www.itechpost.com Open in urlscan Pro
34.111.185.81  Public Scan

18 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

• https://platform.instagram.com/en_US/embeds.js HTTP 301
• https://www.instagram.com/embed.js HTTP 302
• https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js

Request Chain 33

• https://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
• https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js?ver=8.1.0

Request Chain 60

• https://googleads.g.doubleclick.net/pagead/id HTTP 302
• https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 139

• https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 HTTP 302
• https://s.cpx.to/ca.png?dsp=dbm&fid=b7d56aad-575c-4fd2-be94-85f5798d4588&google_gid=CAESEGE0H0Wq5h932O0dBjpzuyc&google_cver=1

Request Chain 140

• https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Db7d56aad-575c-4fd2-be94-85f5798d4588 HTTP 302
• https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Db7d56aad-575c-4fd2-be94-85f5798d4588 HTTP 302
• https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=F59ACAFF-EE4C-4C76-8CD7-AF3F0543349F&fid=b7d56aad-575c-4fd2-be94-85f5798d4588

Request Chain 142

• https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12967%26ref%3D%26url%3Dhttps%253A%252F%252Fwww.itechpost.com%252Farticles%252F105164%252F20210329%252Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm%26hn_ver%3D40%26fid%3Db7d56aad-575c-4fd2-be94-85f5798d4588 HTTP 307
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12967%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fwww.itechpost.com%25252Farticles%25252F105164%25252F20210329%25252Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm%2526hn_ver%253D40%2526fid%253Db7d56aad-575c-4fd2-be94-85f5798d4588 HTTP 302
• https://s.cpx.to/an_fire?app_nexus_uid=8931954487363159718&pid=12967&ref=&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&hn_ver=40&fid=b7d56aad-575c-4fd2-be94-85f5798d4588

Request Chain 150

• https://www.google.com/pagead/drt/ui HTTP 302
• https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 151

• https://www.google.com/pagead/drt/ui HTTP 302
• https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

186 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Show response www.itechpost.com/articles/105164/20210329/	55 KB 14 KB	247ms 216ms	Document text/html	34.111.185.81 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.185.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 81.185.111.34.bc.googleusercontent.com Software nginx / PHP/7.2.34 Resource Hash 9a4ba0eff2c48e5e81a43ec66808825b1f55a69c3906c592b11ed722e5a218c4 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 06 Dec 2022 02:57:06 GMT p3p CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC" server nginx vary Accept-Encoding via 1.1 google x-powered-by PHP/7.2.34
GET H2	200	main.css 1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/	31 KB 6 KB	53ms 11ms	Stylesheet text/css	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 61707bd20733daf3ce465ae24cd5250d334fdf29c193a598c4c103a71c928170 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLSoPLn/GjICAA x-accel-expires @1671188328 date Tue, 06 Dec 2022 02:57:06 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 12:47:05 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a4fc9-7bad" x-77-nzt-ray 6d204d119417ee7e82af8e63f3e04339 x-cache HIT content-type text/css x-77-cache HIT x-age 143898
GET H2	200	common_v056.js Show response 1126564489.rsc.cdn77.org/common/js/common/	7 KB 3 KB	55ms 14ms	Script application/javascript	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/common/common_v056.js?5xwc2g Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 564909ae57a774bce3a438e2df0cbe3f8794d33acf6715625e87cb06bfa31908 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQAKfv/GjICAA x-accel-expires @1671188328 date Tue, 06 Dec 2022 02:57:06 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 12:42:11 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a4ea3-1aeb" x-77-nzt-ray 6d204d119417ee7e82af8e63f0179039 x-cache HIT content-type application/javascript x-77-cache HIT x-age 143898
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.0/	87 KB 31 KB	38ms 7ms	Script text/javascript	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 18:20:26 GMT content-encoding gzip x-content-type-options nosniff age 31000 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31017 x-xss-protection 0 last-modified Wed, 10 Mar 2021 14:28:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 05 Dec 2023 18:20:26 GMT
GET H2	200	jquery.bxslider.min.js Show response 1126564489.rsc.cdn77.org/common/js/bxslider/	19 KB 5 KB	58ms 17ms	Script application/javascript	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/bxslider/jquery.bxslider.min.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash bb9e7dc822c6b7b95a6329932885c72ff2caf74b243fc1c40aca0e858123b83e Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLT5AXH/GjICAA x-accel-expires @1671188328 date Tue, 06 Dec 2022 02:57:06 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 12:35:49 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a4d25-4b9f" x-77-nzt-ray 6d204d119417ee7e82af8e638b78c239 x-cache HIT content-type application/javascript x-77-cache HIT x-age 143898
GET H2	200	jquery.cookie.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/	1 KB 1 KB	42ms 13ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:06 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 381042 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 591 last-modified Mon, 04 May 2020 16:11:45 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec1-514" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X4fgZYviQ1SaRlkrgevDdiUawBgMOCauIuUkmdw5Xum3IvYH304%2B7yTMcgfKI87Z9bguoEu%2FLnmoIEvBP8fwRcI5qAc22xzejAWXTeBaQIiTIRV9dKK7KaS3rbGBwn1TgXqUg5fHTAFbID3dpNHrhvRu"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7751c0926ce6bba4-FRA expires Sun, 26 Nov 2023 02:57:06 GMT
GET H2	200	jquery.lazyload.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/	3 KB 1 KB	42ms 14ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:06 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1138257 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1120 last-modified Mon, 04 May 2020 16:11:47 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec3-d35" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcBGDTihmBsk%2BYyJKY1ehRk8k6gyZOWlpgMpo2u8HmMLkBodes3wQc6PLHn05x5dsXz3w9wdBv8bdAvYrzxkxIGJyoZOH4BM%2FvoE0ojLjqxvGV67Jwr586YlbdeRY0Zwa42O7TtTSySnyWW994lyoHOe"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7751c0926ce7bba4-FRA expires Sun, 26 Nov 2023 02:57:06 GMT
GET H2	200	gpt.js Show response www.googletagservices.com/tag/js/	80 KB 27 KB	46ms 15ms	Script text/javascript	2a00:1450:4001:828::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 368efa57daae391de6f253828bf520217a86aa9f2e50d79a28e259fa746b769b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27555 x-xss-protection 0 server sffe etag "1413 / 568 of 1000 / last-modified: 1670286137" vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Tue, 06 Dec 2022 02:57:07 GMT
GET H2	200	prebid_sb_202110.js Show response 1126564489.rsc.cdn77.org/common/js/common/	184 KB 54 KB	48ms 41ms	Script application/javascript	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/common/prebid_sb_202110.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash b2cf31ca947be6dd3ff318d66b2a6eb397f2311490ea939ed9a663c7d5e729a4 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLSyW7T/zVsJAA x-accel-expires @1670718902 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 10:33:42 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a3086-2de66" x-77-nzt-ray 6d204d119417ee7e83af8e633dd1d100 x-cache HIT content-type application/javascript x-77-cache HIT x-age 613325
GET H2	200	script.js Show response powerad.ai/	205 KB 45 KB	321ms 103ms	Script application/javascript	54.152.172.136 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://powerad.ai/script.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.152.172.136 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-152-172-136.compute-1.amazonaws.com Software / Express Resource Hash d153afb10a18c7f29f5ea1ac2b483606bc60b8debf521db9d9fbe9ef3eb778c8 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip last-modified Mon, 05 Dec 2022 15:26:21 GMT x-powered-by Express etag W/"33468-184e2e52f31" vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=172800 access-control-allow-credentials true accept-ranges bytes access-control-allow-headers *
GET H2	200	logo-bg.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/	988 B 792 B	74ms 68ms	Image image/svg+xml	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/logo-bg.svg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 557032a003faee6bcbed4da18246e63a5075872a858ac1362f699d80e225027f Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQlfYP/K7IDAA x-accel-expires @1671090008 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 12:47:05 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a4fc9-3dc" x-77-nzt-ray 6d204d119417ee7e83af8e63cee57202 x-cache HIT content-type image/svg+xml x-77-cache HIT x-age 242219
GET H2	200	system-update-android-app-discovered-to-be-a-dangerous-spyware-to-steal-data-do-not-download.jpg 1401700980.rsc.cdn77.org/data/images/full/99211/	104 KB 105 KB	279ms 262ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/images/full/99211/system-update-android-app-discovered-to-be-a-dangerous-spyware-to-steal-data-do-not-download.jpg?w=983 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash f3ea2899334424faff61d8c143f630ff29fd41ee31999152c2343d854cbc77fd Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQdCPSh x-accel-expires @1670381827 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 37a81356066d90fa86578af60c791e8a x-77-nzt-ray 6d204d119417ee7e83af8e63c1e71703 content-type image/jpeg x-cache MISS cache-control max-age=86400, public x-77-cache MISS
GET H2	200	figure-15-16-the-fake-notification-and-communication-with-the-c-c-server.jpg 1401700980.rsc.cdn77.org/data/images/full/99212/	51 KB 51 KB	230ms 214ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/images/full/99212/figure-15-16-the-fake-notification-and-communication-with-the-c-c-server.jpg?w=600?w=650 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash a8b2d852b9df8fd357d641cfe1f14a3978ff4b36183e6d4025d5b0ce43f77581 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLRkeS2h x-accel-expires @1670381827 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 77fb24cca4867a752beb265e7d80c751 x-77-nzt-ray 6d204d119417ee7e83af8e635cf41403 content-type image/jpeg x-cache MISS cache-control max-age=86400, public x-77-cache MISS
GET H2	200	masonry.js Show response d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/	8 KB 2 KB	39ms 7ms	Script application/javascript	2600:9000:2240:3400:15:f55c:78c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/masonry.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2240:3400:15:f55c:78c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5f1c28ffb1740bddfdd440107f4ca8b4398f32166b5710e74832adb68d9a45b3 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 00:12:44 GMT content-encoding gzip via 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront) last-modified Tue, 08 Nov 2022 14:07:22 GMT server AmazonS3 x-amz-cf-pop FRA60-P1 age 10248 etag W/"ac347a20fe3c37cd97be494a273bc5b0" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id i1Xn22yrrsG-nsQ7TTAIzrFmO7dRE9EMcoRLlBF8kqYdh_Q9Jn4j8Q==
GET H2	200	itechpost.com.1119397.js Show response jsc.mgid.com/i/t/	2 KB 1 KB	52ms 15ms	Script text/javascript	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jsc.mgid.com/i/t/itechpost.com.1119397.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 397934db0353a261358218af2685cf048ff56622cd6392a86a692b92677f9e68 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT x-amz-version-id MMb7U7rK0zZshyf6HBJ5HoR6VP_hoXJI content-encoding br cf-cache-status HIT x-amz-request-id KD2WJGK7N3Y1XBRE age 5214 cf-polished origSize=2344 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 xdkOpfobhk+Mtp0gLVGV82Loq/QmWYCA06Y7J2WOjaIa7oxjMjba6aUKKAN7iKn+5lEC5+Bys8o= cf-bgj minify last-modified Wed, 23 Nov 2022 11:45:44 GMT server cloudflare etag W/"2d97bebf325bc828b5d3c70a24143082" vary Accept-Encoding content-type text/javascript cache-control public, max-age=10800 cf-ray 7751c092f89f9152-FRA expires Tue, 06 Dec 2022 05:57:07 GMT
GET H2	200	raackspace-technology-signage.jpeg 1401700980.rsc.cdn77.org/data/thumbs/full/110335/90/77/50/40/	3 KB 3 KB	75ms 59ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110335/90/77/50/40/raackspace-technology-signage.jpeg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 08f0b48c44cb5358eff17e2273f13747b88e405e49389b45900f9147becb8f15 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLS4Ggf/utEAAA x-accel-expires @1670328137 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 7d0e843daaffa5cf26292e1dab5bfc41 x-77-nzt-ray 6d204d119417ee7e83af8e63c9231a03 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 53690
GET H2	200	android-malware.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110350/90/77/50/40/	4 KB 4 KB	75ms 60ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110350/90/77/50/40/android-malware.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 5fec7f212e12071211f14b3ba8332afe43b96d387abd185d4273e8a01e2b8063 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQcWxb/+EsAAA x-accel-expires @1670362379 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 41997158ad46ced55a56a7b18c0c50b9 x-77-nzt-ray 6d204d119417ee7e83af8e63fddfa803 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 19448
GET H2	200	windows-discovers-new-malware-that-uses-mobile-phone-scans-to-steal-data.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110313/90/77/50/40/	3 KB 4 KB	75ms 60ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110313/90/77/50/40/windows-discovers-new-malware-that-uses-mobile-phone-scans-to-steal-data.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 624228de3aaa064ad12eda3b43d1aeaf4e48198a10c3ad570c5f3e759452c67d Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLS76PX/utEAAA x-accel-expires @1670328137 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 3088236860e69ef30b4844c323d6ab89 x-77-nzt-ray 6d204d119417ee7e83af8e63d6cb5903 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 53690
GET H2	200	streaming-services.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110285/90/77/50/40/	4 KB 5 KB	62ms 60ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110285/90/77/50/40/streaming-services.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash b64e5a23dabc0bc152cebd25ddf6c4e703c16e894ea80bd7f1cdee2f5b5e4da8 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLR6SrL/utEAAA x-accel-expires @1670328137 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag ed00299ee3c2e61133f5020ff43fbacf x-77-nzt-ray 6d204d119417ee7e83af8e63a5c81904 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 53690
GET H2	200	13839.jfif file.datahubpoint.com/files/	47 KB 47 KB	166ms 125ms	Image image/jpeg	34.160.16.117 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://file.datahubpoint.com/files/13839.jfif?width=502&height=301&bgc=ffffff Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.160.16.117 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 117.16.160.34.bc.googleusercontent.com Software / Resource Hash 78e7d807c9dd44ecc1d8cb9524665a57087afae35c32d1e43c78b9e097e285a8 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-content-type-options nosniff vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers x-frame-options DENY content-type image/jpeg cache-control no-cache, no-store, max-age=0, must-revalidate content-disposition inline;filename=f.txt accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 47771 x-xss-protection 1; mode=block expires 0
GET H2	200	13804.png file.datahubpoint.com/files/	6 KB 6 KB	173ms 133ms	Image image/png	34.160.16.117 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://file.datahubpoint.com/files/13804.png?width=502&height=301&bgc=ffffff Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.160.16.117 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 117.16.160.34.bc.googleusercontent.com Software / Resource Hash 6c944c4f7f50c6374a9a341fe8325c64826aab3dc1a60b0df1ba4234ba99fa92 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-content-type-options nosniff x-frame-options DENY vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-type image/png cache-control no-cache, no-store, max-age=0, must-revalidate accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5686 x-xss-protection 1; mode=block expires 0
GET H2	200	14013.png file.datahubpoint.com/files/	5 KB 5 KB	165ms 134ms	Image image/png	34.160.16.117 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://file.datahubpoint.com/files/14013.png?width=502&height=301&bgc=ffffff Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.160.16.117 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 117.16.160.34.bc.googleusercontent.com Software / Resource Hash cae5a664e26e851d76d52d10872cd7b11d360a5a7de3cdd48019a189b9529b32 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-content-type-options nosniff x-frame-options DENY vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-type image/png cache-control no-cache, no-store, max-age=0, must-revalidate accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4996 x-xss-protection 1; mode=block expires 0
GET H2	200	13768.png file.datahubpoint.com/files/	3 KB 3 KB	159ms 132ms	Image image/png	34.160.16.117 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://file.datahubpoint.com/files/13768.png?width=502&height=301&bgc=ffffff Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.160.16.117 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 117.16.160.34.bc.googleusercontent.com Software / Resource Hash 023645899809e5f33a4e88a4cd45f334c6d14d1e91389942748fe0cfe9761603 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-content-type-options nosniff x-frame-options DENY vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-type image/png cache-control no-cache, no-store, max-age=0, must-revalidate accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3453 x-xss-protection 1; mode=block expires 0
GET H2	200	googles-new-update-brings-promised-clear-calling-free-vpn-features-to-the-pixel-7-series.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110364/502/301/50/40/	30 KB 30 KB	150ms 148ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110364/502/301/50/40/googles-new-update-brings-promised-clear-calling-free-vpn-features-to-the-pixel-7-series.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash b30174fa9c15d72740265deff7ed4f35fb9d0ba1647ec2be8bb9b2045efaa482 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLTLqIqh x-accel-expires @1670381827 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 61155a7e5f1b458c34931759527cb17d x-77-nzt-ray 6d204d119417ee7e83af8e6391180e05 content-type image/jpeg x-cache MISS cache-control max-age=86400, public x-77-cache MISS
GET H2	200	sam-bankman-fried.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110353/502/301/50/40/	29 KB 29 KB	17ms 14ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110353/502/301/50/40/sam-bankman-fried.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 614f0cda86f252c9e54a0fb876f19735234dcbd012274cb893624fd1a0d000dc Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQ9xfX/Dp4AAA x-accel-expires @1670341365 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag 2b5176fe4f3a6dcfe71c4fd0ed3d1ffb x-77-nzt-ray 6d204d119417ee7e83af8e63302c1305 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 40462
GET H2	200	carl-pei.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110360/502/301/50/40/	55 KB 55 KB	18ms 16ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110360/502/301/50/40/carl-pei.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 69b38ff8150c5636f3461cffb29adf306c0202fd79f124f8029ba065ce2c62a0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLS6ggb/Dp4AAA x-accel-expires @1670341365 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag b6628f4844d81a767a9b73eed7745ce2 x-77-nzt-ray 6d204d119417ee7e83af8e636aa18c05 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 40462
GET H2	200	apple-s-mass-shipment-of-its-mixed-reality-headsets-might-get-delayed.jpg 1401700980.rsc.cdn77.org/data/thumbs/full/110354/502/301/50/40/	34 KB 34 KB	21ms 19ms	Image image/jpeg	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1401700980.rsc.cdn77.org/data/thumbs/full/110354/502/301/50/40/apple-s-mass-shipment-of-its-mixed-reality-headsets-might-get-delayed.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / PHP/7.2.34 Resource Hash 92799f2b8dfa47597ec2e4ab5204b4692c52e2f038c7a0322ecb0621948fde99 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLTj11D/Dp4AAA x-accel-expires @1670341365 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google x-77-pop frankfurtDE server CDN77-Turbo x-powered-by PHP/7.2.34 etag c36fcc891db74440e47bdcd7053af947 x-77-nzt-ray 6d204d119417ee7e83af8e63fb7caa05 content-type image/jpeg x-cache HIT cache-control max-age=86400, public x-77-cache HIT x-age 40462
GET H2	200	logo-plain.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/	946 B 779 B	71ms 68ms	Image image/svg+xml	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/logo-plain.svg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 91720d5f29a186fa3424b027d75e9a4c72186128cf924c426a0d255004257dff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLTu7N3/K7IDAA x-accel-expires @1671090008 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 12:41:03 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a4e5f-3b2" x-77-nzt-ray 6d204d119417ee7e83af8e63d9047f02 x-cache HIT content-type image/svg+xml x-77-cache HIT x-age 242219
GET H2	200	script.js Show response 1126564489.rsc.cdn77.org/static/common/_v2.0.0/js/	5 KB 2 KB	12ms 12ms	Script application/javascript	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/js/script.js?5xwc2g Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 04780fc935ae5eb239dcc0a25751c16492b60edf7aa5535e9644b66e9107787c Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLSfoX//H1wAAA x-accel-expires @1671308643 date Tue, 06 Dec 2022 02:57:06 GMT via 1.1 google content-encoding br last-modified Sun, 04 Dec 2022 19:26:34 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"638cf46a-1463" x-77-nzt-ray 6d204d119417ee7e82af8e63a4c3673b x-cache HIT content-type application/javascript x-77-cache HIT x-age 23583
GET H2	200	badge.gif static.getclicky.com/media/links/	241 B 381 B	15ms 13ms	Image image/gif	2606:4700::6810:a010 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://static.getclicky.com/media/links/badge.gif Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700::6810:a010 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c93b5f9c2d83611b9a9ba0333b0b499b385cdce2aee9edaac6daf8a134cf5555 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers expires Tue, 06 Dec 2022 07:08:33 GMT date Tue, 06 Dec 2022 02:57:07 GMT cf-cache-status HIT last-modified Wed, 13 Apr 2016 00:13:35 GMT server cloudflare age 589714 etag "570d8f2f-f1" vary Accept-Encoding content-type image/gif cache-control max-age=604800 accept-ranges bytes cf-ray 7751c0934d8d6940-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 241 x-proxy-cache HIT
GET H2	200	js Show response static.getclicky.com/	15 KB 5 KB	43ms 13ms	Script text/javascript	2606:4700::6810:a010 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.getclicky.com/js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700::6810:a010 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f164b7d1707684b6749eb2f5154c84883cb9ec621dca72fc5147772b3c4237ff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers expires Thu, 08 Dec 2022 16:41:15 GMT date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 01 Dec 2022 16:41:15 GMT server cloudflare age 382552 vary Accept-Encoding, Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=604800 cf-ray 7751c092fd1a6940-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-proxy-cache HIT
GET H2	200	counter_ssl.js Show response 1126564489.rsc.cdn77.org/common/js/stat/	743 B 605 B	19ms 12ms	Script application/javascript	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://1126564489.rsc.cdn77.org/common/js/stat/counter_ssl.js?v=11 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 08895426c0d9a9330b4b4988d244fb0f964082f78b8a929db01792481c508e49 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQVwNX/K7IDAA x-accel-expires @1671090008 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 10:33:42 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a3086-2e7" x-77-nzt-ray 6d204d119417ee7e83af8e6334187e00 x-cache HIT content-type application/javascript x-77-cache HIT x-age 242219
GET H3	200	ab12745d93c5.js Show response www.instagram.com/static/bundles/es6/EmbedSDK.js/ Redirect Chain https://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js	15 KB 5 KB	20ms 9ms	Script text/javascript	2a03:2880:f21c:80e5:face:b00c:0:4420 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Server 2a03:2880:f21c:80e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 28 Nov 2022 02:58:47 GMT content-encoding br etag "ab12745d93c5" vary Accept-Encoding content-type text/javascript access-control-allow-origin * edge-control max-age=1209600, no-transform cache-control public,max-age=31536000,immutable cross-origin-resource-policy cross-origin content-length 4843 priority u=3,i Redirect headers date Tue, 06 Dec 2022 02:57:07 GMT x-fb-trip-id 1679558926 x-ig-origin-region cln content-type text/html; charset=utf-8 location https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js cache-control max-age=21600 alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	request.js Show response script.anura.io/	55 KB 20 KB	188ms 134ms	Script application/javascript	52.56.141.12 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/request.js?instance=2238638024&source=itechpost&campaign=tech%2Farticles&exid=anura_itechpost_1523871386895&callback=_anuraResFun&911487581622 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.56.141.12 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-56-141-12.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash 7acdaf6bc7daf9fceef2da6620c5cc294610989384ddf70806ff06eaaa1c07b0 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 expires Sun, 28 Dec 1980 18:57:00 EST
GET H2	200	apstag.js Show response d3div1mtym39ic.cloudfront.net/aax2/ Redirect Chain https://c.amazon-adsystem.com/aax2/apstag.js https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js?ver=8.1.0	178 KB 40 KB	39ms 11ms	Script application/javascript	2600:9000:2240:2200:11:1ed0:3900:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js?ver=8.1.0 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Server 2600:9000:2240:2200:11:1ed0:3900:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:14:11 GMT content-encoding br via 1.1 142ded88048f806cc40a5a225130cc8a.cloudfront.net (CloudFront) last-modified Wed, 09 Nov 2022 20:51:50 GMT server AmazonS3 x-amz-cf-pop FRA60-P1 age 2577 x-amz-server-side-encryption AES256 etag W/"e675a6dfe90787fca79a6c96fd29c2d8" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control public, max-age=3600 x-amz-cf-id A3qcxe-jdOF3ebauHMRRqgiFs2eLDotHRwZo2nWSnRSD5-OEWxF7Ow== Redirect headers date Tue, 06 Dec 2022 00:42:32 GMT via 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront), 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront) server CloudFront x-amz-cf-pop FRA60-P1, FRA60-P1 age 8075 x-cache Hit from cloudfront content-type text/html location https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js?ver=8.1.0 content-length 167 x-amz-cf-id FPrK_8LHpj2YAvcUjuOdhuezejqkZ44HJRCC0Vb7yKofhfzDAjAvAg==
GET H2	200	search.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/	244 B 461 B	71ms 69ms	Image image/svg+xml	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/search.svg Requested by Host: 1126564489.rsc.cdn77.org URL: https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash eae594adb80377b9a40c39ccf578596d245c4000865a828828b83eebc243d9a0 Request headers accept-language de-DE,de;q=0.9 Referer https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLQa+NX/KbIDAA x-accel-expires @1671090010 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 17:01:48 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a8b7c-f4" x-77-nzt-ray 6d204d119417ee7e83af8e634fb0bb02 x-cache HIT content-type image/svg+xml x-77-cache HIT x-age 242217
GET H2	200	rightarrow.svg 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/	164 B 415 B	71ms 69ms	Image image/svg+xml	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/icon/rightarrow.svg Requested by Host: 1126564489.rsc.cdn77.org URL: https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 7158e27404d825c655c338d5490b7c42cfe862f4500f0238107be56aa29f4557 Request headers accept-language de-DE,de;q=0.9 Referer https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLRfbJj/KbIDAA x-accel-expires @1671090010 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google content-encoding br last-modified Tue, 08 Nov 2022 12:34:44 GMT server CDN77-Turbo x-77-pop frankfurtDE etag W/"636a4ce4-a4" x-77-nzt-ray 6d204d119417ee7e83af8e6332c5c602 x-cache HIT content-type image/svg+xml x-77-cache HIT x-age 242217
GET H2	200	Y8h3Dqb5dQQ Show response www.youtube.com/embed/ Frame F5BB	68 KB 28 KB	111ms 71ms	Document text/html	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 8db0d5ba75feef1066a45f80b1c0706f0ca7db8c7d8407843623b844c3c93d13 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.itechpost.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding br content-type text/html; charset=utf-8 cross-origin-opener-policy-report-only same-origin; report-to="youtube_main" cross-origin-resource-policy cross-origin date Tue, 06 Dec 2022 02:57:07 GMT expires Mon, 01 Jan 1990 00:00:00 GMT p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info." permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=* pragma no-cache report-to {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} server ESF strict-transport-security max-age=31536000 vary Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-content-type-options nosniff x-xss-protection 0
GET H2	200	v3.min.css d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/assets/css/	445 KB 59 KB	9ms 8ms	Stylesheet text/css	2600:9000:2240:3400:15:f55c:78c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/assets/css/v3.min.css Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2240:3400:15:f55c:78c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 13b4e13ffc585e1665c16b54a1226181ac1a03fce5f8963ae27d33e96131fde3 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 13:53:16 GMT content-encoding br via 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront) last-modified Mon, 12 Sep 2022 11:15:19 GMT server AmazonS3 x-amz-cf-pop FRA60-P1 age 47037 etag W/"702e320b90be11545eb9b34c106e3072" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css x-amz-cf-id fEzFvP8GMneV4qGHrjXN9aJfXM_Ht0n8pKK0llYFaNRm8T04byvOmQ==
GET H/1.1	200 OK	tech-times-jobs Show response partner-api.jobbio.com/channels/	845 B 1 KB	141ms 53ms	XHR application/json	63.32.161.232 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://partner-api.jobbio.com/channels/tech-times-jobs?widgets=true Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-32-161-232.eu-west-1.compute.amazonaws.com Software gunicorn / Resource Hash 274ffdfac69a7bf912b4585ee0ffe845a0823e85ba28c3c5ed41dc1998761aa4 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Accept */* Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Tue, 06 Dec 2022 02:57:07 GMT Via 1.1 vegur X-Content-Type-Options nosniff Referrer-Policy same-origin Server gunicorn X-Frame-Options DENY Vary Accept, Origin, Cookie Content-Type application/json Allow GET, DELETE, HEAD, OPTIONS Access-Control-Allow-Origin * Connection keep-alive Content-Length 845
GET H/1.1	200 OK	feed Show response partner-api.jobbio.com/channels/tech-times-jobs/	4 KB 4 KB	555ms 554ms	XHR application/json	63.32.161.232 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://partner-api.jobbio.com/channels/tech-times-jobs/feed?search=&page_size=4&source=tech-times-jobs_masonry_jobs_widget&widgets=true&page=https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-32-161-232.eu-west-1.compute.amazonaws.com Software gunicorn / Resource Hash 3eff2b11cfeda56bde5218c2be38120dc1cf6a19dd0be64dfd7ae5f6216dcc9e Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Accept */* Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Tue, 06 Dec 2022 02:57:07 GMT Via 1.1 vegur X-Content-Type-Options nosniff Referrer-Policy same-origin Server gunicorn X-Frame-Options DENY Vary Accept, Origin, Cookie Content-Type application/json Allow GET, HEAD, OPTIONS Access-Control-Allow-Origin * Connection keep-alive Content-Length 3608
GET H2	200	graphic-newsletter.png 1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/	1 KB 1 KB	12ms 11ms	Image image/png	2a02:6ea0:c700::22 CDN77 ^_^
General Check archive.org Show headers Download Go to Show image Full URL https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/img/graphic-newsletter.png Requested by Host: 1126564489.rsc.cdn77.org URL: https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 1a8e5a1f2e5abe980eb10ea6b6b8e298d0e3fb6e0db159357331b3be01cc7b49 Request headers accept-language de-DE,de;q=0.9 Referer https://1126564489.rsc.cdn77.org/static/common/_v2.0.0/css/main.css?v=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-77-nzt AdRmOLSGXo//xaQAAA x-accel-expires @1671290046 date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google last-modified Sun, 04 Dec 2022 19:22:35 GMT server CDN77-Turbo x-77-pop frankfurtDE etag "638cf37b-448" x-77-nzt-ray 6d204d119417ee7e83af8e6315aeeb0b x-cache HIT content-type image/png x-77-cache HIT x-age 42181 accept-ranges bytes content-length 1096
GET H3	200	www-player.css www.youtube.com/s/player/dab28f34/ Frame F5BB	360 KB 49 KB	24ms 8ms	Stylesheet text/css	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/dab28f34/www-player.css Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1c8fb02f68e820bfcc5da89d05e5903e066828ef585e86d69b585af69f21216e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 01 Dec 2022 16:01:34 GMT content-encoding br x-content-type-options nosniff age 384933 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 49849 x-xss-protection 0 last-modified Thu, 01 Dec 2022 01:20:18 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Fri, 01 Dec 2023 16:01:34 GMT
GET H3	200	www-embed-player.js Show response www.youtube.com/s/player/dab28f34/www-embed-player.vflset/ Frame F5BB	314 KB 97 KB	32ms 17ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/dab28f34/www-embed-player.vflset/www-embed-player.js Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9e266c87ad4ccde16ed22725e4369cbcb9522ad41233d435a2e5636f463907b2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 19:27:02 GMT content-encoding br x-content-type-options nosniff age 27005 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 99243 x-xss-protection 0 last-modified Thu, 01 Dec 2022 01:20:18 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 05 Dec 2023 19:27:02 GMT
GET H3	200	base.js Show response www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/ Frame F5BB	2 MB 581 KB	34ms 20ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a0077104b1b55275d05d2145b919de45c577efed5771b80ac3eef43fb961edd3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 01 Dec 2022 16:01:33 GMT content-encoding br x-content-type-options nosniff age 384934 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 594741 x-xss-protection 0 last-modified Thu, 01 Dec 2022 01:20:18 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Fri, 01 Dec 2023 16:01:33 GMT
GET H3	200	fetch-polyfill.js Show response www.youtube.com/s/player/dab28f34/fetch-polyfill.vflset/ Frame F5BB	9 KB 3 KB	21ms 7ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/dab28f34/fetch-polyfill.vflset/fetch-polyfill.js Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 18:44:30 GMT content-encoding br x-content-type-options nosniff age 29557 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2786 x-xss-protection 0 last-modified Thu, 01 Dec 2022 01:20:18 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 05 Dec 2023 18:44:30 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame F5BB	15 KB 16 KB	50ms 5ms	Font font/woff2	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.youtube.com/ Origin https://www.youtube.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Fri, 02 Dec 2022 11:55:05 GMT x-content-type-options nosniff age 313322 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 02 Dec 2023 11:55:05 GMT
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v18/ Frame F5BB	15 KB 15 KB	52ms 6ms	Font font/woff2	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.youtube.com/ Origin https://www.youtube.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 22:21:19 GMT x-content-type-options nosniff age 16548 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15552 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:33:02 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 05 Dec 2023 22:21:19 GMT
GET H2	200	quant.js Show response secure.quantserve.com/	25 KB 10 KB	96ms 24ms	Script application/javascript	2620:116:800d:21:e365:4988:e8a7:3270 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://secure.quantserve.com/quant.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 275094aa5d73cd24d848e78f0c41c33d9fd61a09d97b9976e5e707dfd24ada00 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip etag "nAbmxtqHqaYrwBiADJAeFg==" vary Accept-Encoding content-type application/javascript cache-control private, max-age=604800 accept-ranges bytes expires Tue, 13 Dec 2022 02:57:07 GMT
GET H2	200	beacon.js Show response sb.scorecardresearch.com/	4 KB 2 KB	68ms 5ms	Script application/javascript	13.32.121.17 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sb.scorecardresearch.com/beacon.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.17 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-17.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 13:45:34 GMT content-encoding gzip via 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront) last-modified Tue, 28 Jun 2022 13:19:23 GMT server AmazonS3 x-amz-cf-pop FRA60-P1 age 47494 x-amz-server-side-encryption AES256 etag W/"eaf85c1c6758e84acfe134efd70e9373" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=86400 x-amz-cf-id sdMzuc0DlMA9F9f7Mlj_jLq4za_TPXxQimpTWmktyVnyGOAF7VvHtg==
GET H2	200	counter_gif.gif stat.itechpost.com/stat/	180 B 180 B	180ms 126ms	Image image/gif	35.190.31.133 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://stat.itechpost.com/stat/counter_gif.gif?article_id=105164&w=1600&h=1200&ref= Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.31.133 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 133.31.190.35.bc.googleusercontent.com Software nginx/1.14.2 / PHP/7.2.18 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-type image/gif date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 google server nginx/1.14.2 x-powered-by PHP/7.2.18 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
GET H2	200	js Show response www.googletagmanager.com/gtag/	109 KB 43 KB	65ms 19ms	Script application/javascript	2a00:1450:4001:800::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-31773140-1 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4d5f34e8bbcc04dc787db97d27b539e26663d312727b1897116885f12fabf5cb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 43590 x-xss-protection 0 last-modified Tue, 06 Dec 2022 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 06 Dec 2022 02:57:07 GMT
GET H2	200	pubads_impl_2022120101.js Show response securepubads.g.doubleclick.net/gpt/	384 KB 131 KB	57ms 8ms	Script text/javascript	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c0b59c362ae740c391e742fa4517d90b9461b416b9bec855d14c04603dbaf71c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 21:21:19 GMT content-encoding gzip x-content-type-options nosniff age 20148 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 133241 x-xss-protection 0 last-modified Thu, 01 Dec 2022 09:36:23 GMT server sffe vary Accept-Encoding report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} content-type text/javascript cache-control public, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" expires Tue, 05 Dec 2023 21:21:19 GMT
GET H2	200	ppub_config Show response securepubads.g.doubleclick.net/pagead/	159 B 725 B	62ms 16ms	XHR application/json	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.itechpost.com Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c1e2d588b13cce318253fbb1891a9447e0ea6537cb4ab2b8cac5ef9ed697fa5e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control private, max-age=3600, stale-while-revalidate=3600 cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 90 x-xss-protection 0 expires Tue, 06 Dec 2022 02:57:07 GMT
GET H3	200	itechpost.com.1119397.es6.js Show response jsc.mgid.com/i/t/	269 KB 77 KB	227ms 213ms	Script text/javascript	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash abd6a21897024f4eaa452094f30a8e2a69d4ac7299a2c4464bebe08a85d462d0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT x-amz-version-id 3QIJEQL3UlS7oh6mYvATYphU3vVSHamt content-encoding br cf-cache-status HIT x-amz-request-id N369XV91JY66386H cf-polished origSize=275058 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 xcpmG1CicvmnNPfTQAup+NQKpLbfH7SYJKsTvR7LekOmo/Q+25z6pFKIRicUJN4ntUOGKbI36UM= cf-bgj minify last-modified Wed, 23 Nov 2022 11:45:44 GMT server cloudflare etag W/"c033a7ff30fc108b7ba7cd04bdb59db2" vary Accept-Encoding content-type text/javascript cache-control public, max-age=10800 cf-ray 7751c0951bd79207-FRA expires Tue, 06 Dec 2022 05:57:07 GMT
GET H2	200	showads.js Show response ads.anura.io/	0 352 B	160ms 7ms	XHR application/javascript	18.66.147.40 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ads.anura.io/showads.js?805179148731 Requested by Host: script.anura.io URL: https://script.anura.io/request.js?instance=2238638024&source=itechpost&campaign=tech%2Farticles&exid=anura_itechpost_1523871386895&callback=_anuraResFun&911487581622 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.147.40 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-147-40.fra60.r.cloudfront.net Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 22:14:21 GMT content-encoding gzip via 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront) server nginx x-amz-cf-pop FRA60-P4 age 16966 vary Accept-Encoding x-cache Hit from cloudfront access-control-allow-methods GET access-control-allow-origin * content-type application/javascript; charset=utf-8 x-amz-cf-id cAGBDZCRqRdYy6qVOJRwGmqTZIS2Yyel37tgflgs-48i1mJmk238xw==
GET H2	204	config Show response c.amazon-adsystem.com/cdn/prod/	0 311 B	11ms 9ms	XHR text/plain	13.32.105.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.itechpost.com&pubid=10f2e1c5-d495-4ec1-a8e3-2556d5c64ce9 Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.105.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-105-95.fra60.r.cloudfront.net Software Server / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 23:58:45 GMT via 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront) server Server x-amz-cf-pop FRA60-P1 age 10701 x-cache Hit from cloudfront access-control-allow-origin https://www.itechpost.com cache-control max-age=21550, s-maxage=21600 access-control-allow-credentials true x-amz-cf-id D00JUd6D7tOIGPeLzc8_3xHsWMfiULM3N39j6aswg1e6dhXHi4gfGg==
GET H2	200	bid Show response aax-dtb-cf.amazon-adsystem.com/e/dtb/	23 B 464 B	155ms 46ms	XHR text/javascript	108.138.4.150 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&pid=bfneOgEi3Bd61&cb=0&ws=1600x1200&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%22gpt_top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%2C%7B%22sd%22%3A%22gpt_right1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22400x300%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%2C%7B%22sd%22%3A%22gpt_right2%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%2C%22300x1050%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%2C%7B%22sd%22%3A%22gpt_bottom%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21697271410%2Fitechpost%2Ftech%2Farticles%22%7D%5D&pubid=10f2e1c5-d495-4ec1-a8e3-2556d5c64ce9&gdprl=%7B%22status%22%3A%22no-cmp%22%7D Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.4.150 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-4-150.fra56.r.cloudfront.net Software Server / Resource Hash 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8 Security Headers Name Value Strict-Transport-Security max-age=47474747; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT strict-transport-security max-age=47474747; includeSubDomains; preload via 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront) server Server x-amz-cf-pop FRA56-P6 x-amz-rid QSDHB6KF3VZVKREBJ71D vary Accept-Encoding,User-Agent x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 access-control-allow-origin https://www.itechpost.com access-control-allow-credentials true timing-allow-origin * content-length 23 x-amz-cf-id QCFghQL93GOVAZJsfLmfiVcVSiFUTZpZE4sEK4RH09Sjj2I0thfTgw==
GET H2	200	aps_csm.js Show response c.amazon-adsystem.com/bao-csm/aps-comm/	6 KB 3 KB	23ms 8ms	XHR application/javascript	13.32.105.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.105.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-105-95.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers x-amz-version-id vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq content-encoding gzip via 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront) date Tue, 06 Dec 2022 02:19:22 GMT x-amz-cf-pop FRA60-P1 age 4771 x-cache Hit from cloudfront last-modified Fri, 18 Nov 2022 03:05:15 GMT server AmazonS3 etag W/"a4d296427fc806b21335359e398c025c" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control public, max-age=86400 vary Accept-Encoding,Origin x-amz-cf-id i7gI9zP3sSBRRS6P88Myya1tQ-mQo8D_vDfDpjSp-r6AFbAMd25_Gw==
GET H2	200	in.php Show response in.getclicky.com/	133 B 357 B	457ms 152ms	Script text/javascript	198.145.13.12 DF-PTL1
General Check archive.org Show headers Download Go to Full URL https://in.getclicky.com/in.php?site_id=66593558&type=pageview&href=%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&title=%26%23038%3B%23039%3BSystem%20Update%26%23038%3B%23039%3B%20Android%20App%20Discovered%20to%20Be%20a%20Dangerous%20Spyware%20to%20Steal%20Data%E2%80%94Do%20Not%20Download&res=1600x1200&lang=en-US&tz=Etc%2FUnknown&tc=&ck=1&mime=js&x=0.4616408745564091 Requested by Host: static.getclicky.com URL: https://static.getclicky.com/js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.145.13.12 Tualatin, United States, ASN2044 (DF-PTL1, US), Reverse DNS getclicky.com Software nginx / Resource Hash f54af1d4e4ad6f7f8aa0f628cb96766a0118ac069563d956edfdcef0249f4645 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip server nginx vary Accept-Encoding, Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache, must-revalidate, post-check=0, pre-check=0 expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	204	b sb.scorecardresearch.com/	0 191 B	8ms 8ms	Image text/plain	13.32.121.17 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://sb.scorecardresearch.com/b?c1=2&c2=14401431&cs_it=b3&cv=3.8.0.210223&ns__t=1670295427659&ns_c=UTF-8&c7=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&c8=%27System%20Update%27%20Android%20App%20Discovered%20to%20Be%20a%20Dangerous%20Spyware%20to%20Steal%20Data%E2%80%94Do%20Not%20Download%20%7C%20iTech%20Post&c9= Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.17 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-17.fra60.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT via 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P1 x-amz-cf-id GyDlYGaUPOHZ5oVNPwZh6mvQjTYy8Qqq7OOg-FoPRspsC0f3fykGsg== x-cache Miss from cloudfront
GET H3	200	id Show response googleads.g.doubleclick.net/pagead/ Frame F5BB Redirect Chain https://googleads.g.doubleclick.net/pagead/id https://googleads.g.doubleclick.net/pagead/id?slf_rd=1	100 B 146 B	35ms 19ms	XHR application/json	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/id?slf_rd=1 Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H3 Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 71bd55e9f889dbffdc024947d217eb2054d1a69f6a6af3f2f0f12aca92438f62 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 120 x-xss-protection 0 pragma no-cache server cafe content-type application/json; charset=UTF-8 access-control-allow-origin https://www.youtube.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Tue, 06 Dec 2022 02:57:07 GMT x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 pragma no-cache server cafe content-type text/html; charset=UTF-8 location https://googleads.g.doubleclick.net/pagead/id?slf_rd=1 access-control-allow-origin https://www.youtube.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ad_status.js Show response static.doubleclick.net/instream/ Frame F5BB	29 B 588 B	42ms 6ms	Script text/javascript	2a00:1450:4001:806::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://static.doubleclick.net/instream/ad_status.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/www-embed-player.vflset/www-embed-player.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:48:31 GMT x-content-type-options nosniff age 516 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 29 x-xss-protection 0 last-modified Thu, 12 Dec 2013 23:40:16 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 06 Dec 2022 03:03:31 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 792 B	42ms 19ms	Script application/javascript	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=www.itechpost.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-content-type-options nosniff server cafe content-type application/javascript; charset=UTF-8 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 549 B	39ms 15ms	Script application/javascript	2a00:1450:4001:801::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.itechpost.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-content-type-options nosniff server cafe content-type application/javascript; charset=UTF-8 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	226 KB 50 KB	600ms 583ms	XHR text/plain	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4193627846432187&correlator=2635544229744794&eid=31071149&output=ldjh&gdfp_req=1&vrg=2022120101&ptt=17&impl=fifs&iu_parts=21697271410%2Citechpost%2Ctech%2Carticles&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%7C970x90%7C970x250%2C300x250%7C300x600%7C400x300%2C300x250%7C300x600%7C160x600%7C300x1050%2C728x90%2C1x1%2C1x1&ifi=1&adks=526987269%2C2644894127%2C3489986764%2C1583335052%2C2180747761%2C2180747762&sfv=1-0-40&ists=3&prev_scp=pos%3Dtop%7Cpos%3Dright1%7Cpos%3Dright2%7Cpos%3Dbottom%7Cpos%3Doop1%7Cpos%3Doop2&eri=1&cust_params=article_id%3D105164%26NoPassAN%3DN&sc=1&cookie_enabled=1&abxe=1&dt=1670295427766&lmt=1670295427&dlt=1670295426918&idt=797&adxs=313%2C1098%2C483%2C434%2C0%2C0&adys=104%2C415%2C3836%2C3935%2C5035%2C5035&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C1%7C2%7C3%7C4&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&frm=20&vis=1&psz=970x0%7C300x0%7C300x0%7C728x0%7C1600x0%7C1600x0&msz=970x0%7C300x0%7C300x0%7C728x0%7C1600x0%7C1600x0&fws=0%2C512%2C512%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&ga_vid=1638204095.1670295428&ga_sid=1670295428&ga_hid=1859519301&ga_fc=false Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5ccf13006d6cc7456f871fd30cbe9e3f97b9dc6750ef2abc932bc24610cb3d84 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2,-2,-2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 50809 x-xss-protection 0 google-lineitem-id -1,-1,-1,-2,-2,-2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -1,-1,-1,-2,-2,-2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.itechpost.com access-control-expose-headers x-google-amp-ad-validated-version cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html Show response 9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8210	6 KB 3 KB	67ms 16ms	Document text/html	2a00:1450:4001:808::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.itechpost.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control public, immutable, max-age=31536000 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Tue, 06 Dec 2022 02:57:07 GMT expires Wed, 06 Dec 2023 02:57:07 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	rules-p-QzXvCmyt3qj48.js Show response rules.quantcount.com/	160 B 638 B	467ms 441ms	Script application/javascript	2600:9000:223c:8a00:6:44e3:f8c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-QzXvCmyt3qj48.js Requested by Host: secure.quantserve.com URL: https://secure.quantserve.com/quant.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:8a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f3339207a16eb0d571563453a743c64451bce629f53e35ca916c5377c9e2a1a2 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT via 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amz-server-side-encryption AES256 x-cache RefreshHit from cloudfront cross-origin-resource-policy cross-origin content-length 160 last-modified Fri, 14 Oct 2022 06:30:18 GMT server AmazonS3 etag "0000dfe4648084a04ce29e76c247e3b1" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=3600 accept-ranges bytes x-amz-cf-id ljyAX9_Ur6emAKsyo8nwchsikKCTdzDeC7reA1g3ZMcuqNng-0malQ==
POST H2	200	/ reporting.powerad.ai/	2 B 272 B	330ms 101ms	Ping text/plain	54.234.151.247 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://reporting.powerad.ai/ Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-234-151-247.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 06 Dec 2022 02:57:08 GMT server nginx/1.18.0 (Ubuntu) x-powered-by Express etag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" access-control-allow-methods GET, POST, PATCH, PUT, DELETE, OPTIONS content-type text/plain; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true access-control-allow-headers * content-length 2
GET H2	200	detect-aau Show response powerad.ai/	2 B 223 B	291ms 97ms	Fetch text/plain	54.152.172.136 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://powerad.ai/detect-aau?ch=2 Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.152.172.136 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-152-172-136.compute-1.amazonaws.com Software / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT etag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" x-powered-by Express vary Accept-Encoding content-type text/plain; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true access-control-allow-headers * content-length 2
GET H2	200	detect-aau Show response powerad.ai/	2 B 222 B	291ms 98ms	Fetch text/plain	54.152.172.136 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://powerad.ai/detect-aau?ch=1 Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.152.172.136 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-152-172-136.compute-1.amazonaws.com Software / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT etag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" x-powered-by Express vary Accept-Encoding content-type text/plain; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true access-control-allow-headers * content-length 2
GET H2	200	pwt.js Show response ads.pubmatic.com/AdServer/js/pwt/157577/2378// Frame 5A97	247 KB 76 KB	52ms 14ms	Script application/javascript	23.35.236.201 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ads.pubmatic.com/AdServer/js/pwt/157577/2378//pwt.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-236-201.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 44d4cfd96636f673d8f990db7c015327156e1abd1fa60557bbacf2335ff5a7f0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip last-modified Mon, 31 Oct 2022 15:50:05 GMT server Apache vary Accept-Encoding content-type application/javascript p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" cache-control max-age=82123 accept-ranges bytes content-length 77322 expires Wed, 07 Dec 2022 01:45:50 GMT
GET H2	200	pbjs_wrapper.v2.0.js Show response hb.brainlyads.com/ Frame 60EF	49 KB 15 KB	347ms 140ms	Script application/javascript	23.20.158.212 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hb.brainlyads.com/pbjs_wrapper.v2.0.js Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-20-158-212.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 80b64da36b803889aa5b99f8070825c5b6b2f79ab7bf1ac0959f4c9290e5baf8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip last-modified Thu, 01 Dec 2022 07:17:56 GMT server nginx/1.18.0 (Ubuntu) etag W/"63885524-c4a7" vary Accept-Encoding content-type application/javascript cache-control max-age=604800 expires Tue, 13 Dec 2022 02:57:08 GMT
GET H2	200	/ Show response powerad.ai/pubPls/	31 KB 5 KB	114ms 114ms	XHR text/html	54.152.172.136 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://powerad.ai/pubPls/?width=1600&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.152.172.136 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-152-172-136.compute-1.amazonaws.com Software / Express Resource Hash c2a2f7ed8841dd6a19f3d59d7157e444731dfaf842264c6e5dfd371ba67eca3b Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-powered-by Express etag W/"7ccd-2wxgZy4tOnE9bJ5ISydm1QpltMg" vary Accept-Encoding content-type text/html; charset=utf-8 access-control-allow-origin https://www.itechpost.com access-control-allow-credentials true access-control-allow-headers *
OPTIONS H2	200	Create jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame	0 0	52ms 15ms	Preflight text/html	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers content-type,x-goog-api-key,x-user-agent Access-Control-Request-Method POST Origin https://www.youtube.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers content-type,x-goog-api-key,x-user-agent access-control-allow-methods DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin https://www.youtube.com access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 content-type text/html date Tue, 06 Dec 2022 02:57:07 GMT server ESF vary origin referer x-origin x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 0
POST H3	200	Create Show response jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame F5BB	66 KB 30 KB	43ms 27ms	XHR application/json+protobuf	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 1c8588257c1a1befdbf597fdaffc880573169d20109ecd7ceda0239576254112 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers X-User-Agent grpc-web-javascript/0.1 Referer https://www.youtube.com/ X-Goog-Api-Key AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type application/json+protobuf Response headers date Tue, 06 Dec 2022 02:57:07 GMT content-encoding gzip x-content-type-options nosniff server ESF vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json+protobuf; charset=UTF-8 access-control-allow-origin https://www.youtube.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31015 x-xss-protection 0
GET H3	200	remote.js Show response www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/ Frame F5BB	119 KB 36 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/remote.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b9e6d5d8562782d4ce7d9f488012c30b82c2ae5e3dc50134cf34e8eea7c2f7a1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 01 Dec 2022 16:01:34 GMT content-encoding br x-content-type-options nosniff age 384933 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37342 x-xss-protection 0 last-modified Thu, 01 Dec 2022 01:20:18 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Fri, 01 Dec 2023 16:01:34 GMT
GET H2	200	G-wi0KRrIjmTWIDOn44AFVMvZ_aKLO1c96DfwAE3d4M.js Show response www.google.com/js/th/ Frame F5BB	36 KB 14 KB	44ms 7ms	Script text/javascript	2a00:1450:4001:830::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/js/th/G-wi0KRrIjmTWIDOn44AFVMvZ_aKLO1c96DfwAE3d4M.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1bec22d0a46b2239935880ce9f8e0015532f67f68a2ced5cf7a0dfc001377783 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Sun, 04 Dec 2022 15:43:39 GMT content-encoding br x-content-type-options nosniff age 126808 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14211 x-xss-protection 0 last-modified Thu, 03 Nov 2022 10:00:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 04 Dec 2023 15:43:39 GMT
GET H3	200	embed.js Show response www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/ Frame F5BB	26 KB 8 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/embed.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9576ee189ae94caa04a5225adaf17b7c266f973ec1bca1f6f5f8b5b177929b14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 01 Dec 2022 16:02:38 GMT content-encoding br x-content-type-options nosniff age 384869 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8305 x-xss-protection 0 last-modified Thu, 01 Dec 2022 01:20:18 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Fri, 01 Dec 2023 16:02:38 GMT
GET DATA	200 OK	truncated / Frame F5BB	175 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Type image/png
GET H2	200	Wr3-XG7pUBTWK-RiBrTdyXyi18kw6--eGPol2k3Gtpu9ToP_Vl3KMHAcT5C139dm8MswnY6Y=s68-c-k-c0x00ffffff-no-rj yt3.ggpht.com/ Frame F5BB	4 KB 4 KB	31ms 7ms	Image image/jpeg	2a00:1450:4001:831::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://yt3.ggpht.com/Wr3-XG7pUBTWK-RiBrTdyXyi18kw6--eGPol2k3Gtpu9ToP_Vl3KMHAcT5C139dm8MswnY6Y=s68-c-k-c0x00ffffff-no-rj Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash 856d135235fd8281ccec279bb86f2f04e53dd1f7120bfd5343faf9d425420f80 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:08:05 GMT x-content-type-options nosniff age 2942 content-disposition inline;filename="channels4_profile.jpg" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3725 x-xss-protection 0 server fife etag "v1" vary Origin content-type image/jpeg access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform timing-allow-origin * expires Fri, 04 Nov 2022 12:05:17 GMT
GET H2	200	sddefault.webp i.ytimg.com/vi_webp/Y8h3Dqb5dQQ/ Frame F5BB	18 KB 18 KB	110ms 70ms	Image image/webp	2a00:1450:4001:827::2016 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://i.ytimg.com/vi_webp/Y8h3Dqb5dQQ/sddefault.webp Requested by Host: www.youtube.com URL: https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55dc355961ae55198787a3df4d1aae11fe057eab3c46195249b70ac481241516 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff server sffe etag "0" vary Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type image/webp cache-control public, max-age=7200 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17960 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 06 Dec 2022 04:57:08 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	32ms 6ms	Script text/javascript	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-31773140-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 06 Dec 2022 01:15:46 GMT last-modified Tue, 27 Sep 2022 22:01:05 GMT server Golfe2 age 6081 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20039 expires Tue, 06 Dec 2022 03:15:46 GMT
GET H2	200	image-1665070761385.png d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	668 B 1 KB	40ms 7ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1665070761385.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 8f17b3bfd0bb9b71fa0d49c197dd3c90f8d10ea116de13ea8a505a1ec5de8648 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 06 Oct 2022 20:53:18 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 5205828 x-amzn-requestid 7e07fb45-56f4-4466-b784-9bebf2bd90d7 x-cache Hit from cloudfront x-amz-apigw-id Zmb53H1ljoEFi2g= content-length 668 last-modified Thu, 06 Oct 2022 15:39:22 GMT x-amzn-trace-id Root=1-633f403e-680cc897712aec0622be1bb7 access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id YjAo5MffJDDRscYADgHXCr5l9l9u8UinaFEmS1l-8qeCUV1SUBiDTg==
GET H2	200	adobe-1-logo-1627302368799.png d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	2 KB 2 KB	40ms 8ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/adobe-1-logo-1627302368799.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 5225ff7c59a481d2add4db1133cfcc03e62cfab1288d288202ee03f1f5103ac5 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Sat, 08 Oct 2022 23:49:44 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 5022443 x-amzn-requestid f98813df-091e-4be7-a2c6-a02302024270 x-cache Hit from cloudfront x-amz-apigw-id Ztbn1Ht7DoEFX9Q= content-length 1660 last-modified Mon, 26 Jul 2021 12:26:09 GMT x-amzn-trace-id Root=1-63420c98-099f86d82b8569746b79b14e access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id yb0HU1tz68eEn6JJbII_ucODjlV7cRMJf5r4Bo7iVtTMRyIvRMeTBg==
GET H2	200	image-1663281720633.jpeg d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	1 KB 2 KB	39ms 9ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1663281720633.jpeg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 1ed2fc68bf11f82e49ebadfd07e18be56e293c729c59553393d0ff84258db3d9 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 15 Sep 2022 22:58:56 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 7012691 x-amzn-requestid b8081b64-487e-471d-86a6-8b8af8e258ae x-cache Hit from cloudfront x-amz-apigw-id YhgnhHJ4DoEFfuw= content-length 1124 last-modified Thu, 15 Sep 2022 22:42:01 GMT x-amzn-trace-id Root=1-6323ae2f-7d616c6e1676c6b33546a427 access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id 1ewRPdkL0wWSvqxtQQxtC9vEjVSX42p_Gvb_Bf9-h7QsVAgwjenS3Q==
GET H2	200	image-1659979825470.jpeg d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	2 KB 3 KB	38ms 9ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1659979825470.jpeg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash ffb33e8747485a7c204b2285b217e3a485e5aad5da252b85546cde3d12170cd6 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 20 Sep 2022 03:11:49 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 6651918 x-amzn-requestid bb6bd835-50f1-476b-bd4a-683c16133345 x-cache Hit from cloudfront x-amz-apigw-id YvRaWErMDoEF6dA= content-length 2510 last-modified Mon, 08 Aug 2022 17:30:26 GMT x-amzn-trace-id Root=1-63292f75-15b57b5637ecd8395f67d91a access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id 0tUX7ZCfeJ1pJAcMVPe34mSbOL_yzQEPJDf12t9PfyhiaZq-WXh-bg==
GET H2	200	jobbio.png d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/assets/images/powered-by/	6 KB 6 KB	8ms 7ms	Image image/png	2600:9000:2240:3400:15:f55c:78c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/assets/images/powered-by/jobbio.png Requested by Host: d1pywsqd87ew9v.cloudfront.net URL: https://d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/assets/css/v3.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2240:3400:15:f55c:78c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 12d0cebe410c72caa5a9f854fe15cf215a04319f585febed69d7037ca2418433 Request headers accept-language de-DE,de;q=0.9 Referer https://d1pywsqd87ew9v.cloudfront.net/partner_fluid_widgets_v1.5/assets/css/v3.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 05:56:23 GMT via 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront) last-modified Mon, 12 Sep 2022 11:15:20 GMT server AmazonS3 x-amz-cf-pop FRA60-P1 age 75659 etag "2b1b375c4af44c23183ab124a1ad20ac" vary Accept-Encoding x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 5869 x-amz-cf-id YvCuaZx4_PJrYx0Xo64aEgDON210XxcdcNYpZ4riiV5J3hkfyg027w==
GET H2	200	image-1669124319865.jpg d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	9 KB 10 KB	9ms 8ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1669124319865.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 3ef5763f54b5e11dc1ab4eb5c26e9286272c45558c864f9562255b633ca0cfe5 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 22 Nov 2022 13:38:41 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 1171107 x-amzn-requestid 9b5f6367-df82-4348-95a4-7e17cc86a732 x-cache Hit from cloudfront x-amz-apigw-id cAWTUEk-DoEFVAg= content-length 9600 last-modified Tue, 22 Nov 2022 13:38:40 GMT x-amzn-trace-id Root=1-637cd0e1-3d5e59ce25c7034a7b236342 access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id 5wqQRhh8z7NMwjG-6As3XHELHY8eLzRBq_3dqIuvm80d55HbNoPC7g==
GET H2	200	image-1667571666824.png d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	54 KB 54 KB	10ms 9ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1667571666824.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash b50071ae9005dc8466826fa25edbe3df4073c8ed8c14ad1b425a7bd522c8ad18 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Fri, 04 Nov 2022 14:21:19 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 2723749 x-amzn-requestid edbcac75-b5f0-4da7-9b9b-7e9b2985d80a x-cache Hit from cloudfront x-amz-apigw-id bFHq3Gj6joEFa_Q= content-length 55130 last-modified Fri, 04 Nov 2022 14:21:07 GMT x-amzn-trace-id Root=1-63651fde-5437eb33682d0dd41caac234 access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id 2O4tWucd2cDrwkmaKrFJuww3l0KwPHxXCPsnao8U_Qe4UzV_iHPJQw==
GET H2	200	image-1663281729403.jpeg d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	89 KB 89 KB	15ms 14ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1663281729403.jpeg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash ae14a92da7a5029e715487f9d5edbe8df1d83451a4c52dd9cbd0aa2fd717414d Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 15 Sep 2022 22:58:56 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 7012692 x-amzn-requestid e3acb7ab-e992-4993-a5d9-2f6978e5671a x-cache Hit from cloudfront x-amz-apigw-id YhgnlHojjoEFZ4Q= content-length 90772 last-modified Thu, 15 Sep 2022 22:42:10 GMT x-amzn-trace-id Root=1-6323ae30-625fc6541d201f5d6c68e90d access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id xjvKZD-LIh0tuWnh97ASllZcgWd1HpYiroYvx3G-IHJ3AZdZ0B3X5A==
GET H2	200	image-1659979834818.jpg d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/	65 KB 65 KB	21ms 21ms	Image image/webp	2600:9000:225e:7e00:14:ad08:9b00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1avm1cbyhi830.cloudfront.net/fit-in/images2/topic/new/image-1659979834818.jpg Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:7e00:14:ad08:9b00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 5ec3f81df0e2189252b89ec1d1b49d67e03f4ee6586641943034254d0c2d441d Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Sep 2022 04:43:48 GMT via 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 7856000 x-amzn-requestid 20f969f3-c6a8-4647-992b-3ade0e4dad67 x-cache Hit from cloudfront x-amz-apigw-id YBVwoGs0joEFwEw= content-length 66098 last-modified Mon, 08 Aug 2022 17:30:35 GMT x-amzn-trace-id Root=1-6316d003-4d0cc7ac422ced1e4f409a26 access-control-allow-methods GET content-type image/webp cache-control max-age=31536000,public access-control-allow-credentials true access-control-allow-headers Content-Type, Authorization x-amz-cf-id AyrVicLPdEoj8hwg_zLoCB0MTqzVv7AsVpf28bwm8W3d9dajvWtx7A==
GET H2	200	prebid.js Show response hb.brainlyads.com/ Frame 5A97	583 KB 176 KB	208ms 207ms	Script application/javascript	23.20.158.212 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://hb.brainlyads.com/prebid.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 23.20.158.212 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-20-158-212.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 33c967a047377f2f4dc793a9d419e72fbebe98878f2a2327d64bfe7fffee9461 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip last-modified Thu, 01 Dec 2022 06:15:38 GMT server nginx/1.18.0 (Ubuntu) etag W/"6388468a-91d4f" vary Accept-Encoding content-type application/javascript cache-control max-age=604800 expires Tue, 13 Dec 2022 02:57:08 GMT
GET H2	200	Hc6PdfQeAi.js Show response pixel.zprk.io/v5/pixeljs/	3 KB 3 KB	308ms 97ms	Script text/plain	34.194.167.128 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://pixel.zprk.io/v5/pixeljs/Hc6PdfQeAi.js?dne=1 Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.194.167.128 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-194-167-128.compute-1.amazonaws.com Software / Resource Hash 8e521ebeb6ce59914c54f532b1577efd671f4b02bb3c331e01b4a7e79a02cfea Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-max-age 3600 access-control-allow-methods POST, GET, DELETE, PUT content-type text/plain;charset=UTF-8 access-control-allow-credentials true access-control-allow-headers Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers content-length 2753
GET H2	200	251 Show response a.ad.gt/api/v1/u/matches/	11 KB 4 KB	528ms 177ms	Script application/javascript	54.69.168.64 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://a.ad.gt/api/v1/u/matches/251?url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&ref= Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.69.168.64 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-69-168-64.us-west-2.compute.amazonaws.com Software nginx/1.20.0 / Resource Hash 90750e2ea62d17757d492f7540466bc9b74d4c5469895361428a756d9af31edf Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers access-control-allow-origin * date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip cross-origin-resource-policy cross-origin server nginx/1.20.0 content-type application/javascript
GET H/1.1	200 OK	px.js Show response p.cpx.to/p/12967/	2 KB 2 KB	155ms 28ms	Script application/javascript	34.242.30.97 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://p.cpx.to/p/12967/px.js Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.242.30.97 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-242-30-97.eu-west-1.compute.amazonaws.com Software / Resource Hash f266acb707c5b2704c3b6e18e0888d7995bad0ba0ffec4a125146f7e3d058583 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Date Tue, 06 Dec 2022 02:57:07 GMT Cache-Control max-age=2419200, public Connection keep-alive Content-Length 1990 Content-Type application/javascript; charset=UTF-8
POST H3	200	GenerateIT Show response jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame F5BB	90 B 134 B	20ms 19ms	XHR application/json+protobuf	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 81bf6c0a51680544ccc79ee03127a54d77d3751680452ceca62b72fc3afc6b76 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers X-User-Agent grpc-web-javascript/0.1 Referer https://www.youtube.com/ X-Goog-Api-Key AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type application/json+protobuf Response headers date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip x-content-type-options nosniff server ESF vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json+protobuf; charset=UTF-8 access-control-allow-origin https://www.youtube.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 110 x-xss-protection 0
OPTIONS H3	200	GenerateIT jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame	0 0	15ms 14ms	Preflight text/html	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers content-type,x-goog-api-key,x-user-agent Access-Control-Request-Method POST Origin https://www.youtube.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers content-type,x-goog-api-key,x-user-agent access-control-allow-methods DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin https://www.youtube.com access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 content-type text/html date Tue, 06 Dec 2022 02:57:08 GMT server ESF vary origin referer x-origin x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 0
GET BLOB	200 OK	52a2a7f9-5fb4-4644-b458-d84284efa92b https://www.itechpost.com/	0 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.itechpost.com/52a2a7f9-5fb4-4644-b458-d84284efa92b Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Length 0 Content-Type text/javascript
GET BLOB	200 OK	f83e22b9-a059-40d8-825a-28c691a7d40f https://www.itechpost.com/	250 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.itechpost.com/f83e22b9-a059-40d8-825a-28c691a7d40f Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Length 250 Content-Type text/javascript
POST H2	200	response.json Show response script.anura.io/	80 B 430 B	191ms 147ms	XHR application/json	52.56.141.12 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/response.json Requested by Host: script.anura.io URL: https://script.anura.io/request.js?instance=2238638024&source=itechpost&campaign=tech%2Farticles&exid=anura_itechpost_1523871386895&callback=_anuraResFun&911487581622 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.56.141.12 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-56-141-12.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash 8845144fb865d649f8b3625aa5da660a877a06c93e2a85178f36b2afe949e026 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding access-control-allow-methods POST content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 expires Sun, 28 Dec 1980 18:57:00 EST
GET H2	200	pixel;r=1003372179;rf=0;a=p-QzXvCmyt3qj48;url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm;uh=880431075d... pixel.quantserve.com/	35 B 371 B	58ms 24ms	Image image/gif	2620:116:800d:21:e365:4988:e8a7:3270 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.quantserve.com/pixel;r=1003372179;rf=0;a=p-QzXvCmyt3qj48;url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm;uh=880431075d4405716ec00f069421f29b18b47e24dc50fcb043aa3b02ec82488e;uht=0;fpan=1;fpa=P0-1500216299-1670295427786;pbc=;ns=0;ce=1;qjs=1;qv=48c6ea86-20221121114006;cm=;gdpr=0;ref=;d=itechpost.com;dst=0;et=1670295428328;tzo=0;ogl=type.article%2Curl.https%3A%2F%2Fwww%252Eitechpost%252Ecom%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-and%2Csite_name.iTech%20Post%2Cimage.https%3A%2F%2F1401700980%252Ersc%252Ecdn77%252Eorg%2Fdata%2Fimages%2Ffull%2F99211%2Fsystem-update-android-ap%2Ctitle.'System%20Update'%20Android%20App%20Discovered%20to%20Be%20a%20Dangerous%20Spyware%20to%20Steal%20Data%E2%80%94D%2Cdescription.A%20new%20malicious%20application%20that%20steals%20user%20data%252C%20monitors%20movements%252C%20and%20activ;ses=af721eef-1127-4df6-89da-c3ca0e536172 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" content-type image/gif cache-control private, no-cache, no-store, proxy-revalidate content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	32ms 16ms	XHR text/plain	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1859519301&t=pageview&_s=1&dl=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&ul=en-us&de=UTF-8&dt=%27System%20Update%27%20Android%20App%20Discovered%20to%20Be%20a%20Dangerous%20Spyware%20to%20Steal%20Data%E2%80%94Do%20Not%20Download%20%7C%20iTech%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4ChAAUABAAAAACAAI~&jid=1767071325&gjid=2094525135&cid=1638204095.1670295428&tid=UA-31773140-1&_gid=1971480784.1670295428&_r=1&gtm=2oubu0&z=834888732 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.itechpost.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	20ms 6ms	Image image/gif	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j98&a=1859519301&t=event&_s=2&dl=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&ul=en-us&de=UTF-8&dt=%27System%20Update%27%20Android%20App%20Discovered%20to%20Be%20a%20Dangerous%20Spyware%20to%20Steal%20Data%E2%80%94Do%20Not%20Download%20%7C%20iTech%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=article&ea=article3&_u=4ChAAUABAAAAACAAI~&jid=&gjid=&cid=1638204095.1670295428&tid=UA-31773140-1&_gid=1971480784.1670295428&gtm=2oubu0&cd1=Czarina%20Grace&cd2=News&cd3=Tech&cd4=article&cd5=&cd6=105164&z=722585767 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Mon, 05 Dec 2022 09:43:51 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 61997 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	fire.js Show response s.cpx.to/	762 B 1 KB	135ms 32ms	Script application/javascript	52.16.167.85 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.cpx.to/fire.js?pid=12967&ref=&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&hn_ver=40&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 Requested by Host: p.cpx.to URL: https://p.cpx.to/p/12967/px.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.16.167.85 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-16-167-85.eu-west-1.compute.amazonaws.com Software / Resource Hash 744129c310ae85a4bbc2fa770074885aab20e394139267115eb806a826b4a12e Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Pragma no-cache Content-Security-Policy default-src 'self' Date Tue, 06 Dec 2022 02:57:08 GMT X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains X-Permitted-Cross-Domain-Policies none X-Frame-Options sameorigin P3P CP="NOI DEV ADM" Content-Type application/javascript; charset=UTF-8 Cache-Control no-store, must-revalidate, private, max-age=0 Connection keep-alive Content-Length 762 Expires Thu, 01 Dec 2022 16:19:31 UTC
GET H3	204	generate_204 www.youtube.com/ Frame F5BB	0 10 B	8ms 8ms	Image text/plain	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.youtube.com/generate_204?kKQOPA Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H2	200	cast_sender.js Show response www.gstatic.com/cv/js/sender/v1/ Frame F5BB	4 KB 3 KB	58ms 15ms	Script text/javascript	2a00:1450:4001:802::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/cv/js/sender/v1/cast_sender.js Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/player_ias.vflset/de_DE/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2007 x-xss-protection 0 last-modified Tue, 16 Feb 2021 23:57:06 GMT server sffe cross-origin-opener-policy same-origin; report-to="cloudview" vary Accept-Encoding report-to {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 06 Dec 2022 02:57:08 GMT
GET H2	200	amp4ads-v0.mjs Show response cdn.ampproject.org/rtv/012211060024000/ Frame A3A6	221 KB 61 KB	53ms 6ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 01 Dec 2022 16:29:52 GMT age 383236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 61592 x-xss-protection 0 server sffe etag "a2fca7132416d151" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Fri, 01 Dec 2023 16:29:52 GMT
GET H2	200	amp-ad-exit-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame A3A6	14 KB 5 KB	71ms 25ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 02 Dec 2022 07:11:23 GMT age 330345 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5218 x-xss-protection 0 server sffe etag "abd4378f71571d78" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Sat, 02 Dec 2023 07:11:23 GMT
GET H2	200	amp-analytics-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame A3A6	94 KB 28 KB	74ms 28ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 02 Dec 2022 21:42:14 GMT age 278094 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28809 x-xss-protection 0 server sffe etag "dd6615029de85e23" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Sat, 02 Dec 2023 21:42:14 GMT
GET H2	200	amp-fit-text-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame A3A6	5 KB 2 KB	69ms 24ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 01 Dec 2022 16:29:52 GMT age 383236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1913 x-xss-protection 0 server sffe etag "403438c4d550ee88" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Fri, 01 Dec 2023 16:29:52 GMT
GET H2	200	amp-form-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame A3A6	40 KB 13 KB	72ms 27ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 01 Dec 2022 16:29:52 GMT age 383236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12946 x-xss-protection 0 server sffe etag "0bacd3f1ce38a7db" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Fri, 01 Dec 2023 16:29:52 GMT
GET DATA	200 OK	truncated / Frame A3A6	209 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 91769c169f2fc462b8210d3344906d65f4ede1a9ee07fbb3c432f16deedc7107 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Type image/png
GET H2	200	amp4ads-v0.mjs Show response cdn.ampproject.org/rtv/012211060024000/ Frame 18F3	221 KB 60 KB	47ms 19ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 01 Dec 2022 16:29:52 GMT age 383236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 61592 x-xss-protection 0 server sffe etag "a2fca7132416d151" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Fri, 01 Dec 2023 16:29:52 GMT
GET H3	200	amp-ad-exit-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame 18F3	14 KB 5 KB	31ms 13ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 02 Dec 2022 07:11:23 GMT age 330345 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5218 x-xss-protection 0 server sffe etag "abd4378f71571d78" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Sat, 02 Dec 2023 07:11:23 GMT
GET H3	200	amp-analytics-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame 18F3	94 KB 28 KB	26ms 9ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 02 Dec 2022 21:42:14 GMT age 278094 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28809 x-xss-protection 0 server sffe etag "dd6615029de85e23" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Sat, 02 Dec 2023 21:42:14 GMT
GET H3	200	amp-fit-text-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame 18F3	5 KB 2 KB	25ms 8ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 01 Dec 2022 16:29:52 GMT age 383236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1913 x-xss-protection 0 server sffe etag "403438c4d550ee88" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Fri, 01 Dec 2023 16:29:52 GMT
GET H3	200	amp-form-0.1.mjs Show response cdn.ampproject.org/rtv/012211060024000/v0/ Frame 18F3	40 KB 13 KB	30ms 12ms	Script text/javascript	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 01 Dec 2022 16:29:52 GMT age 383236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12946 x-xss-protection 0 server sffe etag "0bacd3f1ce38a7db" vary Accept-Encoding report-to {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="amphtml-china-available" expires Fri, 01 Dec 2023 16:29:52 GMT
GET H2	200	css fonts.googleapis.com/ Frame 18F3	8 KB 1 KB	78ms 16ms	Stylesheet text/css	2a00:1450:4001:806::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 06 Dec 2022 02:28:06 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 06 Dec 2022 02:57:08 GMT
GET H3	200	container.html Show response 9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9290	6 KB 3 KB	30ms 11ms	Document text/html	2a00:1450:4001:808::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.itechpost.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control public, immutable, max-age=31536000 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Tue, 06 Dec 2022 02:57:07 GMT expires Wed, 06 Dec 2023 02:57:07 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	4899103370096350954 tpc.googlesyndication.com/simgad/ Frame A3A6	31 KB 32 KB	230ms 195ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/4899103370096350954?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnFwp07uycnlcFip1EUGj1wsNO3yw Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9291d2a8fafd43cba85949cd9d9d598101f514ef808197e6e2d6316410edd1a5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32070 x-xss-protection 0 last-modified Wed, 16 Nov 2022 04:13:44 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Wed, 06 Dec 2023 02:57:08 GMT
GET H2	200	en.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame A3A6	2 KB 3 KB	44ms 10ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/en.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 10:16:18 GMT x-content-type-options nosniff server cafe age 60050 etag 14819457070020093239 vary Accept-Encoding p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2502 x-xss-protection 0 expires Tue, 06 Dec 2022 10:16:18 GMT
GET H2	200	icon.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame A3A6	295 B 757 B	42ms 8ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 09:52:43 GMT x-content-type-options nosniff server cafe age 61465 etag 426692510519060060 vary Accept-Encoding p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Tue, 06 Dec 2022 09:52:43 GMT
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame A3A6	0 0	55ms 53ms	Image text/html	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CKsUvg6-OY5DxM5bt3gPMzIPwD9vN98xt1-uCzOkQ2dkeEAEg3vWGhAFgleKQgqAHoAHbrNajAcgBAqkClf-grfhGgz7gAgCoAwHIAwiqBNACT9CALYfuRmqhsLFuKhcmrORQvtH2YXadXGAaSHwRXIJ0SfAOs-2Q7hwYV-T2oZ_73-alPcsOWash0JLl8l8FUtxyQOVoGxKeD0tx96sfMHxV_1oh0IX0EckQYhZ9m4XriuEGLOEYMsoYzzHB92zfNeYtF2xu9jLOOHW2rduWltNHltoYiwOGjU4LFhr0RuGfyI4S3KJnr8rkoa0PQvf6HVxONsWPYa34XUQ5CyI97Jhla52KyULVOKe6hQjKp_YNQJ7GYRtYjoKM8lcEUhV7OJUZndhszka6NV63Rho5-74NPfvUhh0kTxKV5tPZ4rHezoech4n-dqp1FddaxtpuY8KC18Lvxkgz223XHcGksNcVy_QozsO1TcANuT5_-6nooa5K_Svnuz_KXnLi7IrcFug5VfyBXfgn2RGolU_U4CjXXZy5DtZtrWgNzjrQM8atwASr_Z_MlgTgBAGSBQQIBBgBkgUECAUYBKAGAoAHjdOp3AKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDovBjSCBEIgOGAcBABGB0yAusCOgKAQIAKA8gLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi00OTcxOTQ5NDAzNjAyNTA5GL6VbA&sigh=_KQlQLY6Q_A&uach_m=[UACH]&cid=CAQSSwDq26N9SZFfpxyYqIWKbO75deM3bsDcfUCP4cZx7UU8EIg9VPp8MyHJMrPEm7YNxTLa6bETQYVyftYyPxhxJ_OHRk-uWT2w_236JhgBIBM Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers
GET H2	200	en.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame 18F3	2 KB 3 KB	44ms 11ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/en.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 10:16:18 GMT x-content-type-options nosniff server cafe age 60050 etag 14819457070020093239 vary Accept-Encoding p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2502 x-xss-protection 0 expires Tue, 06 Dec 2022 10:16:18 GMT
GET H2	200	icon.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame 18F3	295 B 353 B	43ms 9ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 09:52:43 GMT x-content-type-options nosniff server cafe age 61465 etag 426692510519060060 vary Accept-Encoding p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Tue, 06 Dec 2022 09:52:43 GMT
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame 18F3	0 0	53ms 52ms	Image text/html	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CyNG5g6-OY5HxM5bt3gPMzIPwD-TA4uZty9HK_7EQz9briI8aEAEg3vWGhAFgleKQgqAHoAGr1bS7AsgBBuACAKgDAaoE1QJP0GYYbeKO3pRKsFPinXjrb4LZpRtbHNOIaExwIO4wfaxutu8ZONTPD429UiC4OCAA5y6iJq9OkQxlLhNOGg2nPVTTZPfJkii8yywkpUglStzk-WG6azuqqDDxvZZz-VG1Ka2xUMCOb9ilhjg9ytu_cx5k7_bOUV-SA72436VTZikzTvXWnSE_GdTmgmTDwsvOdA8LhkFZRiZNaZvp5eemccStaxy4k3ExGRBn3YLijTahvMeCBmQoW-JPvuHNUm--Z_5cnHnBmEyfYhsC9my2Scuaf_PMk-_hqd1C0oUUsRKyzEeJUvZdBkR_hE7W0cXbU5HuZNSdfGTmm1Du5DxczUWwZyUa0xOGKK_88u91b37ax-BoC-2b5EL2P5Zd7bcRqj3iUZU09TP6RLCcHs1zvsN3RBu_fgoDiU2nIvzQG2VipHlUD7ZULOhqeULTs8kOJmVcA8AEpYXZ7fEC4AQBkgUECAQYAZIFBAgFGASAB8W0k8kBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ6LwY0ggRCIDhgHAQARgdMgLrAjoCgECACgPICwHYEwyIFAbQFQGAFwGyFx4KHAgAEhRwdWItNDk3MTk0OTQwMzYwMjUwORi-lWw&sigh=5nzNZA3A7Sk&uach_m=[UACH]&cid=CAQSSwDq26N9SZFfpxyYqIWKbO75deM3bsDcfUCP4cZx7UU8EIg9VPp8MyHJMrPEm7YNxTLa6bETQYVyftYyPxhxJ_OHRk-uWT2w_236JhgBIBM&template_id=5020 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 443 B	67ms 22ms	XHR text/plain	2a00:1450:400c:c00::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-31773140-1&cid=1638204095.1670295428&jid=1767071325&gjid=2094525135&_gid=1971480784.1670295428&_u=4ChAAUAAAAAAACAAI~&z=2116479702 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.itechpost.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated / Frame 18F3	209 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 18F3	213 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2aa7cbc2bf11465696082aff9857d398c16b95149ff487e44fa8eb151505225c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Type image/png
GET H3	200	css fonts.googleapis.com/ Frame 9290	2 KB 535 B	41ms 25ms	Stylesheet text/css	2a00:1450:4001:806::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 06 Dec 2022 02:18:50 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 06 Dec 2022 02:57:08 GMT
GET H3	200	load_preloaded_resource_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 9290	2 KB 765 B	26ms 9ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/load_preloaded_resource_fy2021.js Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 01:45:58 GMT content-encoding br x-content-type-options nosniff age 4270 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 738 x-xss-protection 0 server cafe etag 1394486882873449110 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 20 Dec 2022 01:45:58 GMT
GET H3	200	adview securepubads.g.doubleclick.net/pagead/ Frame 9290	0 0	54ms 54ms	Fetch text/html	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=C1HoYg6-OY5LxM5bt3gPMzIPwD6f5zKJtqOXIhO8QhYiRs5UwEAEg3vWGhAFgleKQgqAHoAH258H8A8gBCakCp2s6W0KbsT7gAgCoAwHIA8sEqgTYAk_Qwi2QmlP6XSxf7gVaSprKnNHYXZEjahn0JY2mr2wOXXzrzv9eI7NmVpZH6Wa3t8giJPauvzlZHoNeI7v35Xj-XTAEsJq-lSXAL3znp58drm0qNIVVmn93uHMryCBY_KX6uZe1Fesq_LfVT7MWOlMLr8d94D5LtvOXmT5R7_p7fmMHZmi1cq4W6beKXbV1Qg6Dd4akW0FknPzwKLHANums6LYjlSccxNjuuoK4lhJfyXGMWSMxaVD1gCsVjwSc9z3dQXgJNzYn9Q-1TOUfkdawIfXIa3HmYcMKs3HFxr4P-Sj6phw5JdJNwXrphc6LsUvnAXZiyu7Fhn7v_Jh3Bg9JfUakOZ9j6o6tj7vMnw_6JPAbzNwD1dTWqeFa-VNOvD2PNDUlHqeUkYZQh8m9TK76oP0rZarthqzW3NzlwDu87xAzyKVjDYCj28fMBWp_Mj56KBA1xmS8wAS05am_ggTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH8pe-A6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCIlQbSCBEIgOGAcBABGB0yAusCOgKAQIAKA8gLAdgTC9AVAYAXAbIXHgocCAASFHB1Yi00OTcxOTQ5NDAzNjAyNTA5GL6VbA&sigh=5m7GwWW7yjg&uach_m=[UACH]&cid=CAQSSwDq26N9SZFfpxyYqIWKbO75deM3bsDcfUCP4cZx7UU8EIg9VPp8MyHJMrPEm7YNxTLa6bETQYVyftYyPxhxJ_OHRk-uWT2w_236JhgBIBM&template_id=494 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers
GET H3	200	abg_lite_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20221129/r20110914/ Frame 9290	23 KB 9 KB	24ms 7ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/abg_lite_fy2021.js Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 1e965485436a460b6ffc44695b148993598bd4e6cdb8447a547fb5609e3ca152 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 01:13:32 GMT content-encoding br x-content-type-options nosniff age 6216 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9421 x-xss-protection 0 server cafe etag 8437175705735068947 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 20 Dec 2022 01:13:32 GMT
GET H3	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 9290	3 KB 1 KB	27ms 12ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/window_focus_fy2021.js Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 01:13:32 GMT content-encoding br x-content-type-options nosniff age 6216 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 20 Dec 2022 01:13:32 GMT
GET H3	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/ Frame 9290	18 KB 7 KB	30ms 15ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20221129/r20110914/client/qs_click_protection_fy2021.js Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f066f881ead135cd4ee88cf0c80ddb796f8841fc536a7950d4f7102e0502be2f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 01:31:24 GMT content-encoding br x-content-type-options nosniff age 5144 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7443 x-xss-protection 0 server cafe etag 629801499763588852 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 20 Dec 2022 01:31:24 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 9290	153 KB 47 KB	39ms 21ms	Script text/javascript	2a00:1450:4001:828::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f08c94a636dea8c08b6a50658ba1200281007d4fba996ac05cd2eeb0b873d32d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:08 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 47692 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1670243872199174" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 06 Dec 2022 02:57:08 GMT
GET H3	200	5abbe811e7745ada511aeaa994a13f9f.js Show response www.gstatic.com/mysidia/ Frame 9290	34 KB 14 KB	31ms 13ms	Script text/javascript	2a00:1450:4001:802::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 21:16:52 GMT content-encoding gzip x-content-type-options nosniff age 20416 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14213 x-xss-protection 0 last-modified Mon, 05 Dec 2022 20:45:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Sun, 05 Mar 2023 21:16:52 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	49ms 25ms	Image image/gif	2a00:1450:4001:830::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-31773140-1&cid=1638204095.1670295428&jid=1767071325&_u=4ChAAUAAAAAAACAAI~&z=86594064 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	49ms 19ms	Image image/gif	2a00:1450:4001:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-31773140-1&cid=1638204095.1670295428&jid=1767071325&_u=4ChAAUAAAAAAACAAI~&z=86594064 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ca.png s.cpx.to/ Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 https://s.cpx.to/ca.png?dsp=dbm&fid=b7d56aad-575c-4fd2-be94-85f5798d4588&google_gid=CAESEGE0H0Wq5h932O0dBjpzuyc&google_cver=1	95 B 804 B	32ms 32ms	Image image/png	52.16.167.85 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.cpx.to/ca.png?dsp=dbm&fid=b7d56aad-575c-4fd2-be94-85f5798d4588&google_gid=CAESEGE0H0Wq5h932O0dBjpzuyc&google_cver=1 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol HTTP/1.1 Server 52.16.167.85 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-16-167-85.eu-west-1.compute.amazonaws.com Software / Resource Hash bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Pragma no-cache Content-Security-Policy default-src 'self' Date Tue, 06 Dec 2022 02:57:08 GMT X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains X-Permitted-Cross-Domain-Policies none X-Frame-Options sameorigin Content-Type image/png Cache-Control no-store, must-revalidate, private, max-age=0 Connection keep-alive Content-Length 95 Redirect headers pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://s.cpx.to/ca.png?dsp=dbm&fid=b7d56aad-575c-4fd2-be94-85f5798d4588&google_gid=CAESEGE0H0Wq5h932O0dBjpzuyc&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 334 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	sync s.cpx.to/ Redirect Chain https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Db7d56aad-575c-4fd2-be94-85f5798d4588 https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Db7d56aad-575c-4fd2-be94-85f5798d4588 https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=F59ACAFF-EE4C-4C76-8CD7-AF3F0543349F&fid=b7d56aad-575c-4fd2-be94-85f5798d4588	95 B 881 B	45ms 31ms	Image image/png	52.16.167.85 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=F59ACAFF-EE4C-4C76-8CD7-AF3F0543349F&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol HTTP/1.1 Server 52.16.167.85 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-16-167-85.eu-west-1.compute.amazonaws.com Software / Resource Hash bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Pragma no-cache Content-Security-Policy default-src 'self' Date Tue, 06 Dec 2022 02:57:08 GMT X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains X-Permitted-Cross-Domain-Policies none X-Frame-Options sameorigin P3P CP="NOI DEV ADM" Content-Type image/png Cache-Control no-store, must-revalidate, private, max-age=0 Connection keep-alive Content-Length 95 Expires Tue, 06 Dec 2022 02:57:08 UTC Redirect headers location https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=F59ACAFF-EE4C-4C76-8CD7-AF3F0543349F&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 date Tue, 06 Dec 2022 02:57:07 GMT cache-control no-store, no-cache, private server nginx p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
GET H2	200	generic match.adsrvr.org/track/cmf/	70 B 265 B	117ms 30ms	Image image/gif	3.33.220.150 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.33.220.150 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a12b7a488abeaa9e4.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers content-type image/gif pragma no-cache date Tue, 06 Dec 2022 02:57:08 GMT cache-control private,no-cache, must-revalidate x-aspnet-version 4.0.30319 content-length 70 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET H/1.1	200 OK	an_fire s.cpx.to/ Redirect Chain https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12967%26ref%3D%26url%3Dhttps%253A%252F%252Fwww.itechpost.com%252Farticles%252F105164%252F20210329%2... https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12967%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fwww.itechpos... https://s.cpx.to/an_fire?app_nexus_uid=8931954487363159718&pid=12967&ref=&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-...	95 B 865 B	32ms 32ms	Image image/png	52.16.167.85 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.cpx.to/an_fire?app_nexus_uid=8931954487363159718&pid=12967&ref=&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&hn_ver=40&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol HTTP/1.1 Server 52.16.167.85 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-16-167-85.eu-west-1.compute.amazonaws.com Software / Resource Hash bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Pragma no-cache Content-Security-Policy default-src 'self' Date Tue, 06 Dec 2022 02:57:08 GMT X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains X-Permitted-Cross-Domain-Policies none X-Frame-Options sameorigin P3P CP="NOI DEV ADM" Content-Type image/png Cache-Control no-store, must-revalidate, private, max-age=0 Connection keep-alive Content-Length 95 Expires Tue, 06 Dec 2022 02:57:08 UTC Redirect headers Pragma no-cache Date Tue, 06 Dec 2022 02:57:08 GMT AN-X-Request-Uuid 96da8510-ba7d-449e-be8b-8a2db4d36bc7 Server nginx/1.21.3 Content-Type text/html; charset=utf-8 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin * Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Location https://s.cpx.to/an_fire?app_nexus_uid=8931954487363159718&pid=12967&ref=&url=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&hn_ver=40&fid=b7d56aad-575c-4fd2-be94-85f5798d4588 Connection keep-alive X-Proxy-Origin 193.27.14.10; 193.27.14.10; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	cast_sender.js Show response www.gstatic.com/eureka/clank/108/ Frame F5BB	52 KB 15 KB	24ms 15ms	Script text/javascript	2a00:1450:4001:802::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/eureka/clank/108/cast_sender.js Requested by Host: www.gstatic.com URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a174ce3d0e66cfea95ba4288c928291b37bd679f3044ac1a7f4dc3958036be11 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.youtube.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 20:09:08 GMT content-encoding gzip x-content-type-options nosniff age 24480 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15164 x-xss-protection 0 last-modified Tue, 08 Nov 2022 00:45:53 GMT server sffe cross-origin-opener-policy same-origin; report-to="cloudview-release" vary Accept-Encoding report-to {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]} content-type text/javascript cache-control public, max-age=86400 accept-ranges bytes expires Tue, 06 Dec 2022 20:09:08 GMT
GET H3	200	4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 fonts.gstatic.com/s/googlesans/v45/ Frame 18F3	28 KB 28 KB	33ms 8ms	Font font/woff2	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 01 Dec 2022 21:35:41 GMT x-content-type-options nosniff age 364887 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28288 x-xss-protection 0 last-modified Wed, 01 Jun 2022 19:05:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 01 Dec 2023 21:35:41 GMT
GET H2	200	shopping encrypted-tbn2.gstatic.com/ Frame 9290	20 KB 21 KB	54ms 8ms	Image image/jpeg	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSv0pGWCsOQfvvjikMOI7MNMMqMobHxZ0uDrVUguvnmRJuHy6KEac_IJEtj5w&usqp=CAI Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b2bec1902f2ec3186fbd61911f4b4f968085468bd553831585da06fcea0e2137 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Fri, 02 Dec 2022 10:48:16 GMT x-content-type-options nosniff age 317332 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20499 x-xss-protection 0 last-modified Fri, 28 Oct 2022 07:49:37 GMT server sffe report-to {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]} content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="images-tbn" expires Sat, 02 Dec 2023 10:48:16 GMT
GET H2	200	shopping encrypted-tbn1.gstatic.com/ Frame 9290	20 KB 21 KB	45ms 9ms	Image image/jpeg	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTslktMgwGv2l_UQ2z1RxzpdsAXur0wQVcNMyWHfVnSmkmmJtIrIKGHdSZrOg&usqp=CAI Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f86e4b9f6ecb9b3f685a46b92ce7bd790cbe0cc338219e1ed575cbb337da5691 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Sat, 03 Dec 2022 05:12:52 GMT x-content-type-options nosniff age 251056 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20689 x-xss-protection 0 last-modified Sat, 12 Nov 2022 09:09:02 GMT server sffe report-to {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]} content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="images-tbn" expires Sun, 03 Dec 2023 05:12:52 GMT
GET H2	200	shopping encrypted-tbn2.gstatic.com/ Frame 9290	17 KB 17 KB	60ms 14ms	Image image/jpeg	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTMfwfWOtrxkA2Tg0012DevJzt3EnZ-yU5jZXyfrDWkps3ye-MpkEEi9obGZ1U&usqp=CAI Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 211561c2f100b094e1fd5dd22c6c54c06e77d45a11bd37f8d3bbf382f47a63c9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Sat, 03 Dec 2022 05:57:08 GMT x-content-type-options nosniff age 248400 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17740 x-xss-protection 0 last-modified Sat, 12 Nov 2022 13:05:16 GMT server sffe report-to {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]} content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="images-tbn" expires Sun, 03 Dec 2023 05:57:08 GMT
GET H2	200	shopping encrypted-tbn1.gstatic.com/ Frame 9290	12 KB 13 KB	53ms 17ms	Image image/jpeg	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcS2o3vkIQzq4U8wS99WRI1lR6w7HpAr59Is8vUT2jGRaEpxi6_VOLOeEXq1AGw&usqp=CAI Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash fc60c8413d18458bb057c0c0cec92dabbf504d5ea1403c09980a8afaaff6b25d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Sat, 03 Dec 2022 07:41:19 GMT x-content-type-options nosniff age 242149 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12786 x-xss-protection 0 last-modified Tue, 13 Sep 2022 21:24:40 GMT server sffe report-to {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]} content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="images-tbn" expires Sun, 03 Dec 2023 07:41:19 GMT
GET H2	200	shopping encrypted-tbn1.gstatic.com/ Frame 9290	27 KB 27 KB	47ms 11ms	Image image/jpeg	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSvu_I7UE1INyWZzgKHFERUU82-zqGzReWkvzP0MWt3R22K76WG&usqp=CAI Requested by Host: 9589e1423add891359732238067363b6.safeframe.googlesyndication.com URL: https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cf0be7eea6ace13473180bf64f9cbc7365675851a20826bffdafe96187e46e52 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 29 Nov 2022 13:43:49 GMT x-content-type-options nosniff age 565999 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 27145 x-xss-protection 0 last-modified Tue, 19 Oct 2021 12:19:30 GMT server sffe report-to {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]} content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="images-tbn" expires Wed, 29 Nov 2023 13:43:49 GMT
GET H3	200	si googleads.g.doubleclick.net/pagead/drt/ Frame A3A6 Redirect Chain https://www.google.com/pagead/drt/ui https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	0 0	16ms 16ms	Image text/html	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Redirect headers date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA cache-control private cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3	200	si googleads.g.doubleclick.net/pagead/drt/ Frame 18F3 Redirect Chain https://www.google.com/pagead/drt/ui https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	0 0	22ms 21ms	Image text/html	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H3 Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Redirect headers date Tue, 06 Dec 2022 02:57:08 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA cache-control private cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3	200	en.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame 18F3	2 KB 2 KB	8ms 8ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/en.png Requested by Host: cdn.ampproject.org URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 10:16:18 GMT x-content-type-options nosniff server cafe age 60050 etag 14819457070020093239 vary Accept-Encoding p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2502 x-xss-protection 0 expires Tue, 06 Dec 2022 10:16:18 GMT
GET H3	200	icon.png tpc.googlesyndication.com/pagead/images/adchoices/ Frame 18F3	295 B 319 B	7ms 7ms	Image image/png	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png Requested by Host: cdn.ampproject.org URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Mon, 05 Dec 2022 09:52:43 GMT x-content-type-options nosniff server cafe age 61465 etag 426692510519060060 vary Accept-Encoding p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/png cache-control public, max-age=86400 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Tue, 06 Dec 2022 09:52:43 GMT
GET DATA	200 OK	truncated / Frame 9290	209 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0f756803f66076496772ff07f1668d7c92eab599524726147a3793dacabf212a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Content-Type image/png
GET H3	200	ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2 fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 9290	20 KB 20 KB	8ms 7ms	Font font/woff2	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 29 Nov 2022 22:12:48 GMT x-content-type-options nosniff age 535460 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20784 x-xss-protection 0 last-modified Tue, 19 Apr 2022 19:21:31 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 29 Nov 2023 22:12:48 GMT
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	14 KB 11 KB	66ms 21ms	XHR application/json	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120101&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 1497b5a7490149d9446d2971b3fcdd9ef9d70d2362520bcd932a919f8963bd09 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11179 x-xss-protection 0
GET H2	200	A0RlYSVNidyzuuj9s3x_gihat09geBiINDRnkKmgVjk.js Show response pagead2.googlesyndication.com/bg/ Frame 9574	36 KB 16 KB	47ms 6ms	Script text/javascript	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/A0RlYSVNidyzuuj9s3x_gihat09geBiINDRnkKmgVjk.js Requested by Host: www.itechpost.com URL: https://www.itechpost.com/articles/105164/20210329/system-update-android-app-android-spyware-third-party-app-rat-trojan.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 03446561254d89dcb3bae8fdb37c7f82285ab74f6078188834346790a9a05639 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://9589e1423add891359732238067363b6.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Fri, 02 Dec 2022 03:41:57 GMT content-encoding gzip x-content-type-options nosniff age 342912 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16022 x-xss-protection 0 last-modified Mon, 21 Nov 2022 11:48:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 02 Dec 2023 03:41:57 GMT
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	16ms 16ms	Script text/javascript	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120101.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 06 Dec 2022 02:57:09 GMT
GET H2	200	/ Show response c.mgid.com/pv/	0 43 B	122ms 113ms	Script text/plain	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://c.mgid.com/pv/?pv=5&cbuster=1670295429131892550982&uniqId=00655&childs=1121472&lct=1669161600&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&lu=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&sessionId=638eaf85-0be69&pageView=1&pvid=184e55da00cb228866b&site=703696&implVersion=11&dpr=1&tfre=2219 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status DYNAMIC server cloudflare cf-ray 7751c0a0286a9152-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7959	13 KB 5 KB	8ms 7ms	Document text/html	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.itechpost.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 21511 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control public, max-age=31536000 content-encoding gzip content-length 5046 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Mon, 05 Dec 2022 20:58:38 GMT expires Tue, 05 Dec 2023 20:58:38 GMT last-modified Mon, 21 Jun 2021 20:47:05 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame FAB1	783 B 535 B	19ms 19ms	Document text/html	2a00:1450:4001:830::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 3c3caad6f96ffb064ca6a9697e300ecf369b0a12e5eb12b1da474da407dd8061 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-bZidwUjX5Yi50p-mJP4L-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.itechpost.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control private, max-age=300 content-encoding gzip content-length 513 content-security-policy script-src 'report-sample' 'nonce-bZidwUjX5Yi50p-mJP4L-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Tue, 06 Dec 2022 02:57:09 GMT expires Tue, 06 Dec 2022 02:57:09 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET BLOB	206 Partial Content	bc799a0d-e41e-4ae6-9f09-dc3054379ccd https://www.itechpost.com/	1 KB 0		Media video/mp4
General Check archive.org Show headers Download Go to Full URL blob:https://www.itechpost.com/bc799a0d-e41e-4ae6-9f09-dc3054379ccd Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda Request headers Referer Accept-Encoding identity;q=1, *;q=0 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Range bytes=0- Response headers Content-Range bytes 0-1492/1493 Content-Length 1493 Content-Type video/mp4
GET H2	200	mgid_ua.svg cdn.mgid.com/images/mgid/	2 KB 1 KB	23ms 14ms	Image image/svg+xml	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.mgid.com/images/mgid/mgid_ua.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT x-amz-version-id null content-encoding br cf-cache-status HIT x-amz-request-id BQQZ016TJQM3CQAQ age 5993 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 H0ihdhm/EJhbcC+homFO+mab68DYYvx/mk6E6cpnOvsu3WasxL/t0xcMLjTuGMaSc4h2RuXW7vE= last-modified Tue, 08 Mar 2022 17:05:01 GMT server cloudflare x-amz-meta-s3cmd-attrs atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root etag W/"617c205137825561208ef7c1a2d8f319" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=86400 cf-ray 7751c0a0489e9152-FRA expires Wed, 07 Dec 2022 02:57:09 GMT
GET H2	200	Adchoices.svg cdn.mgid.com/images/logos/	836 B 909 B	21ms 13ms	Image image/svg+xml	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.mgid.com/images/logos/Adchoices.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT x-amz-version-id null content-encoding br cf-cache-status HIT x-amz-request-id BQQP2P0ZGAY0CMXJ age 3635 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 Cxr/h9GEH2cm2grnKHiXrIw5MioqY/kDhHlX9SIKfHkMPhFjrTu42FaOoPgYIABs4KQfQTtjm/c= last-modified Wed, 17 Feb 2021 18:15:53 GMT server cloudflare x-amz-meta-s3cmd-attrs atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root etag W/"7d59364b7ed2df3f02507c9f92560df9" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=86400 cf-ray 7751c0a0489c9152-FRA expires Wed, 07 Dec 2022 02:57:09 GMT
GET H3	200	A0RlYSVNidyzuuj9s3x_gihat09geBiINDRnkKmgVjk.js Show response pagead2.googlesyndication.com/bg/ Frame 7959	36 KB 16 KB	21ms 6ms	Script text/javascript	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/A0RlYSVNidyzuuj9s3x_gihat09geBiINDRnkKmgVjk.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 03446561254d89dcb3bae8fdb37c7f82285ab74f6078188834346790a9a05639 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Fri, 02 Dec 2022 03:41:57 GMT content-encoding gzip x-content-type-options nosniff age 342912 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16022 x-xss-protection 0 last-modified Mon, 21 Nov 2022 11:48:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 02 Dec 2023 03:41:57 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame FAB1	0 0	45ms 41ms	Image text/html	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120101&jk=4193627846432187&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers
GET H2	200	1 Show response servicer.mgid.com/1119397/	6 KB 2 KB	53ms 43ms	Script application/x-javascript	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://servicer.mgid.com/1119397/1?pv=5&cbuster=1670295429218926471709&uniqId=00655&childs=1121472&lct=1669161600&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=670&h=475&maxw_4=216&maxh_4=207&cols=3&ref=&cxurl=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&lu=https%3A%2F%2Fwww.itechpost.com%2Farticles%2F105164%2F20210329%2Fsystem-update-android-app-android-spyware-third-party-app-rat-trojan.htm&sessionId=638eaf85-0be69&pageView=1&pvid=184e55da00cb228866b&implVersion=11&dpr=1&tfre=2305 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 75895fb10df43e622cf02bc98485f58685cf0e89139497f166f2d915aebd1d3a Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true cf-ray 7751c0a0a9009152-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame 7959	0 10 B	7ms 6ms	Image text/plain	2a00:1450:4001:827::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?nNRbXw Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H3	200	widget-ssp-performance c.mgid.com/	43 B 167 B	108ms 108ms	Image image/gif	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://c.mgid.com/widget-ssp-performance?time=123 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status DYNAMIC server cloudflare cf-ray 7751c0a0fe069207-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-type image/gif
GET H3	200	widget-ssp-performance c.mgid.com/	43 B 166 B	105ms 105ms	Image image/gif	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://c.mgid.com/widget-ssp-performance?time=54 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status DYNAMIC server cloudflare cf-ray 7751c0a10e0b9207-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-type image/gif
GET H3	200	mgid_ua.svg cdn.mgid.com/images/mgid/	2 KB 1 KB	14ms 14ms	Image image/svg+xml	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.mgid.com/images/mgid/mgid_ua.svg Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT x-amz-version-id null content-encoding br cf-cache-status HIT x-amz-request-id BQQZ016TJQM3CQAQ age 4059 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 H0ihdhm/EJhbcC+homFO+mab68DYYvx/mk6E6cpnOvsu3WasxL/t0xcMLjTuGMaSc4h2RuXW7vE= last-modified Tue, 08 Mar 2022 17:05:01 GMT server cloudflare x-amz-meta-s3cmd-attrs atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root etag W/"617c205137825561208ef7c1a2d8f319" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=86400 cf-ray 7751c0a12e279207-FRA expires Wed, 07 Dec 2022 02:57:09 GMT
GET H3	200	Adchoices.svg cdn.mgid.com/images/logos/	836 B 1008 B	14ms 14ms	Image image/svg+xml	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.mgid.com/images/logos/Adchoices.svg Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT x-amz-version-id null content-encoding br cf-cache-status HIT x-amz-request-id BQQP2P0ZGAY0CMXJ age 3212 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 Cxr/h9GEH2cm2grnKHiXrIw5MioqY/kDhHlX9SIKfHkMPhFjrTu42FaOoPgYIABs4KQfQTtjm/c= last-modified Wed, 17 Feb 2021 18:15:53 GMT server cloudflare x-amz-meta-s3cmd-attrs atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root etag W/"7d59364b7ed2df3f02507c9f92560df9" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=86400 cf-ray 7751c0a12e299207-FRA expires Wed, 07 Dec 2022 02:57:09 GMT
GET H2	200	aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMS80MDkxOTQvZThkZ... s-img.mgid.com/g/14714638/492x277/-/	25 KB 25 KB	41ms 15ms	Image image/webp	2606:4700:1::6813:874e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/14714638/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMS80MDkxOTQvZThkZDJmMzg5OGM0MTcwZTNmNGYzNjNkOWIxY2MwZDkuanBlZw.webp?v=1670295429-LO7ZAQWJbl1Zi3uKenVoM--L8dYWsSm7Zb3hRQ9noXM Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:874e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e1c2ae3816e7bca59ef767e8246f68458506e293291a0ea1fd97723c9de198ed Request headers Referer https://www.itechpost.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status HIT last-modified Thu, 24 Nov 2022 14:42:11 GMT x-mg-request-uuid e6254ce5-915a-4117-900d-e015dcc0ae32 server cloudflare age 994498 vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 7751c0a15f2b693d-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 25324
GET H2	200	aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMC80NzI3NjAvZGEwY... s-img.mgid.com/g/14701459/492x277/-/	6 KB 6 KB	49ms 22ms	Image image/webp	2606:4700:1::6813:874e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/14701459/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMC80NzI3NjAvZGEwYWY3NjVkNTM5NjRmZmZmMTM3NjcyMThhMjgzNzQuanBlZw.webp?v=1670295429-bH34MwKJlcMyDpvukr4DTaqSoKmcvs5reprjgEhjJ0w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:874e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8113780bd512b317faf7c7f707e4da322adcd057bd6c71a523e4cc9faa4b5819 Request headers Referer https://www.itechpost.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status HIT last-modified Wed, 23 Nov 2022 09:21:52 GMT x-mg-request-uuid d499ee43-18a8-459d-8b15-f57fae22fadc server cloudflare age 1100038 vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 7751c0a15f2c693d-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5768
GET H2	200	aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMi83NDI1MzAvZGViN... s-img.mgid.com/g/14817266/492x277/-/	14 KB 14 KB	48ms 22ms	Image image/webp	2606:4700:1::6813:874e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/14817266/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMi83NDI1MzAvZGViNTI5ZWZiYjE3ZGY2NzM1MWUxYWJlYzk3ZTQ5N2QuanBn.webp?v=1670295429-2dwJIXBTbG26OU0LH95oFQqvUGwjlw5srfKby5p0aEM Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:874e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 02f73b69b25b83d9d005d12fbcbe33bd974412a43fe9549030f7b37ad85e60a0 Request headers Referer https://www.itechpost.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status HIT last-modified Mon, 05 Dec 2022 19:32:12 GMT x-mg-request-uuid dfcce057-04a5-41be-a35c-af007e505625 server cloudflare age 26697 vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 7751c0a15f2d693d-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 14192
GET H2	200	aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMi8zMDA0MjQvMTBlO... s-img.mgid.com/g/14799313/492x277/-/	6 KB 7 KB	46ms 20ms	Image image/webp	2606:4700:1::6813:874e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/14799313/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMi8zMDA0MjQvMTBlOGU3OTZiZDUzNTIzNzQyNTUwZGQ2MjBhNjAzOWIuanBn.webp?v=1670295429-1pN04meL3d4g1XmY3_aydV1B8qdsq5-pEtaCXUNuVqI Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:874e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 164ea309223a8d1034bea9bd8c26dfdb9b51b050d57080f912138d5cf07593b9 Request headers Referer https://www.itechpost.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status HIT last-modified Mon, 05 Dec 2022 01:53:28 GMT x-mg-request-uuid 0fe20ad4-01ab-4ace-8722-1e7fe5d51e61 server cloudflare age 90002 vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 7751c0a15f2f693d-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 6512
GET H2	200	aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNTIyLHlfMzUxL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA4L... s-img.mgid.com/g/13801725/492x277/-/	15 KB 16 KB	47ms 21ms	Image image/webp	2606:4700:1::6813:874e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/13801725/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNTIyLHlfMzUxL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA4LzEyNTMwOC83ZmQ3MjExMTYxZGUwZjFkOTc2ZDQ5MTdiNzU3Yjg1MC5wbmc.webp?v=1670295429-bCicnY4rKExTwCRXOdBiCTeS3yyd6rUhIzLAob5WlXQ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:874e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d30610506b0b83a1f0973705ecfb1b81726971f3f6270aad605aa515b20b56e2 Request headers Referer https://www.itechpost.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status HIT last-modified Thu, 18 Aug 2022 09:35:15 GMT x-mg-request-uuid dad57ddb-81d9-4005-ba65-4072fe614963 server cloudflare age 2781892 vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 7751c0a15f30693d-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 15556
GET H2	200	aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNC8zNjk0MDMvN2UyN... s-img.mgid.com/g/12658887/492x277/-/	7 KB 7 KB	40ms 14ms	Image image/webp	2606:4700:1::6813:874e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://s-img.mgid.com/g/12658887/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNC8zNjk0MDMvN2UyNGJjMDc2MzQ3OWQ5ODcyMTc2OGYxYjY5NzZkOTUuanBlZw.webp?v=1670295429-s9SHxKfDA7X_5HFCjrGN-6E__tN1suOge8r-loOBvvY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:874e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0d9682f659b4cffd17cb24ac945ecf179a358626db70aa2c72bded9154d247f5 Request headers Referer https://www.itechpost.com/ Origin https://www.itechpost.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status HIT last-modified Sun, 10 Apr 2022 22:59:46 GMT x-mg-request-uuid c89d8710-9d34-439f-8421-f6bc6a627045 server cloudflare age 3559650 vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control immutable, max-age=31536000 accept-ranges bytes cf-ray 7751c0a15f31693d-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 6986
GET H2	200	i.js Show response cm.mgid.com/	0 101 B	110ms 101ms	Script application/javascript	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cm.mgid.com/i.js?&cbuster=1670295429324422958639 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status DYNAMIC server cloudflare content-type application/javascript cache-control no-store, no-cache, must-revalidate, max-age=0 cf-ray 7751c0a159e39152-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H2	200	i-noref.js Show response cm.mgid.com/ Frame 3553	0 37 B	118ms 117ms	Script application/javascript	2606:4700:1::6813:844e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cm.mgid.com/i-noref.js?cbuster=1670295429335260954185 Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:09 GMT cf-cache-status DYNAMIC server cloudflare content-type application/javascript cache-control no-store, no-cache, must-revalidate, max-age=0 cf-ray 7751c0a159e99152-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H2	200	id5-api.js Show response cdn.id5-sync.com/api/1.0/	57 KB 17 KB	49ms 23ms	Script text/javascript	2606:4700:10::6816:3556 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.id5-sync.com/api/1.0/id5-api.js Requested by Host: jsc.mgid.com URL: https://jsc.mgid.com/i/t/itechpost.com.1119397.es6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Tue, 06 Dec 2022 02:57:09 GMT strict-transport-security max-age=15552000; includeSubDomains; preload content-encoding gzip cf-cache-status HIT last-modified Thu, 24 Nov 2022 12:48:29 GMT server cloudflare x-amz-request-id P1SZP7TD036XFBFK age 982 etag W/"9ee82d693d1e83b3a37ee20226716f78" x-amz-server-side-encryption AES256 vary Accept-Encoding content-type text/javascript;charset=utf-8 cache-control public, max-age=3600 cf-ray 7751c0a189f6926b-FRA x-amz-id-2 10la1GvdgTFo6jvI3Wa3mpXbUAm7wSCfGAemy2ZdA4GTywR3RFzeub4op/dOG7M+LPdP1CnUUn8=
GET H/1.1	200	v1 Show response lb.eu-1-id5-sync.com/lb/	33 B 404 B	35ms 9ms	XHR application/json	162.19.138.117 OVH
General Check archive.org Show headers Download Go to Full URL https://lb.eu-1-id5-sync.com/lb/v1 Requested by Host: cdn.id5-sync.com URL: https://cdn.id5-sync.com/api/1.0/id5-api.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.19.138.117 , France, ASN16276 (OVH, FR), Reverse DNS ns31533568.ip-162-19-138.eu Software / Resource Hash f648d23b84db3d79eca8771b77a64307caf460c13a7b6be2a19c6f8cfe605aeb Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain Response headers access-control-allow-origin https://www.itechpost.com date Tue, 06 Dec 2022 02:57:09 GMT strict-transport-security max-age=63072000; includeSubDomains; preload vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin transfer-encoding chunked content-type application/json;charset=UTF-8
GET H/1.1	200 OK	v1 Show response lbs.eu-1-id5-sync.com/lbs/	54 B 231 B	69ms 19ms	XHR application/json	2001:41d0:701:1000::96f OVH
General Check archive.org Show headers Download Go to Full URL https://lbs.eu-1-id5-sync.com/lbs/v1 Requested by Host: cdn.id5-sync.com URL: https://cdn.id5-sync.com/api/1.0/id5-api.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2001:41d0:701:1000::96f , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash 49efa7707e6b34300955f41ced03f18d84480e7e1895b81d91cfef19f504316b Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain Response headers access-control-allow-origin https://www.itechpost.com date Tue, 6 Dec 2022 02:57:09 GMT content-length 54 vary Origin content-type application/json
POST H/1.1	200	231.json Show response id5-sync.com/g/v2/	216 B 627 B	34ms 7ms	XHR application/json	141.95.98.64 OVH
General Check archive.org Show headers Download Go to Full URL https://id5-sync.com/g/v2/231.json Requested by Host: cdn.id5-sync.com URL: https://cdn.id5-sync.com/api/1.0/id5-api.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.95.98.64 , France, ASN16276 (OVH, FR), Reverse DNS ns3216658.ip-141-95-98.eu Software / Resource Hash 6f172bcb71b4ba95ac3dd74a8519f333a8dfded314ac879c8216448d98928651 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain Response headers access-control-allow-origin https://www.itechpost.com date Tue, 06 Dec 2022 02:57:08 GMT strict-transport-security max-age=63072000; includeSubDomains; preload access-control-allow-credentials true vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin transfer-encoding chunked content-type application/json;charset=UTF-8
POST H2	200	/ reporting.powerad.ai/	2 B 272 B	304ms 101ms	Ping text/plain	54.234.151.247 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://reporting.powerad.ai/ Requested by Host: powerad.ai URL: https://powerad.ai/script.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 54.234.151.247 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-234-151-247.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Referer https://www.itechpost.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 06 Dec 2022 02:57:10 GMT server nginx/1.18.0 (Ubuntu) x-powered-by Express etag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" access-control-allow-methods GET, POST, PATCH, PUT, DELETE, OPTIONS content-type text/plain; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true access-control-allow-headers * content-length 2
GET H3	204	sodar pagead2.googlesyndication.com/pagead/	0 0	43ms 43ms	Image text/html	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120101&jk=4193627846432187&bg=!nZ6lntrNAAa7eOFIm3g7ACkAdvg8WoGnGuyq9OVq5zQ2l38h54Nf8wo2B4NIXfhw8dNB49ecS-haLQIAAABxUgAAAAVoAQeZArDpphA8PmKrBayADUc1b8uKnkLyftrov2ch9fQcZjGpaUs7apEnpVpeDWtRxR7aKrgZF9R4Wzx3dif_gwypnqXlp9GnszfbNA_a6-3-YqRXXKuSRTTElmi66PDlF0JyS5voTZdjXvGPThh1nppiK6tnNHIE1XrEyHaCsvOSKBWsL40gdlL7XVMes6a9Tjj0NjbRWBoKbQ8bCVh7MHzy3bmsTjQtrCdMI5l9avvRQv8uYfT_nHUC51fwkQtSRAOTsRF28vortXJtqaRhicyZDmF-5KjS_bqmRrTuEQ5tKTLoFNkeBe1L2CZ9pdSDv9pNZjXDcRWMslJuxBP1JSQmwiIak0uQj81tfGGkwcaGP87mcCyio3sxObMzAcbxcPNkfJweBT-Ffo7nwe2mCXgMZtFZNXwz_TP9EOI0TbmX9iQXayEYjCl11sB--Emz0piH5Wb3QcnyOCjlxbRQQ7qJXRso78OxnC3-ZYcmocPT5GxAmAA8ADs6N5SWFx5eTTgJvSBObVA1O_9z1XTncVCKZT82IHMezagcmTMwbXQsMKSMKdBVO4Zv3uFKTZQzhJRtPD3yup-XJY-yLxE9T658mRi_VFzdN0dWKJb2F88P-9p6M5iiQ29fCh8-5elHVM5rr9s9ssqnrcrjhf9E6Mi5DpNFxJkODmimRJgGc7x2hFsQIQVVKMsrEX0MQnyWMQE6fDjeMrCeXZZtx2onL31eeJkZNcnlO6wMIjF9-70AjcEFzIbOAP6N6AkC7V3QNRwgHdMmrmLoJLyyO3c4Zc4fb3z7729UkkXasLwBtEVHYkh2CN4GB8_JE8v9umc3MVN-I6-cyZhHI8wwNquybx1xk8k0aFsZ_giuJ41os_WKPSek37X-W_QlKfzC87DI7GteZ-CRq5x3onc7MvRaUzvv0kOf Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers
GET H3	200	activeview pagead2.googlesyndication.com/pcs/ Frame A3A6	42 B 64 B	45ms 45ms	Image image/gif	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVtqj3_tGrGjNts8qaM_M_pO4s91XCd5HSR4vSeJq2w4vOvsNg_MsG1tetVKoweUZHGP_YxZeh5sAAPhuQy_qq4eHsH1-8-v5f3nil5_FlIwol1vcvvdeiOpl6DyJFY89IduL0hQ&sai=AMfl-YQHp91YPlJfMDo2lz4N0hIH6QINy5qtjZqov6c_7fg6ABWvCENX5dCnMPLXLoc1Myu-A4aRANbbmxwBhLPUO1Th_FjH5VZVhcxyrEcAmAJZe4fG5zpulteKilF56aGa6_i6Do8trA3vceN5QWk&sig=Cg0ArKJSzLopdXyyGwBMEAE&cid=CAQSSwDq26N9SZFfpxyYqIWKbO75deM3bsDcfUCP4cZx7UU8EIg9VPp8MyHJMrPEm7YNxTLa6bETQYVyftYyPxhxJ_OHRk-uWT2w_236JhgBIBM&id=ampim&o=313,94&d=938,250&ss=1600,1200&bs=1600,1200&mcvt=1039&mtos=0,0,1039,1039,1039&tos=0,0,1039,0,0&tfs=501&tls=1540&g=100&h=100&tt=1540&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:10 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview pagead2.googlesyndication.com/pcs/ Frame 18F3	42 B 64 B	45ms 45ms	Image image/gif	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvKflu4sxPfgSRnMGj0XM_JQEsX2T4j_6JmTt1P4Up115R2BYnEm81QNJa1WPpBaLP2T0P-gHePWpydTNpghYhSmV7QnipyINAbaCC4aDa66ipqXoJCjLm94E5SU13WPp_D188o9g&sai=AMfl-YS7u_rGHcKjH83d_xUuTOw0wD1vfLzvLRqr-JAWZu3rVFSmiJlEI9-qOKn0yDUS8E4GQeIPOOuaFDNf5n8NGdlLll_uHFei69r3n0FdD46Qvj1atAeR9f1fs6gUAaRVPdxuYPgea08omB6JoUs&sig=Cg0ArKJSzOlsQ5ROMxRoEAE&cid=CAQSSwDq26N9SZFfpxyYqIWKbO75deM3bsDcfUCP4cZx7UU8EIg9VPp8MyHJMrPEm7YNxTLa6bETQYVyftYyPxhxJ_OHRk-uWT2w_236JhgBIBM&id=ampim&o=1098,631&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1042&mtos=0,0,1042,1042,1042&tos=0,0,1042,0,0&tfs=489&tls=1531&g=94.83333230018616&h=94.83333230018616&tt=1531&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.itechpost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers pragma no-cache date Tue, 06 Dec 2022 02:57:10 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	log_event Show response www.youtube.com/youtubei/v1/ Frame F5BB	28 B 54 B	24ms 23ms	XHR application/json	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 Requested by Host: www.youtube.com URL: https://www.youtube.com/s/player/dab28f34/www-embed-player.vflset/www-embed-player.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 X-Goog-Request-Time 1670295430365 Content-Type application/json X-YouTube-Utc-Offset 0 X-YouTube-Client-Name 56 Referer https://www.youtube.com/embed/Y8h3Dqb5dQQ?start=6 X-YouTube-Client-Version 1.20221130.01.00 X-YouTube-Time-Zone Etc/Unknown X-Goog-Visitor-Id Cgt1Mno4bTdxVS1ZZyiD37qcBg%3D%3D X-YouTube-Ad-Signals dt=1670295427563&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image Response headers date Tue, 06 Dec 2022 02:57:10 GMT content-encoding br x-content-type-options nosniff server scaffolding on HTTPServer2 x-frame-options SAMEORIGIN vary Origin, X-Origin, Referer content-type application/json; charset=UTF-8 p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31 x-xss-protection 0 expires Tue, 06 Dec 2022 02:57:10 GMT