.optad360.io get.optad360.io	231 KB
2	reddit.com 1 redirects reddit.com www.reddit.com	965 B
2	facebook.com graph.facebook.com api.facebook.com	1 KB
2	googleadservices.com partner.googleadservices.com www.googleadservices.com	15 KB
2	googleapis.com ajax.googleapis.com fonts.googleapis.com	69 KB
2	jquery.com code.jquery.com	33 KB
1	pinterest.com widgets.pinterest.com	375 B
1	bufferapp.com api.bufferapp.com	442 B
1	sumome.com load.sumome.com	2 KB
1	twitter.com analytics.twitter.com	675 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	t.co t.co	470 B
1	ads-twitter.com static.ads-twitter.com	6 KB
1	licdn.com snap.licdn.com	2 KB
1	rtbonecode.com rtbonecode.com	26 KB
1	googletagmanager.com www.googletagmanager.com	73 KB
1	googletagservices.com www.googletagservices.com	27 KB
114	26

	Domain	Requested by
17	load.sumo.com	load.sumome.com
15	www.zawya.com	www.zawya.com code.jquery.com
10	sumo.com	load.sumo.com
8	pagead2.googlesyndication.com	www.zawya.com pagead2.googlesyndication.com tpc.googlesyndication.com
6	collector.effectivemeasure.net	1 redirects www.zawya.com t.effectivemeasure.net
6	securepubads.g.doubleclick.net	www.googletagservices.com get.optad360.io securepubads.g.doubleclick.net
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.zawya.com
3	www.google.com	www.zawya.com tpc.googlesyndication.com
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.co.uk	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.googleadservices.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	survey.effectivemeasure.net	t.effectivemeasure.net
2	px.ads.linkedin.com	2 redirects
2	www.google.co.uk	www.zawya.com
2	code.jquery.com	www.zawya.com
2	get.optad360.io	www.zawya.com get.optad360.io
1	www.reddit.com
1	reddit.com	1 redirects
1	widgets.pinterest.com	load.sumo.com
1	api.facebook.com	load.sumo.com
1	graph.facebook.com	load.sumo.com
1	api.bufferapp.com	load.sumo.com
1	fonts.googleapis.com	client
1	clients6.google.com	load.sumo.com
1	load.sumome.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	analytics.twitter.com	static.ads-twitter.com
1	detect-survey.effectivemeasure.net	t.effectivemeasure.net
1	cdn.jsdelivr.net	get.optad360.io
1	px4.ads.linkedin.com	www.zawya.com
1	www.linkedin.com	1 redirects
1	f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	t.co	www.zawya.com
1	t.effectivemeasure.net	www.zawya.com
1	static.ads-twitter.com	www.zawya.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	rtbonecode.com	www.zawya.com
1	www.googletagmanager.com	www.zawya.com
1	ajax.googleapis.com	www.zawya.com
1	cmp.optad360.io	www.zawya.com
1	www.googletagservices.com	www.zawya.com
114	44

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.refinitiv.com
privacyportalde-cdn.onetrust.com

Subject Issuer	Validity	Valid
*.zawya.com COMODO RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-01-21`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.optad360.io Amazon	`2020-12-17` - `2022-01-15`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
rtbonecode.com cPanel, Inc. Certification Authority	`2021-08-11` - `2021-11-09`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.effectivemeasure.net Amazon	`2021-02-02` - `2022-03-03`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-01-12` - `2022-01-11`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
*.sumome.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
api.bufferapp.com DigiCert SHA2 Secure Server CA	`2020-06-24` - `2022-08-16`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-14` - `2021-11-12`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-27` - `2022-08-05`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Frame ID: 34974A7A0D735AFDEF8B0E248E2DBC2F
Requests: 106 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211101/r20190131/zrt_lookup.html
Frame ID: 2F98F8F8D72A465D7705579B8D1938E2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9000706886751171&output=html&adk=1812271804&adf=3025194257&lmt=1636093146&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636093144934&bpp=1895&bdt=318&idt=1991&shv=r20211101&mjsv=m202111010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=584138802947&frm=20&pv=2&ga_vid=710002794.1636093147&ga_sid=1636093147&ga_hid=471514208&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062945%2C31063221%2C31063183%2C31062931&oid=2&pvsid=3491288030683735&pem=278&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=2005
Frame ID: BA523284ACFCCBF7A416732F87EE4E84
Requests: 1 HTTP requests in this frame

Frame: https://f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F206A60300B4F35D4FD1BFCAC0DAC6B1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 72E10D49F940860A5B9842B65FE3EB05
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C78037086CE8FA02592FB13E1E805D83
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page Not Found | ZAWYA MENA Edition

Page Statistics

114
Requests

96 %
HTTPS

60 %
IPv6

26
Domains

44
Subdomains

41
IPs

7
Countries

1978 kB
Transfer

7667 kB
Size

36
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Zawya/?fref=ts

Search URL Search Domain Scan URL

URL: https://twitter.com/Zawya

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zawya?trk=biz-brand-tree-co-name

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/eikon-trading-software?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Eikon_Zawya&elqCampaignId=14924
Title: Eikon

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/eikon-trading-software/eikon-messenger-secure-messaging?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Eikon_Messenger_Zawya&elqCampaignId=14924
Title: Eikon Messenger

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/financial-data/company-data/middle-east-company-data?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=MENA_Company_Data_Zawya&elqCampaignId=14924
Title: MENA Company Data

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/islamic-finance?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Islamic_Finance_Zawya&elqCampaignId=14924
Title: Islamic Finance

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/eikon-trading-software/mena-project-tracker?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=MENA_Projects_App_Zawya&elqCampaignId=14924
Title: MENA Projects App

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/knowledge-direct-api-integration?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=TRKD_Zawya&elqCampaignId=14924
Title: Knowledge Direct

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/lipper-fund-research?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Lipper_Zawya&elqCampaignId=14924
Title: Lipper

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/fx-trading?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=FXT_Zawya&elqCampaignId=14924
Title: FXT

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/datastream-macroeconomic-analysis?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Datastream_Zawya&elqCampaignId=14924
Title: Datastream

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/elektron-enterprise-data-management?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Elektron_Zawya&elqCampaignId=14924
Title: Elektron

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/enhanced-due-diligence?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=EDD_Zawya&elqCampaignId=14924
Title: Enhanced Due Diligence

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/world-check-kyc-screening?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=WorldCheck_Zawya&elqCampaignId=14924
Title: World-Check

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/autoaudit-internal-auditor-software?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=AutoAudit_Zawya&elqCampaignId=14924
Title: AutoAudit

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/products/connected-risk-management?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=ConnectedRisk_Zawya&elqCampaignId=14924
Title: Connected Risk

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/financial-data/company-data/middle-east-company-data?utm_source=Zawya.com&utm_medium=cta_link&utm_campaign=Companies_Zawya&elqCampaignId=14924
Title: MENA Company Data Access the most comprehensive database of companies and officers in the Middle East and North Africa, covering all major sectors and industries, from Refinitiv.

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/infrastructure-investing?utm_campaign=502711_ZawyaInfra360Promo&elqCampaignId=15511&utm_source=Zawya&utm_medium=Referral&utm_content=&utm_term=&referredBy=MENAProjects
Title: MENA Projects App Screen, analyze and compare projects in the Middle East and North Africa across Infrastructure, Real Estate, Industrial and Energy sectors with Refinitiv’s Eikon.

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/policies/privacy-statement/
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/policies/terms-of-use
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://privacyportalde-cdn.onetrust.com/dsarwebform/5f7a2da0-bed0-45e8-ac2c-c1f297e2efdc/1234b4c9-a981-4092-b398-cb80005998cf.html
Title: Do not sell my info

Search URL Search Domain Scan URL

URL: https://www.refinitiv.com/en/policies/privacy-statement/#cookies
Title: Cookie Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://collector.effectivemeasure.net/beacon/get?cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1636093147124_1 HTTP 302
https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1636093147124_1

Request Chain 51

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2237306%26time%3D1636093147189%26url%3Dhttps%253A%252F%252Fwww.zawya.com%252Fmena%252Fen%252Fstory%252Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&liSync=true&e_ipv6=AQKlGJDRuMvX9AAAAXzuwDu4q4pgwfNewLt6wwSrasfXTOyfoR_rHcSlXOxP5pgqYe-yupoOEQ

Request Chain 105

https://reddit.com/button_info.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&jsonp=jQuery1102009019774757334909_1636093148890&_=1636093148891 HTTP 301
https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&jsonp=jQuery1102009019774757334909_1636093148890&_=1636093148891

114 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/ 47 KB
12 KB 4585ms
3770ms Document
text/html 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 / JSP/2.2
Resource Hash: 5ebcd2036fda2987f378934921f83a43229cb450feface3ab7470b13e06537a0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Date: Fri, 05 Nov 2021 06:19:02 GMT
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
X-Powered-By: JSP/2.2
Content-Type: text/html;charset=UTF-8
Content-Language: en
Keep-Alive: timeout=600, max=79
Connection: Keep-Alive
X-Expires-Orig: None
Cache-Control: max-age=0, must-revalidate, private private
Content-Encoding: gzip
Transfer-Encoding: chunked

GET
H/1.1 200
OK super-en.css
www.zawya.com/resources/styles/ 578 KB
114 KB 1881ms
1880ms Stylesheet
text/css 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/styles/super-en.css?r2362021
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 2c83ffa05c8bf861d20fc6b860df04dea584324c4b6f0269e935eabe226afe76

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cteonnt-Length: 591877
Date: Fri, 05 Nov 2021 06:19:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:47:54 GMT
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Connection: Keep-Alive
Keep-Alive: timeout=600, max=17
Expires: Sun, 05 Dec 2021 06:19:03 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 103ms
52ms Script
text/javascript 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43def099927bb599ce43ec7561871a2e423d139dd71426d89c5dbf735feabbcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51533
x-xss-protection: 0
server: cafe
etag: 8865927619150286824
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 05 Nov 2021 06:19:04 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 79 KB
27 KB 107ms
37ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed6faf844515d96cf2cd4de640e1bfd92f57dd593d9df983dd8ea770c238bc1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1034 / 973 of 1000 / last-modified: 1636063715"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27090
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 05 Nov 2021 06:19:06 GMT

GET
H2 200 d0a21f2e-c714-4e79-879f-212e78803c93.min.js Show response
cmp.optad360.io/items/ 497 B
831 B 154ms
49ms Script
application/javascript 2600:9000:21f3:400:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/d0a21f2e-c714-4e79-879f-212e78803c93.min.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:400:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 02:09:13 GMT
via: 1.1 debe291145dc27044f50d04bac101cd9.cloudfront.net (CloudFront)
last-modified: Mon, 12 Apr 2021 08:54:56 GMT
server: AmazonS3
age: 14994
etag: "7acdc116a0830ba0aef5e087010246ba"
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 497
x-amz-cf-id: EilN7jQW8DH4JjmbpwSmKPyEDsTsYUE96iF5bI-8csbMD2wOdOdnDw==

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/6557e0b8-01f9-4342-90f5-5681c898d4d5/ 370 KB
88 KB 117ms
37ms Script
application/javascript 2600:9000:21f3:9400:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/6557e0b8-01f9-4342-90f5-5681c898d4d5/plugin.min.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:9400:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db2c77c5e90cdfc6da2c63fffba1987e761f759c15676561cae8023cc975c571

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:11:30 GMT
content-encoding: gzip
last-modified: Mon, 25 Oct 2021 14:35:58 GMT
server: AmazonS3
age: 457
etag: W/"db89386889d98faa3959a7a73ef2dced"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: oBpT-1wPKyu_VyRBkWELS6vVGxFiP-Y9_t4hTLgAH3dKms6Fwf5Dag==

GET
H/1.1 200
OK modernizr-2.8.3.min.js Show response
www.zawya.com/resources/scripts/ 15 KB
7 KB 556ms
556ms Script
text/javascript 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/scripts/modernizr-2.8.3.min.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 2b0f8526e7a1b0f1fb42e8acec3c1e7737a1a3065b773ebd13a492952f557967

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:14 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
ntCoent-Length: 15514
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=96
Content-Length: 6479

GET
H/1.1 200
OK zawya-en-logo-blue.svg
www.zawya.com/resources/img/ 2 KB
3 KB 867ms
165ms Image
image/svg+xml 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zawya.com/resources/img/zawya-en-logo-blue.svg?rft
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 099f02da66b7e577706a47f6f53d5d3bd681cfa2e798e88e5a87a89cc726d732

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:18 GMT
Last-Modified: Wed, 06 Oct 2021 12:10:05 GMT
Server: Apache-Coyote/1.1
Content-Type: image/svg+xml;charset=UTF-8
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Keep-Alive: timeout=600, max=48
Content-Length: 2524

GET
H/1.1 200
OK zawya-en-logo-white.svg
www.zawya.com/resources/img/ 2 KB
3 KB 676ms
184ms Image
image/svg+xml 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zawya.com/resources/img/zawya-en-logo-white.svg?rft
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 58975648a19c8904563928b9dc01b88095a8033a7408528bd5b6cbd0da11d564

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 06:19:06 GMT
Last-Modified: Wed, 06 Oct 2021 12:47:54 GMT
Server: Apache-Coyote/1.1
Content-Type: image/svg+xml;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: Keep-Alive
Keep-Alive: timeout=600, max=23
Content-Length: 2513
Expires: Sat, 05 Nov 2022 06:19:06 GMT

GET
H/1.1 200
OK tr-logo-footer.png
www.zawya.com/resources/images/v2_temp/ 791 B
1 KB 626ms
175ms Image
image/png 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zawya.com/resources/images/v2_temp/tr-logo-footer.png?rft
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 983ca6f337a4328882a226d3305efdbf650a69fe71d766e3471701ba712082b0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:17 GMT
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Keep-Alive: timeout=600, max=30
Content-Length: 791

GET
H2 200 jquery-3.0.0.min.js Show response
code.jquery.com/ 84 KB
30 KB 163ms
55ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.0.0.min.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2016 18:32:50 GMT
server: nginx
etag: W/"5759b652-15145"
vary: Accept-Encoding
x-hw: 1636093145.dop204.ml1.t,1636093145.cds202.ml1.hn,1636093145.cds017.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29995

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/ 248 KB
67 KB 92ms
23ms Script
text/javascript 2a00:1450:400e:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 04 Nov 2021 14:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57333
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67948
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Fri, 04 Nov 2022 14:23:32 GMT

GET
H2 200 jquery-migrate-3.0.1.min.js Show response
code.jquery.com/ 11 KB
4 KB 55ms
54ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.0.1.min.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 1743b54e611ae08f0ddb89d8d1bc9ae7d78feacbd672c86a5f5bb3c1a582e05e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:05 GMT
content-encoding: gzip
last-modified: Wed, 27 Sep 2017 00:42:14 GMT
server: nginx
etag: W/"59caf3e6-2c9d"
vary: Accept-Encoding
x-hw: 1636093145.dop204.ml1.t,1636093145.cds202.ml1.hn,1636093145.cds022.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 3468

GET
H/1.1 200
OK plugins.min.js Show response
www.zawya.com/resources/scripts/jquery/ 440 KB
123 KB 1595ms
1595ms Script
text/javascript 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/scripts/jquery/plugins.min.js?V2
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f1197ad6692c49220cea25673e76c0846a7669a005ac5772188376f069ce96c1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
ntCoent-Length: 450319
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=31

GET
H/1.1 200
OK highstock.js Show response
www.zawya.com/resources/scripts/charting/ 162 KB
65 KB 1842ms
1842ms Script
text/javascript 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/scripts/charting/highstock.js?v222
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: fa105293542faf80a140214fbe36ebceb317dec1db345278689f0760a63a3a43

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
ntCoent-Length: 166313
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=94

GET
H/1.1 200
OK stock-charts-simple.js Show response
www.zawya.com/resources/scripts/charting/more/ 10 KB
3 KB 702ms
168ms Script
text/javascript 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/scripts/charting/more/stock-charts-simple.js?v222
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 59432971c1632c0e57a43e2669b1bb1517c036c2e7348c4a055aa07cdc62fab2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
ntCoent-Length: 9859
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=49
Content-Length: 2263

GET
H/1.1 200
OK custom_v2.js Show response
www.zawya.com/resources/scripts/ 22 KB
7 KB 837ms
176ms Script
text/javascript 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/scripts/custom_v2.js?v122018
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 179454f00bafb599b0cfa7a2ab3279574ff2888177819515c4141392c84cd8d8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 05:31:18 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
ntCoent-Length: 22087
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=29
Content-Length: 6748

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111010101/ 271 KB
97 KB 44ms
42ms Script
text/javascript 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9000706886751171&plah=www.zawya.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

325cd341e86387263a68056c847df8e7d91c449d6408739d77d3435abf3dea75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99384
x-xss-protection: 0
server: cafe
etag: 12224976848444980383
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 05 Nov 2021 06:19:06 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211101/r20190131/ Frame 2F98 10 KB
5 KB 96ms
28ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211101/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9745d78c19b91ab26895980fdfdc81997e0397d58446db33584e5e4de1435845

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 04 Nov 2021 07:49:40 GMT
expires: Thu, 18 Nov 2021 07:49:40 GMT
content-type: text/html; charset=UTF-8
etag: 4894049669965931928
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4757
x-xss-protection: 0
age: 80965
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK proximanova-regular-webfont.woff
www.zawya.com/resources/fonts/Proxima_Nova_Fonts/ProximaNovaREGULAR/Fonts/ 27 KB
27 KB 580ms
535ms Font
application/octet-stream 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/fonts/Proxima_Nova_Fonts/ProximaNovaREGULAR/Fonts/proximanova-regular-webfont.woff
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/resources/styles/super-en.css?r2362021
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 738babc8ae57aadda3c4fc281b82fdb480c7f1005eb71cd7374bd7a45856ffa8

Request headers

Referer: https://www.zawya.com/resources/styles/super-en.css?r2362021
Origin: https://www.zawya.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cteonnt-Length: 27316
Date: Fri, 05 Nov 2021 05:31:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=50
Content-Length: 27259

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 233 KB
73 KB 96ms
45ms Script
application/javascript 2a00:1450:400e:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NFSL2G

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:802::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5ba9537e0c1e5cfbb549d3f57e73d578b61eecfe6cc2a455d70609b7ee376895

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74044
x-xss-protection: 0
last-modified: Fri, 05 Nov 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Nov 2021 06:19:06 GMT

GET
H2 200 container_FaH5L3S3.js Show response
rtbonecode.com/js/ 26 KB
26 KB 475ms
157ms Script
application/javascript 162.215.209.216
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbonecode.com/js/container_FaH5L3S3.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.215.209.216 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-215-209-216.unifiedlayer.com
Software: Apache /
Resource Hash: dd56d7b7843f5799cddab9827be73f65df1e319728ac47d591ef56a51618c987

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:06 GMT
last-modified: Tue, 12 Oct 2021 06:15:10 GMT
server: Apache
accept-ranges: bytes
content-length: 26273
content-type: application/javascript

GET
H/1.1 200
OK proximanova-bold-webfont.woff
www.zawya.com/resources/fonts/Proxima_Nova_Fonts/ProximaNovaBOLD/Fonts/ 27 KB
27 KB 708ms
667ms Font
application/octet-stream 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/fonts/Proxima_Nova_Fonts/ProximaNovaBOLD/Fonts/proximanova-bold-webfont.woff
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/resources/styles/super-en.css?r2362021
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: bfb21a3250a045e2c67342133c8eb45f690afab57b85c6adc795adf0be6c9b1c

Request headers

Referer: https://www.zawya.com/resources/styles/super-en.css?r2362021
Origin: https://www.zawya.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cteonnt-Length: 27788
Date: Fri, 05 Nov 2021 05:31:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:10:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=56
Content-Length: 27737

GET
H/1.1 200
OK fontawesome-webfont.woff2
www.zawya.com/resources/fonts/ 65 KB
65 KB 928ms
884ms Font
application/octet-stream 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/resources/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/resources/styles/super-en.css?r2362021
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 4f2721fcaed5436f55432318b274d1542e96753b56c6ec6cdbd1c0fdd46bc66d

Request headers

Referer: https://www.zawya.com/resources/styles/super-en.css?r2362021
Origin: https://www.zawya.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cteonnt-Length: 66624
Date: Fri, 05 Nov 2021 06:19:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 12:47:54 GMT
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=600, max=90

GET
H/1.1 200
OK footer_pattern_background.png
www.zawya.com/resources/img/ 16 KB
16 KB 475ms
462ms Image
image/png 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.zawya.com/resources/img/footer_pattern_background.png
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 20384a04a8e00a1d7bccddf106451964105d6675e056989850243fc3c730eaf4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 06:19:05 GMT
Last-Modified: Wed, 06 Oct 2021 12:47:54 GMT
Server: Apache-Coyote/1.1
Content-Type: image/png;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: Keep-Alive
Keep-Alive: timeout=600, max=24
Content-Length: 15932
Expires: Sat, 05 Nov 2022 06:19:05 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
634 B 81ms
29ms Script
text/javascript 142.250.179.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.zawya.com&callback=_gfp_s_&client=ca-pub-9000706886751171

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9000706886751171&plah=www.zawya.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.179.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams17s10-in-f2.1e100.net

Software

cafe /

Resource Hash

08f88f89b254e7225db9269a045b8a5a97005b3751a172a883595b746a7ab2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 106ms
38ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.zawya.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 84ms
31ms Script
application/javascript 2a00:1450:400e:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zawya.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
56 B 39ms
38ms Image
image/gif 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&tn=DIV&id=cookie-policy-container&cls=cookie-policy%20alert&ign=false&pw=1600&ph=1200&x=0&y=1130.4

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
121 B 38ms
38ms Image
image/gif 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&tn=HEADER&cls=website-header%20nav-down&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BA52 603 B
248 B 47ms
47ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9000706886751171&output=html&adk=1812271804&adf=3025194257&lmt=1636093146&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636093144934&bpp=1895&bdt=318&idt=1991&shv=r20211101&mjsv=m202111010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=584138802947&frm=20&pv=2&ga_vid=710002794.1636093147&ga_sid=1636093147&ga_hid=471514208&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062945%2C31063221%2C31063183%2C31062931&oid=2&pvsid=3491288030683735&pem=278&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=2005

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 05 Nov 2021 06:19:06 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 05 Nov 2021 06:19:06 GMT
cache-control: private

GET
H2 200 pubads_impl_2021110201.js Show response
securepubads.g.doubleclick.net/gpt/ 346 KB
117 KB 108ms
39ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

50ad3a273dd7803066fae0fb2e4eec57cdfb969f449d86309527578d7e08d249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118932
x-xss-protection: 0
last-modified: Tue, 02 Nov 2021 08:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 05 Nov 2021 06:19:07 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 271 B
777 B 105ms
38ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zawya.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

d9543efc140b0b4cb3b1e267e598a9f647360f29c96139e3d7098ab970b5cc6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141
x-xss-protection: 0
expires: Fri, 05 Nov 2021 06:19:07 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 121ms
39ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NFSL2G

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

55aa0299a6b880ddee3b6e438a6e155730fca9eaf992e5e4ac105ca1de5f3312

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14369
x-xss-protection: 0
server: cafe
etag: 15288909967828865177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 05 Nov 2021 06:19:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 74ms
23ms Script
text/javascript 2a00:1450:400e:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NFSL2G

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 3917
date: Fri, 05 Nov 2021 05:13:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Fri, 05 Nov 2021 07:13:50 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 189ms
51ms Script
application/x-javascript 2a02:26f0:6c00::210:ba11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NFSL2G
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 05 Nov 2021 06:19:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=40005
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 91ms
29ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-geo-cc_and_ra: GB-WAR
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000117-IAD, cache-hhn11530-HHN

GET
H2 200 tag.js Show response
t.effectivemeasure.net/ 22 KB
7 KB 102ms
31ms Script
application/javascript 13.224.193.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.effectivemeasure.net/tag.js?1636
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-4.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: be1c4031c965bdf06827008cc018d79cbed689468cd9be0e6810a56a5f6617d7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: O3a7WZEATOQUEXh0NtsTxnF269jGh9BQ
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 01:00:17 GMT
server: AmazonS3
age: 210141
etag: W/"93cb9d1cb96864d82a396bd64bd41630"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 eab88762658052b4a1e386f8521a38cf.cloudfront.net (CloudFront)
cache-control: public, max-age=604800
date: Tue, 02 Nov 2021 19:56:46 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Brz0i9JcSqPly7AT170fax_ooFvAGBFt6XlGyV69KY4rwkdGFP9igg==

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 24ms
23ms Script
text/javascript 2a00:1450:400e:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 05:23:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 05 Nov 2021 06:23:15 GMT

GET
H2 200 adsct
t.co/i/ 43 B
470 B 165ms
127ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nz6pt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c8791bfc-9f5a-448e-b49c-398210cd45fd&tw_document_href=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 107
pragma: no-cache
last-modified: Fri, 05 Nov 2021 06:19:07 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 3d2ea9e88fc96003baf021e80accb1a45fe798e2f7eb89d3ef3934e73ac6730d
x-transaction: f368806ab8f6e480
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
205 B 27ms
27ms XHR
text/plain 2a00:1450:400e:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=471514208&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aChAAEAjAAAAAC~&jid=533285899&gjid=137999980&cid=710002794.1636093147&tid=UA-97360464-1&_gid=752636115.1636093147&_r=1&gtm=2wgb31NFSL2G&cd1=Zawya&z=580859940

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.zawya.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 53ms
50ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/6557e0b8-01f9-4342-90f5-5681c898d4d5/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

fb0df6c15357ec8dc72eb074885489874da3d81ac76afdb89b80b7808481a3d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1034 / 316 of 1000 / last-modified: 1636063777"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27091
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 05 Nov 2021 06:19:07 GMT

GET
H2 200 prebid5.14.0.js Show response
get.optad360.io/sf/ 460 KB
142 KB 34ms
30ms Script
application/javascript 2600:9000:21f3:9400:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid5.14.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/6557e0b8-01f9-4342-90f5-5681c898d4d5/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:9400:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 13:57:25 GMT
content-encoding: gzip
last-modified: Thu, 23 Sep 2021 07:59:54 GMT
server: AmazonS3
age: 836503
etag: W/"6dd0a13bde35d2daa452bba998871016"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront)
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: X6YIEoGKo24W0admDq9vljrT9WvJnb9MXbjOIRicBpwgor0524Wj_w==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/927360938/ 2 KB
1 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/927360938/?random=1636093147118&cv=9&fst=1636093147118&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgb31&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&tiba=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1aed1a73256347950e99c3aab2d74c2d742cacd0e1b11c2d1a491d16570436f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

get Show response
collector.effectivemeasure.net/beacon/
Redirect Chain

https://collector.effectivemeasure.net/beacon/get?cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1636093147124_1
https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1636093147124_1

143 B
740 B

30ms
30ms

Script
text/javascript

34.240.225.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1636093147124_1

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

HTTP/1.1

Server

34.240.225.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-225-16.eu-west-1.compute.amazonaws.com

Software

nginx/1.20.0 / Express

Resource Hash

cc4feb3b606faa423fd10d09a2ad4ded3c43ff331e2121f280e2018864376ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Nov 2021 06:19:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 134
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 05 Nov 2021 06:19:07 GMT
Server: nginx/1.20.0
X-Powered-By: Express
Vary: Accept
Content-Type: text/plain; charset=utf-8
Location: https://collector.effectivemeasure.net/beacon/get?final=1&cookies=vt%2Copt_out%2Cc3%2Cslr%2Cslc%2Cdmp%2Cgc%2Cmb&callback=cb1636093147124_1
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 160
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
165 B 38ms
37ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.zawya.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 31ms
30ms Script
application/javascript 2a00:1450:400e:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zawya.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 414 B
235 B 65ms
64ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3491288030683735&correlator=3651260145972911&output=ldjh&impl=fifs&eid=31063183%2C31062931&vrg=2021110201&ptt=17&sc=1&sfv=1-0-38&ecs=20211105&iu_parts=21857811890&enc_prev_ius=%2F0%2F&prev_iu_szs=120x50&prev_scp=type%3Dsrch_sponsor_logo_new&cust_params=Environment%3Dprod&cookie=ID%3D3bc162e859209ae9-2253eed10acb00e3%3AT%3D1636093146%3ART%3D1636093146%3AS%3DALNI_MY6tI4O9XOjiQkyY1KM2dynx5_P7w&bc=31&abxe=1&lmt=1636093147&dt=1636093147160&dlt=1636093144616&idt=2521&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=2028730149&ucis=1&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=140x-1&msz=0x-1&ga_vid=710002794.1636093147&ga_sid=1636093147&ga_hid=471514208&ga_fc=true&fws=640&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

bc946a7e8db4726ea20c3ce47afee52fd173c3484d6a15f985bf03d0bf9cfd57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zawya.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 417 B
240 B 71ms
70ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3491288030683735&correlator=3651260145972911&output=ldjh&impl=fifs&eid=31063183%2C31062931&vrg=2021110201&ptt=17&sc=1&sfv=1-0-38&ecs=20211105&iu_parts=21857811890&enc_prev_ius=%2F0%2F&prev_iu_szs=1200x314%7C728x90%7C970x250%7C970x90&prev_scp=type%3Dleaderboard&cust_params=Environment%3Dprod&cookie=ID%3D3bc162e859209ae9-2253eed10acb00e3%3AT%3D1636093146%3ART%3D1636093146%3AS%3DALNI_MY6tI4O9XOjiQkyY1KM2dynx5_P7w&bc=31&abxe=1&lmt=1636093147&dt=1636093147164&dlt=1636093144616&idt=2521&frm=20&biw=1600&bih=1200&oid=2&adxs=200&adys=118&adks=2840055874&ucis=2&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x954&msz=1600x47&ga_vid=710002794.1636093147&ga_sid=1636093147&ga_hid=471514208&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

56a185e348a38c4981a814a37cffc8259214a8ef88a6891db1c90614fb05e457

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 211
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zawya.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F206 6 KB
4 KB 128ms
37ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 05 Nov 2021 06:19:07 GMT
expires: Sat, 05 Nov 2022 06:19:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.google.com/pagead/1p-user-list/927360938/ 42 B
548 B 117ms
43ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/927360938/?random=1636093147118&cv=9&fst=1636092000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgb31&sendb=1&frm=0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&tiba=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&async=1&fmt=3&is_vtc=1&random=1141223396&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/927360938/ 42 B
548 B 114ms
41ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/927360938/?random=1636093147118&cv=9&fst=1636092000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgb31&sendb=1&frm=0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&tiba=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&async=1&fmt=3&is_vtc=1&random=1141223396&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya202...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2237306%26time%3D1636093147189%26url%3Dhttps%253A%252F%252Fwww.zawya.com%252Fmena...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya202...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20...

0
155 B

380ms
184ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&liSync=true&e_ipv6=AQKlGJDRuMvX9AAAAXzuwDu4q4pgwfNewLt6wwSrasfXTOyfoR_rHcSlXOxP5pgqYe-yupoOEQ
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:08 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: TWJS1AyStBbgtI2GaSsAAA==

Redirect headers

date: Fri, 05 Nov 2021 06:19:08 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2237306&time=1636093147189&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&liSync=true&e_ipv6=AQKlGJDRuMvX9AAAAXzuwDu4q4pgwfNewLt6wwSrasfXTOyfoR_rHcSlXOxP5pgqYe-yupoOEQ
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: 9EHqvQyStBagzQJ28CoAAA==

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 164ms
58ms XHR
application/json 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20211105

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1dea60e8f5fa1a50a2b3e0f36c350bf194cf26b6679e6b5f3fa0ae8d457262b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11883
x-jsd-version: 1.0.1151
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19172-FRA, cache-mxp6977-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"69f-cUphny6gmjDK9VyJqsmFdPKmKTw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6a93f7fadb775a0d-MXP

GET
H/1.1 200
OK detect Show response
detect-survey.effectivemeasure.net/ 19 B
460 B 122ms
29ms XHR
application/json 2600:9000:20eb:8600:1f:612c:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://detect-survey.effectivemeasure.net/detect?
Requested by: Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1636
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8600:1f:612c:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: 703698fdddee88c290aad95747206c6aba8ad651f68172d2d52feedca0456d09

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 01 Nov 2021 02:03:20 GMT
Via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront)
Connection: keep-alive
Age: 360947
X-Powered-By: Express
X-Cache: Hit from cloudfront
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 19
X-Amz-Cf-Id: FzEa9OhWldLVFYUU43Z0wd3S2JbrrQYIPQ6lpB8XSJ-dQhJEsOY4NA==

GET
H/1.1 200
OK sync_pixels Show response
collector.effectivemeasure.net/ 2 B
308 B 110ms
28ms XHR
application/json 34.240.225.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.effectivemeasure.net/sync_pixels?pageURL=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&vt=2dc1d16f-93d0-4dd4-b7b8-c27393fd63c1-17ceec03975-14d3f777
Requested by: Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1636
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.225.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-225-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 / Express
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Nov 2021 06:19:07 GMT
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 2
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK pixel
collector.effectivemeasure.net/ 35 B
288 B 29ms
28ms Image
image/gif 34.240.225.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector.effectivemeasure.net/pixel?et=pageview&ed=&br=t&vn=b21b8ec&tz=0&pu=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&vt=2dc1d16f-93d0-4dd4-b7b8-c27393fd63c1-17ceec03975-14d3f777&vi=4694ad61-a046-446e-81e3-56fdcfdbd1e5-17ceec03987-61ca59de&du=0&dt=0&c1=1&c3=1&pc=1&db=0&pr=&tt=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&te=404&sh=1200&sw=1600
Requested by: Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.225.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-225-16.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Nov 2021 06:19:07 GMT
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 35
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK set Show response
collector.effectivemeasure.net/beacon/ 100 B
551 B 29ms
29ms Script
text/javascript 34.240.225.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://collector.effectivemeasure.net/beacon/set?cookies=%7B%22dmp%22%3A%221636093147641%22%7D&callback=cb1636093147124_2

Requested by

Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1636

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.225.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-225-16.eu-west-1.compute.amazonaws.com

Software

nginx/1.20.0 / Express

Resource Hash

40bbc8f9f67bdde729eac9febcc63cff40b1441e9fa4af76327e09b03ad3c60a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Nov 2021 06:19:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 95
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK set Show response
collector.effectivemeasure.net/beacon/ 97 B
653 B 48ms
30ms Script
text/javascript 34.240.225.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://collector.effectivemeasure.net/beacon/set?cookies=%7B%22gc%22%3A%22GB%22%2C%22mb%22%3A%220%22%7D&callback=cb1636093147124_3

Requested by

Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1636

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.225.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-225-16.eu-west-1.compute.amazonaws.com

Software

nginx/1.20.0 / Express

Resource Hash

3a1e47668259fc8b3b7d86125b7603c44fd06c4c181cf02e1f5d4788aee8691a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Nov 2021 06:19:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.20.0
X-Powered-By: Express
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 97
Expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 launchConfigs Show response
survey.effectivemeasure.net/ 2 B
122 B 99ms
99ms XHR
application/json 52.1.28.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://survey.effectivemeasure.net/launchConfigs
Requested by: Host: t.effectivemeasure.net
URL: https://t.effectivemeasure.net/tag.js?1636
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.28.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-28-182.compute-1.amazonaws.com
Software: / Express
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 05 Nov 2021 06:19:08 GMT
x-powered-by: Express
content-length: 2
content-type: application/json; charset=utf-8

OPTIONS
H2 204 launchConfigs
survey.effectivemeasure.net/ Frame 0
0 320ms
100ms Preflight 52.1.28.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://survey.effectivemeasure.net/launchConfigs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.28.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-28-182.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.zawya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 05 Nov 2021 06:19:07 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
675 B 162ms
123ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nz6pt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c8791bfc-9f5a-448e-b49c-398210cd45fd&tw_document_href=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 106
pragma: no-cache
last-modified: Fri, 05 Nov 2021 06:19:08 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 6f76be22f3ab2f05cd70c4ddaeecbd7f069bdbe8fd20d72bed954013370d1f99
x-transaction: ca602d6402c6b116
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
444 B 84ms
27ms XHR
text/plain 2a00:1450:4013:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-307554-1&cid=710002794.1636093147&jid=1177985338&gjid=1732269690&_gid=752636115.1636093147&_u=aCjAiEAjBAAAAG~&z=1688309899

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c00::9b Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 05 Nov 2021 06:19:08 GMT
content-type: text/plain
access-control-allow-origin: https://www.zawya.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
132 B 23ms
23ms Image
image/gif 2a00:1450:400e:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j93&a=471514208&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCjAiEAjBAAAAC~&jid=1177985338&gjid=1732269690&cid=710002794.1636093147&tid=UA-307554-1&_gid=752636115.1636093147&gtm=2wgb31NFSL2G&cd1=&cg1=&cg2=&cg3=&cg4=&cg5=&cd2=&cd3=&cd4=710002794.1636093147&cd5=&cd9=&cd10=&cd11=&cd12=&cd13=&cd14=&cd15=&cd16=&cd17=&cd18=&cd19=&cd20=&cd21=&cd22=&cd26=&cd27=&cd28=&cd29=0&cd30=https%3A&z=2074434538

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 03:03:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 11738
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
load.sumome.com/ 2 KB
2 KB 120ms
28ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumome.com/
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NFSL2G
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 9TB0ZWMS5XW9RFDZ
cdn-cachedat: 10/20/2021 17:30:27
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: qCvRVgs8ZItWbARVg2xSZF2S/c/PCVLYuwN5eXW2/MOyZd5AVkpZE11FZUE2srRIVkWk6GDbp8M=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 20 Oct 2021 15:30:25 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 0a0bd6afc0727b314b3451ef57dea20b
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK / Show response
www.zawya.com/mena/en/analytics/articles/50/ 4 KB
2 KB 185ms
185ms XHR
text/html 45.75.204.24
DIGITAL-REALTY-UK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.zawya.com/mena/en/analytics/articles/50/?path=all&section=all
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.0.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 45.75.204.24 Hoddesdon, United Kingdom, ASN49425 (DIGITAL-REALTY-UK, GB),
Reverse DNS
Software: Apache-Coyote/1.1 / JSP/2.2
Resource Hash: b5b6bb964937c21804cdd8d7edc3f3295a066b471d01a08cc0cb051a0a5751c3

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cteonnt-Length: 4131
Date: Fri, 05 Nov 2021 05:31:19 GMT
Content-Encoding: gzip
X-Expires-Orig: None
Server: Apache-Coyote/1.1
X-Powered-By: JSP/2.2
Content-Language: en
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, must-revalidate, private, private
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=600, max=20
Content-Length: 1375

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 45ms
43ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-307554-1&cid=710002794.1636093147&jid=1177985338&_u=aCjAiEAjBAAAAG~&z=963469429

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 43ms
43ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-307554-1&cid=710002794.1636093147&jid=1177985338&_u=aCjAiEAjBAAAAG~&z=963469429

Requested by

Host: www.zawya.com
URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 120ms
54ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 1ZQEWHAMVKQ7GYB9
cdn-cachedat: 08/11/2021 08:27:12
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: kmFKyXlcNfWRvLk73k8+XQ19wYCytEHCTISpCux9qKXgMmTWTauGgYuQX+XFo3SzIUCSissBAiY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:49 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 4928c6500240dae90f2f9f96e70645f3
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 95ms
29ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: TBY01K4HP9CGD4T8
cdn-cachedat: 08/11/2021 06:56:09
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: zxdeegSWyj0r5KeMe1/TVBrRHqZLd4efcDcAMD1YkADnK6T70g4ma5XkPClgzRKwYXb8pz26pBk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:50 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 8bea0603881610eab67545b37abd251b
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
165 B 38ms
38ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.zawya.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 29ms
28ms Script
application/javascript 2a00:1450:400e:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zawya.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
160 B 63ms
63ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3491288030683735&correlator=3651260145972911&output=ldjh&impl=fifs&eid=31063183%2C31062931&vrg=2021110201&ptt=17&sc=1&sfv=1-0-38&ecs=20211105&iu_parts=21857811890%2Cen.zcom&enc_prev_ius=%2F0%2F1%2F&prev_iu_szs=320x50&fluid=height&prev_scp=type%3Dnative_mini_text&cust_params=Environment%3Dprod&cookie=ID%3D3bc162e859209ae9%3AT%3D1636093146%3AS%3DALNI_MbvB_KY2HfwrsODmv9Tx811knB5Kg&bc=31&abxe=1&lmt=1636093148&dt=1636093148795&dlt=1636093144616&idt=2521&frm=20&biw=1600&bih=1200&oid=2&adxs=830&adys=647&adks=3238059808&ucis=3&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=575x348&msz=575x21&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=710002794.1636093147&ga_sid=1636093147&ga_hid=471514208&ga_fc=true&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0b997b0a3ed7be9de6c19a49de0dfe8bedc760aac84cca0f78d26b78e26ace4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zawya.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 80ms
31ms XHR
application/json 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211101&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40818d579722449c08058ee7f34ab8de2f312776d77d13bd5cde519aefab726c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 05 Nov 2021 06:19:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9141
x-xss-protection: 0

POST
H2 200 / Show response
sumo.com/api/load/ 954 B
1 KB 514ms
167ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

3da73ba6bf7cc8ca6a5c95397624620e0cc0265eb6faba1c325eb937af947e86

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 954

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 24ms
24ms Image
image/gif 2a00:1450:400e:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j93&a=471514208&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20ZAWYA%20MENA%20Edition&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=Percentage&el=Baseline%20Page%20Scrolled&_u=aCjAiEAjBAAAAG~&jid=&gjid=&cid=710002794.1636093147&tid=UA-307554-1&_gid=752636115.1636093147&gtm=2wgb31NFSL2G&cd1=&cg1=&cg2=&cg3=&cg4=&cg5=&cd2=&cd3=&cd4=710002794.1636093147&cd5=&cd9=&cd10=&cd11=&cd12=&cd13=&cd14=&cd15=&cd16=&cd17=&cd18=&cd19=&cd20=&cd21=&cd22=&cd26=&cd27=&cd28=&cd29=0&cd30=https%3A&z=496272314

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 03:03:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 11738
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 119ms
52ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 05 Nov 2021 06:19:09 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 72E1 12 KB
5 KB 29ms
29ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Fri, 05 Nov 2021 03:02:46 GMT
expires: Sat, 05 Nov 2022 03:02:46 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11783
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C780 783 B
951 B 41ms
40ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0757d83bc71642d54d4d8cd365fc431e11aa8cff3f3c3b2040d1af15006b63bb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nALHRulSmALlYctweJGCKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 05 Nov 2021 06:19:09 GMT
date: Fri, 05 Nov 2021 06:19:09 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-nALHRulSmALlYctweJGCKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 0jmaLa2Vi7bQBj1dGHpx_-l8OaoLSmLq4coDUffl6zA.js Show response
pagead2.googlesyndication.com/bg/ Frame 72E1 35 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0jmaLa2Vi7bQBj1dGHpx_-l8OaoLSmLq4coDUffl6zA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2399a2dad958bb6d0063d5d187a71ffe97c39aa0b4a62eae1ca0351f7e5eb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 04 Nov 2021 03:55:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13202
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 13:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Nov 2022 03:55:58 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C780 0
0 32ms
32ms Image
text/html 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211101&jk=3491288030683735&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
56 B 41ms
41ms Image
image/gif 2a00:1450:400e:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211101&jk=3491288030683735&bg=!Xl2lXRnNAAYH3anuB907ACkAdvg8Wk1Z40mtyLKEQ0vnzlTHfmhDO_HJ-LBsl_dcbVd3BWifwooGnQIAAABbUgAAAAhoAQcKAKhx5KMExwdmPKM15ybebiW6_a-GiVdBpaiA1ukZJmmSqAbhb_I4Sse76Ayk2n6zOFbIfBl-u4Okc1G_9F7l4JiN8xGD4mQJRuJK-EnD201FCAlUBwd162FTAwB09ma4smojx9lbAJTMp9HWduquXgPExn7LAZiXHRT5ndJXn8sViVjJO26I2FeGKyRSZtLOBD_dK2nwgx3vdmN56-N07cUSEXzMTZ00XZCZAqUxetXMPdGjc9qkzTDNps8li3Ob6SCDsX4DZ2kic-mRjKS5qW5Hy3Ma8fPN3KJC5xR0CYb6vGyBIVG2rWrTFggV_7xc1HOUdtX1MKnH30I-53dFVaEQmbij4yuJpaxVkXAdVSKaswp6Ea788Roo0sLgYMRHNfkywReDvyKT2L_VnAoIV4Q-UpNDxeI91VOpjXS5xjyT6l4i2CrZFXks_Ohm7uD2FkeQrDT8lT-a-aTBbQQG5RBqq44MaBQk8eQmeUVk64I5MHcbfcgY8fb1CzSlJqNcDAE18q9xdZ1PPcb3q9jpKGHA7-4knb2S84i1QWYXMl1thTZ0AuI_rvJHRH53_0IXE57JzoTfW9lO_7LS3r1c-RHhgut2aD81PxOsOuqnij-Nq9t_YOBj3CGsmeAaikFNp2pVu6nj818IIzmjC1qwnB_NWDPASKQTMZi7KdTgaZznK0MbhCttPyyXzpn5vYYJRNvjsqGMkpqaY7O-OoTZc6KErkfVUKmv1IQtdPi33FmqWzvA53yn3-wf3Esv4JoR8ks5aT8uUvMPj1YgkbJULcXS4c5IT2ofL3o2qNJ8rK1xRw7Lg6XDttMP1FpKAN9ECc8I3qeBc1UOSHG8y_SD-kop62lhXJSFrFxGY2Zy5pr8ilD0e2XVH5ozOrlG5MZ6HiNr78VanQlqiFMqUqfVACu3UZQGl5DUaWFXakqp34gG75-NNf-jcL1TI456B0mOZDTVd_xGNqV7HyM3PcFpKKxDmladTuXT5TJ9LA3hbxnwKbKqJQuz0GctTdNS3D3uA_C_-A9HhruBqP1FlgF_eNwzZrSObwhG9iU586nnsHoz5C5680muTXs28zTReWmUUYeW-fwfizWeGHbeJkJpEMcqUA7uV9Q1ZIfbtmzrIEAisQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:810::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Nov 2021 06:19:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 services Show response
sumo.com/ 65 KB
7 KB 204ms
203ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

eb5a2b685305287765532f7ff93e78d806997009003c6d3f5d0d3809ad7124d8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: LVTqyzA9GUNpxyl9QjSsNvaN
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 169ms
168ms Preflight 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Origin: https://www.zawya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Fri, 05 Nov 2021 06:19:09 GMT
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 28ms
27ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: CJCF7CW3MV8N7Q6G
cdn-cachedat: 08/11/2021 03:14:52
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: CNkELBse4Y593KQCSQRX1oicsKF7scX+YJuwfC6ldz4XD7H1DIWNNU10iOgfiLXPokfuDShuseU=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:47 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 3d09199d123202dd9633c40be79d62b6
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 32ms
30ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: N4YGPYHRDAC7QXZH
cdn-cachedat: 08/11/2021 01:00:42
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZyN3peb0mEdiK4szAABWta3Npp/s6aFp7SGneDOBlLz3RaDSa8Ho9RodM0lRLwgOOWsqwAYTQsw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:24 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 8f5d593a4caa5fd78aa677a13f4637c3
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 32ms
31ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: YBS2XEB4GWK751DG
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-10-05 11:42:59
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: N3Y+yWqjjd2CeAmbI5PBHgxAlF7pQQeYSH4+m+LUfa803cIHT/G0Acg0Fd5ve7gBOYqGi2VZPms=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:08 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 5d6442dbd6f72cc0b0351224f75ee41a
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 51ms
50ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: MER4KM6F7Q2JNQ5W
cdn-cachedat: 08/11/2021 07:29:34
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: E5dcQp/o1cIppfojsowKVOXW7ZUiiNp7ocDAMKJh6oiooddIklNQ5UOgh1R9uM2pZdkJYmHadl8=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:54 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: b42e6c63be61bf39d66dffcaf9b294df
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 32ms
31ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: SDRMZCHBH8JCG4EW
cdn-cachedat: 08/11/2021 01:39:03
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Mh4g/5w6u8Sn3oSvTIRlHjXYmlpmbUcVAuUhwYOrgj1kCeipGQke7R0i5izHPL985rLtaJBDcAk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 07324e4e610e927a48f958c31ae03b52
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 34ms
33ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 9XQCP7NW3WVDSYTB
cdn-cachedat: 08/11/2021 03:15:25
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ld40Pz0CH+lzXng12qFYRohEmnjI9dEBceKZ2sX+7mdR6hnYe912+QkcLiFlJd9TnthnETGE3YM=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 485fd3bf8f00be0e74afcbfffcbf8257
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 47ms
46ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: PC6V8XNR7Q61HHSG
cdn-cachedat: 08/11/2021 04:57:29
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZHXqsNODWdp8QMufVJkeNZ8Xe+OkUm7aygEJNy5f/FZIdtn7oJxkd0gh20eHC6PhK+QjRbS0Qac=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:09 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 8453bca9cbf870155451619f90002761
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 50ms
49ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: HA5WXKDDR49J14S5
cdn-cachedat: 08/11/2021 02:58:39
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: tdwIiEVSoIoFjCT91hbXGtcKx2WNNGkRfehwR63674L7CkYizIxkDrZIK4AWzM2dkDrPOU4IpNM=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:44 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: cce4ce8344173be4567cff5b58aa7c37
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 29ms
28ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 72BJV4V2M6106661
cdn-cachedat: 08/11/2021 06:53:00
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: geN8VZqyqgjzxGHn+iZxJjzqyPacwIfonJ7M/Gfx/SPZ8YbafYphswHvw0hJB5OpVkDQ305Tt6o=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:53 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 28bdb2ac4cfa658662f5b7e1e43c87f1
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
2 KB 30ms
29ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/1.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: b5d439b0a1670a4a56384b0b48fcdfabef6e8a5124683f32c6913d1fe22e9563

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: KNGER9VYJ4968MQE
cdn-cachedat: 08/11/2021 03:15:26
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 2fbtyuZLLsiSvOcxnHSAOrjWmp70wOaqXOxNyVgk2Z8XBaJVH2Saca3PPe6D9EJsgnZcl02XEJ4=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:53 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: beabe62b61cfb9c99b4b30187174db70
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 3.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
2 KB 30ms
29ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/3.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 9b9b439612eecd459a6edf2abfcf4ae252710e0069772b1b78c4970b3c0f1830

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: YRAW4A09YDM3DS75
cdn-cachedat: 08/11/2021 07:24:25
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: n6e65izEqr4Fqad3HNM23nAqpK/yyn7jxS1g2tymUzyMxPIHi0A+gBTpPbzU7ZUAWnUCmuparVo=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:16 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 4f5176e2e07f4a0481a6d533b87da859
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.0a035390359aab65eb82.js Show response
load.sumo.com/ 438 KB
129 KB 30ms
30ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/11.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: a73a98563485541039998520eaa3f1b8475e8da1f9ae414a74c73df0d5f24f8a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: NP7PJYZ7VB1AHHT7
cdn-cachedat: 08/11/2021 05:22:31
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: tbD3JfDTSOhNh0hgqCkQ4nh3fRfhO/gb5DGIQNXQPPxPMRoD4dpgLz/ne2zFmyNkABzZG+Zuw+M=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:00 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 1bcc29058018b6cd99f71a742690c745
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 15.0a035390359aab65eb82.js Show response
load.sumo.com/ 711 KB
53 KB 46ms
46ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/15.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: e146694637c659ec76a75f2f92253956460decf38696b9f77d825dde8308efaa

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 897ZEAZ6R2SA6Z61
cdn-cachedat: 08/11/2021 05:20:57
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ozWsOQWUqx0TPz6V6gVcpH84h103c1y0MdvoZ6WmNAhYb3SzW5QGEdB/xRHME64bi580Ybt+jFE=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:04 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: d7b7041ad4f5d9e3777804dd842db436
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 28ms
28ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ETN9Y2CB4JR36VS8
cdn-cachedat: 08/11/2021 06:56:51
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: hmfe8ryATIBRescEh6v33eH8sJ61l9gyYCWqjtX5MgK5uVzXNqi4XzjIlkZQAGWsnUd8ANzMelg=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:08 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 384ad9fdf7fbcc79d3d54843ac3c7727
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
958 B 31ms
31ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumome.com
URL: https://load.sumome.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:09 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: XX71XTHVAZ9WHXF5
cdn-cachedat: 08/11/2021 01:00:39
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: IrAr89qZVaMDRwNGV7DkBYLlhQduKqBlKagxiVs2XoSkMpsnw5sFcxxojABTLTuponGysrE/vDc=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:09 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 1402aa6deb8779e8da8de1e029828557
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

OPTIONS
H2 404 rpc
clients6.google.com/ Frame 0
0 90ms
23ms Preflight
text/html 2a00:1450:400e:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400e:803::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.zawya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1564
date: Fri, 05 Nov 2021 06:19:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ 31 KB
2 KB 105ms
37ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 05 Nov 2021 05:11:24 GMT
server: ESF
date: Fri, 05 Nov 2021 06:19:10 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Fri, 05 Nov 2021 06:19:10 GMT

GET
H2 200 shares.json Show response
api.bufferapp.com/1/links/ 130 B
442 B 463ms
403ms Script
text/javascript 104.16.138.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.bufferapp.com/1/links/shares.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&callback=jQuery1102009019774757334909_1636093148882&_=1636093148883

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.138.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

01bf88d7d23e1cb7a533640ff8977c1e25324a95ce870aac23fa12d04fef5ce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=43200
cf-ray: 6a93f80bdebf067e-LHR
etag: W/"82-vtuJFn1PgKhAV83cj7VwwgQDjvQ"
expires: Fri, 05 Nov 2021 18:19:10 GMT

GET
H2 200 / Show response
graph.facebook.com/ 252 B
687 B 152ms
70ms Script
text/javascript 2a03:2880:f007:1:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&callback=jQuery1102009019774757334909_1636093148884&_=1636093148885

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:1:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

74c1b1df3e0709eb57c3f56634d9cea8d6f4bbe94cbf9a9af50a652ab80b040c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004680218
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 193
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: dmRwbm3D/Mvqh/KtSNqzcHKVPCbusD/1LJ2uULDEjtEwLWlKaR8QX1FKX8DZNiOozB3CfmgH7sgLpRYQgiS8nQ==
x-fb-trace-id: HKLLjjD8iyL
date: Fri, 05 Nov 2021 06:19:10 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AfJYDkyk3BmrfS1QGu8al9r
cache-control: no-store
facebook-api-version: v5.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 links.getStats Show response
api.facebook.com/method/ 483 B
671 B 174ms
62ms Script
text/javascript 2a03:2880:f045:12:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://api.facebook.com/method/links.getStats?urls=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&format=json&callback=jQuery1102009019774757334909_1636093148886&_=1636093148887

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:12:face:b00c:0:2 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

745cb581996f1a46625ae4ef29dc37cf25384a488c0b967ef74754c6c7c11d8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: eG+ZsJgeGJPOl46y2Z2s3Rp/evyVk9rJemy8xArbI4sZENmjdBSo9yLIzjnkbmbkMsCENW4C+ENrWxonZLC2Aw==
content-encoding: br
vary: Accept-Encoding
x-fb-trace-id: HPW+Bsj9GyB
date: Fri, 05 Nov 2021 06:19:10 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
x-fb-request-id: AN_RQhp4akMX8i1dkRX-JOk
cache-control: private, no-cache, no-store, must-revalidate
x-fb-rev: 1004680218
facebook-api-version: v5.0
content-length: 308
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST rpc
clients6.google.com/ 0
0

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 177 B
375 B 234ms
172ms Script
application/javascript 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?callback=jQuery1102009019774757334909_1636093148888&source=6&url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&_=1636093148889

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

650963c70e656175dcee163a61f7aa5922251e6666f10d1c9b63c221247b4139

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
content-encoding: br
x-content-type-options: nosniff
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 65
accept-ranges: none
x-pinterest-rid: 5842999334669457
expires: Fri, 05 Nov 2021 06:34:10 GMT

GET
H2

200

button_info.json Show response
www.reddit.com/
Redirect Chain

https://reddit.com/button_info.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&jsonp=jQuery110200901977475...
https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&jsonp=jQuery11020090197...

168 B
573 B

121ms
120ms

Script
application/javascript

151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&jsonp=jQuery1102009019774757334909_1636093148890&_=1636093148891

Protocol

Server

151.101.1.140 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

ad617dd71ee46a3785f208544f3812650355b53c9d53cb5a6c7cd5964389a627

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zawya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-ratelimit-used: 3
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 168
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
x-clacks-overhead: GNU Terry Pratchett
server: snooserv
x-frame-options: SAMEORIGIN
date: Fri, 05 Nov 2021 06:19:10 GMT
x-ratelimit-remaining: 297
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset: 50
accept-ranges: bytes
expires: -1

Redirect headers

date: Fri, 05 Nov 2021 06:19:10 GMT
via: 1.1 varnish
x-content-type-options: nosniff
server: snooserv
accept-ranges: bytes
x-frame-options: SAMEORIGIN
location: https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.zawya.com%2Fmena%2Fen%2Fstory%2Fta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257%2F&jsonp=jQuery1102009019774757334909_1636093148890&_=1636093148891
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000; includeSubdomains
x-clacks-overhead: GNU Terry Pratchett
content-length: 0
x-xss-protection: 1; mode=block
retry-after: 0

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1fe4edda5de4ec9b6271e6be032020415b1af509d8ceecd7df03d5e203f1d08

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 480425f673e8844e1952eccea7a2651dec73b6812984de642a10b4cd0b0ec873

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1039a07452f27964d70b2b2f567739f91e21f39723f294411491598d16fa878

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c3f5cf2c61d78ed9af437532c775733d67779e0bbaaf221ac6d8ef52f543ee7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 204 features
sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/ Frame 0
0 171ms
170ms Preflight 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/features?site_id=b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://www.zawya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Fri, 05 Nov 2021 06:19:10 GMT
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H2 200 features Show response
sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/ 3 KB
1 KB 172ms
172ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/features?site_id=b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

7fc623333809fb206c4761e3352af6b466496060c3b6dde7f6b81e158f7fbfc7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
X-Sumo-Auth: LVTqyzA9GUNpxyl9QjSsNvaN

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
etag: "-474140197"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

GET
H2 200 features Show response
sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/ 3 KB
1 KB 171ms
171ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/features?site_id=b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

7fc623333809fb206c4761e3352af6b466496060c3b6dde7f6b81e158f7fbfc7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
X-Sumo-Auth: LVTqyzA9GUNpxyl9QjSsNvaN

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
etag: "-474140197"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/ Frame 0
0 171ms
170ms Preflight 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400/features?site_id=b84b5f0035ff1300b9a2f000fd5d8e0082a2d500c7b77000a181e9003bf9f400
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://www.zawya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Fri, 05 Nov 2021 06:19:10 GMT
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

POST
H2 200 jsonpcallback Show response
sumo.com/api/ 16 B
236 B 164ms
164ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/jsonpcallback

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 16

POST
H2 200 jsonpcallback Show response
sumo.com/api/ 16 B
236 B 165ms
165ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/jsonpcallback

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 16

POST
H2 200 jsonpcallback Show response
sumo.com/api/ 16 B
236 B 165ms
165ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/jsonpcallback

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zawya.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 Nov 2021 06:19:10 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zawya.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 16

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: clients6.google.com
URL: https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ

Verdicts & Comments Add Verdict or Comment

186 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257	1970-01-19 23:11:25	Name: __smVID Value: a0cd763cbbca5618550d9e9c5d59cb6757fadebfdbf357a2bed42665e5737700
collector.effectivemeasure.net/beacon	1970-01-20 07:06:37	Name: c3 Value: 1
collector.effectivemeasure.net/beacon	1970-01-20 07:06:37	Name: dmp Value: 1636093147641
collector.effectivemeasure.net/beacon	1970-01-20 07:06:37	Name: gc Value: GB
collector.effectivemeasure.net/beacon	1970-01-20 07:06:37	Name: mb Value: 0
.zawya.com/	1969-12-31 23:59:59	Name: citrix_ns_id Value: slzKBkOg1Lm95Ihjhx6qvMR9W/AA000
www.zawya.com/	1970-01-19 22:38:17	Name: __oagr Value: true
.zawya.com/	1970-01-20 15:59:25	Name: _ga Value: GA1.2.710002794.1636093147
.zawya.com/	1970-01-19 22:29:39	Name: _gid Value: GA1.2.752636115.1636093147
.zawya.com/	1970-01-19 22:28:13	Name: _gat_TRGlobal Value: 1
.doubleclick.net/	1970-01-20 07:49:49	Name: IDE Value: AHWqTUkE3Gx5OkyIQR0iOyQkXDWJvBS6cvhuQKVij7SrkgN9ZOUC6w5xvwBYLBx1
.zawya.com/	1970-01-20 07:49:49	Name: __gads Value: ID=3bc162e859209ae9:T=1636093146:S=ALNI_MbvB_KY2HfwrsODmv9Tx811knB5Kg
collector.effectivemeasure.net/	1970-01-20 07:06:37	Name: vt Value: 2dc1d16f-93d0-4dd4-b7b8-c27393fd63c1-17ceec03975-14d3f777
.zawya.com/	1970-01-20 07:06:37	Name: _em_vt Value: 2dc1d16f-93d0-4dd4-b7b8-c27393fd63c1-17ceec03975-14d3f777
.zawya.com/	1970-01-19 22:28:14	Name: _em_c3 Value: 1
.zawya.com/	1970-01-19 22:28:14	Name: _em_vi Value: 4694ad61-a046-446e-81e3-56fdcfdbd1e5-17ceec03987-61ca59de
.zawya.com/	1970-01-19 22:28:14	Name: _em_lt Value: 1636093147527
.zawya.com/	1970-01-19 22:28:14	Name: _em_ft Value: 1636093147527
.zawya.com/	1970-01-19 22:28:14	Name: _em_pc Value: 1
.zawya.com/	1970-01-20 07:06:37	Name: _em_dmp Value: 1636093147641
.zawya.com/	1970-01-20 07:06:37	Name: _em_gc Value: GB
.zawya.com/	1970-01-20 07:06:37	Name: _em_mb Value: 0
.linkedin.com/	1970-01-19 23:11:25	Name: UserMatchHistory Value: AQIKPvi8UIyL3QAAAXzuwDoB69DlnUadKI7DGVyGgB-ZlEMsak3n20DyBHjv9qT1W6xSbx2VOKROkA
.linkedin.com/	1970-01-19 23:11:25	Name: AnalyticsSyncHistory Value: AQLdfuLVGcE_YwAAAXzuwDoCZl07mwca70y9yYlzttSfT6nGAnrnjnwM1x34fc0Vx6_9cOaeT62zZ3SLxEfSOQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:00:06	Name: bcookie Value: "v=2&8f2a1032-415a-4083-89a1-efa29f3df50d"
.linkedin.com/	1970-01-19 22:29:39	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2161:u=1:x=1:i=1636093147:t=1636179547:v=2:sig=AQH48shiMRXPIGOeJBAZaa1IEOnpY8Tx"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 16:00:06	Name: bscookie Value: "v=1&2021110506190775eaf65e-5bfc-4929-8606-4b322a9e6655AQFcviZDqMKd00Kv3K_3UgGkznZKpZYX"
.linkedin.com/	1970-01-20 15:58:56	Name: li_gc Value: MTswOzE2MzYwOTMxNDc7MjswMjHSTFRJhDKgvJfGh+GQY11D0cPqNBLG1qcW4EuSvHp+ag==
.zawya.com/	1970-01-19 22:28:14	Name: _em_scf Value: []
.zawya.com/	1970-01-19 22:28:13	Name: _dc_gtm_UA-307554-1 Value: 1
.twitter.com/	1970-01-20 15:59:25	Name: personalization_id Value: "v1_QXvN29sE4K73aU6U+HD45w=="
www.zawya.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: ECnbtWjLF2dMk3elL85TGASS.undefined
www.zawya.com/	1970-01-20 07:13:49	Name: __smToken Value: LVTqyzA9GUNpxyl9QjSsNvaN
.reddit.com/	1970-01-20 15:59:25	Name: csv Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.zawya.com/mena/en/story/ta575_uses_squid_game_lures_to_distribute_dridex_malware-zawya20211104112257/ Message: Access to XMLHttpRequest at 'https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ' from origin 'https://www.zawya.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.co.uk
adservice.google.com
ajax.googleapis.com
analytics.twitter.com
api.bufferapp.com
api.facebook.com
cdn.jsdelivr.net
clients6.google.com
cmp.optad360.io
code.jquery.com
collector.effectivemeasure.net
detect-survey.effectivemeasure.net
f686c37acd81de0160de2ebedd3ef02e.safeframe.googlesyndication.com
fonts.googleapis.com
get.optad360.io
googleads.g.doubleclick.net
graph.facebook.com
load.sumo.com
load.sumome.com
pagead2.googlesyndication.com
partner.googleadservices.com
px.ads.linkedin.com
px4.ads.linkedin.com
reddit.com
rtbonecode.com
securepubads.g.doubleclick.net
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
sumo.com
survey.effectivemeasure.net
t.co
t.effectivemeasure.net
tpc.googlesyndication.com
widgets.pinterest.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.reddit.com
www.zawya.com
clients6.google.com
104.16.138.31
104.244.42.195
104.244.42.5
108.174.10.14
13.224.193.4
142.250.179.130
142.250.185.130
142.250.186.162
151.101.1.140
151.101.128.84
162.215.209.216
199.232.136.157
2001:4de0:ac18::1:a:1a
2600:9000:20eb:8600:1f:612c:5a80:93a1
2600:9000:21f3:400:6:b871:4f00:93a1
2600:9000:21f3:9400:11:a4de:2580:93a1
2606:4700::6810:5914
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:811::200a
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:400e:801::200e
2a00:1450:400e:802::2008
2a00:1450:400e:803::200e
2a00:1450:400e:80f::2002
2a00:1450:400e:80f::200a
2a00:1450:400e:810::2002
2a00:1450:4013:c00::9b
2a02:26f0:6c00::210:ba11
2a03:2880:f007:1:face:b00c:0:1
2a03:2880:f045:12:face:b00c:0:2
34.240.225.16
45.75.204.24
52.1.28.182
52.34.133.113
89.187.169.47
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01bf88d7d23e1cb7a533640ff8977c1e25324a95ce870aac23fa12d04fef5ce9
0757d83bc71642d54d4d8cd365fc431e11aa8cff3f3c3b2040d1af15006b63bb
08f88f89b254e7225db9269a045b8a5a97005b3751a172a883595b746a7ab2a8
099f02da66b7e577706a47f6f53d5d3bd681cfa2e798e88e5a87a89cc726d732
0b997b0a3ed7be9de6c19a49de0dfe8bedc760aac84cca0f78d26b78e26ace4e
1743b54e611ae08f0ddb89d8d1bc9ae7d78feacbd672c86a5f5bb3c1a582e05e
179454f00bafb599b0cfa7a2ab3279574ff2888177819515c4141392c84cd8d8
20384a04a8e00a1d7bccddf106451964105d6675e056989850243fc3c730eaf4
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
2b0f8526e7a1b0f1fb42e8acec3c1e7737a1a3065b773ebd13a492952f557967
2c83ffa05c8bf861d20fc6b860df04dea584324c4b6f0269e935eabe226afe76
325cd341e86387263a68056c847df8e7d91c449d6408739d77d3435abf3dea75
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
3a1e47668259fc8b3b7d86125b7603c44fd06c4c181cf02e1f5d4788aee8691a
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3da73ba6bf7cc8ca6a5c95397624620e0cc0265eb6faba1c325eb937af947e86
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
40818d579722449c08058ee7f34ab8de2f312776d77d13bd5cde519aefab726c
40bbc8f9f67bdde729eac9febcc63cff40b1441e9fa4af76327e09b03ad3c60a
43def099927bb599ce43ec7561871a2e423d139dd71426d89c5dbf735feabbcd
480425f673e8844e1952eccea7a2651dec73b6812984de642a10b4cd0b0ec873
49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4f2721fcaed5436f55432318b274d1542e96753b56c6ec6cdbd1c0fdd46bc66d
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50ad3a273dd7803066fae0fb2e4eec57cdfb969f449d86309527578d7e08d249
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
55aa0299a6b880ddee3b6e438a6e155730fca9eaf992e5e4ac105ca1de5f3312
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
56a185e348a38c4981a814a37cffc8259214a8ef88a6891db1c90614fb05e457
58975648a19c8904563928b9dc01b88095a8033a7408528bd5b6cbd0da11d564
59432971c1632c0e57a43e2669b1bb1517c036c2e7348c4a055aa07cdc62fab2
5ba9537e0c1e5cfbb549d3f57e73d578b61eecfe6cc2a455d70609b7ee376895
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
5ebcd2036fda2987f378934921f83a43229cb450feface3ab7470b13e06537a0
650963c70e656175dcee163a61f7aa5922251e6666f10d1c9b63c221247b4139
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
703698fdddee88c290aad95747206c6aba8ad651f68172d2d52feedca0456d09
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
738babc8ae57aadda3c4fc281b82fdb480c7f1005eb71cd7374bd7a45856ffa8
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
745cb581996f1a46625ae4ef29dc37cf25384a488c0b967ef74754c6c7c11d8f
74c1b1df3e0709eb57c3f56634d9cea8d6f4bbe94cbf9a9af50a652ab80b040c
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
7fc623333809fb206c4761e3352af6b466496060c3b6dde7f6b81e158f7fbfc7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
9745d78c19b91ab26895980fdfdc81997e0397d58446db33584e5e4de1435845
983ca6f337a4328882a226d3305efdbf650a69fe71d766e3471701ba712082b0
9b9b439612eecd459a6edf2abfcf4ae252710e0069772b1b78c4970b3c0f1830
9c3f5cf2c61d78ed9af437532c775733d67779e0bbaaf221ac6d8ef52f543ee7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a73a98563485541039998520eaa3f1b8475e8da1f9ae414a74c73df0d5f24f8a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad617dd71ee46a3785f208544f3812650355b53c9d53cb5a6c7cd5964389a627
b5b6bb964937c21804cdd8d7edc3f3295a066b471d01a08cc0cb051a0a5751c3
b5d439b0a1670a4a56384b0b48fcdfabef6e8a5124683f32c6913d1fe22e9563
bc946a7e8db4726ea20c3ce47afee52fd173c3484d6a15f985bf03d0bf9cfd57
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
be1c4031c965bdf06827008cc018d79cbed689468cd9be0e6810a56a5f6617d7
bfb21a3250a045e2c67342133c8eb45f690afab57b85c6adc795adf0be6c9b1c
c1039a07452f27964d70b2b2f567739f91e21f39723f294411491598d16fa878
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cc4feb3b606faa423fd10d09a2ad4ded3c43ff331e2121f280e2018864376ae4
d1aed1a73256347950e99c3aab2d74c2d742cacd0e1b11c2d1a491d16570436f
d1dea60e8f5fa1a50a2b3e0f36c350bf194cf26b6679e6b5f3fa0ae8d457262b
d2399a2dad958bb6d0063d5d187a71ffe97c39aa0b4a62eae1ca0351f7e5eb30
d9543efc140b0b4cb3b1e267e598a9f647360f29c96139e3d7098ab970b5cc6f
db2c77c5e90cdfc6da2c63fffba1987e761f759c15676561cae8023cc975c571
dd56d7b7843f5799cddab9827be73f65df1e319728ac47d591ef56a51618c987
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e146694637c659ec76a75f2f92253956460decf38696b9f77d825dde8308efaa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb5a2b685305287765532f7ff93e78d806997009003c6d3f5d0d3809ad7124d8
ed6faf844515d96cf2cd4de640e1bfd92f57dd593d9df983dd8ea770c238bc1d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1197ad6692c49220cea25673e76c0846a7669a005ac5772188376f069ce96c1
f1fe4edda5de4ec9b6271e6be032020415b1af509d8ceecd7df03d5e203f1d08
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
fa105293542faf80a140214fbe36ebceb317dec1db345278689f0760a63a3a43
fb0df6c15357ec8dc72eb074885489874da3d81ac76afdb89b80b7808481a3d4
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.zawya.com Open in urlscan Pro 45.75.204.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

114 Requests

96 %HTTPS

60 %IPv6

26 Domains

44 Subdomains

41 IPs

7 Countries

1978 kBTransfer

7667 kBSize

36 Cookies

24 Outgoing links

Redirected requests

114 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zawya.com Open in urlscan Pro
45.75.204.24 Public Scan

Screenshot
Live screenshot

Full Image

114
Requests

96 %
HTTPS

60 %
IPv6

26
Domains

44
Subdomains

41
IPs

7
Countries

1978 kB
Transfer

7667 kB
Size

36
Cookies

114 HTTP transactions
4 data transactions