www.geektime.co.il Open in urlscan Pro
45.60.47.210 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.geektime.co.il/sub-domain-hijacking/
Submission: On August 07 via manual (August 7th 2018, 8:46:37 pm UTC) from IL

Summary HTTP 311 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 35 IPs in 4 countries across 25 domains to perform 311 HTTP transactions. The main IP is 45.60.47.210, located in Redwood City, United States and belongs to INCAPSULA - Incapsula Inc, US. The main domain is www.geektime.co.il.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on October 3rd 2017. Valid for: 3 years.

This is the only time www.geektime.co.il was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
76	45.60.47.210 45.60.47.210	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
13	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
8	2600:9000:200... 2600:9000:2002:3a00:1f:ed15:a600:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
11	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
4	2.18.234.190 2.18.234.190	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2400:cb00:204... 2400:cb00:2048:1::681b:a790	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	136.243.63.184 136.243.63.184	24940 (HETZNER-AS) (HETZNER-AS)
1	54.230.44.175 54.230.44.175	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	52.85.245.90 52.85.245.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
54	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:200... 2600:9000:2002:9800:1f:ed15:a600:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 9	2a03:2880:f11... 2a03:2880:f11c:8186:face:b00c:0:50fb	32934 (FACEBOOK) (FACEBOOK - Facebook)
1 1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
1 12	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
78	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
5	52.85.177.71 52.85.177.71	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
3	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
4	54.230.95.41 54.230.95.41	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	2.18.232.28 2.18.232.28	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	74.201.198.92 74.201.198.92	13789 (INTERNAP-...) (INTERNAP-BLK3 - Internap Network Services Corporation)
1	2a00:1450:400... 2a00:1450:400c:c0b::5e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY - Fastly)
1	2600:9000:200... 2600:9000:200e:fa00:18:1fcd:348:2461	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	162.247.242.18 162.247.242.18	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
1	54.221.210.243 54.221.210.243	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:810::2014	15169 (GOOGLE) (GOOGLE - Google LLC)
311	35

76 45.60.47.210 (Redwood City, United States)

ASN19551 (INCAPSULA - Incapsula Inc, US)

www.geektime.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:81b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2002:3a00:1f:ed15:a600:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

files.geektime.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.190 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::681b:a790 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.enable.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 136.243.63.184 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: xip08.oneall.com

geektimecoil.api.oneall.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.44.175 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-44-175.fra6.r.cloudfront.net

89915812.adoric-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.245.90 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-245-90.ams50.r.cloudfront.net

d29k50lkkhkjby.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 172.217.22.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f66.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2002:9800:1f:ed15:a600:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d2c0t36xs14iag.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f11c:8186:face:b00c:0:50fb (Ireland) 2 redirects

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:81c::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

78 2a00:1450:4001:810::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.85.177.71 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-177-71.fra6.r.cloudfront.net

d2muzdhs7lpmo0.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d3i3ab8sb6dtvq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.230.95.41 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-95-41.fra2.r.cloudfront.net

drf8e429z5jzt.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.232.28 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-28.deploy.static.akamaitechnologies.com

images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.201.198.92 (United States)

ASN13789 (INTERNAP-BLK3 - Internap Network Services Corporation, US)

log.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::5e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (San Francisco, United States) 1 redirects

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:200e:fa00:18:1fcd:348:2461 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.18 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.221.210.243 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-221-210-243.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2014 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

amp-error-reporting.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
90	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	2 MB
84	geektime.co.il www.geektime.co.il files.geektime.co.il	685 KB
55	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net	209 KB
13	google.com 1 redirects adservice.google.com www.google.com	992 B
11	facebook.com 2 redirects www.facebook.com staticxx.facebook.com	2 KB
11	cloudfront.net d29k50lkkhkjby.cloudfront.net d2c0t36xs14iag.cloudfront.net d2muzdhs7lpmo0.cloudfront.net drf8e429z5jzt.cloudfront.net d3i3ab8sb6dtvq.cloudfront.net	341 KB
11	gravatar.com secure.gravatar.com	15 KB
7	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	37 KB
6	outbrain.com widgets.outbrain.com odb.outbrain.com log.outbrain.com	38 KB
4	outbrainimg.com images.outbrainimg.com	39 KB
3	ampproject.org cdn.ampproject.org	123 KB
3	facebook.net connect.facebook.net	97 KB
3	oneall.com geektimecoil.api.oneall.com	12 KB
2	google.de adservice.google.de www.google.de	291 B
2	googleapis.com ajax.googleapis.com	39 KB
2	google-analytics.com www.google-analytics.com	14 KB
1	appspot.com amp-error-reporting.appspot.com	155 B
1	chartbeat.net ping.chartbeat.net	213 B
1	nr-data.net bam.nr-data.net	261 B
1	chartbeat.com static.chartbeat.com	14 KB
1	newrelic.com js-agent.newrelic.com	9 KB
1	gstatic.com csi.gstatic.com	202 B
1	adoric-ads.com 89915812.adoric-ads.com	26 KB
1	enable.co.il cdn.enable.co.il	103 KB
1	googletagservices.com www.googletagservices.com	8 KB
311	25

	Domain	Requested by
78	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.geektime.co.il
76	www.geektime.co.il	www.geektime.co.il www.google-analytics.com platform.twitter.com ajax.googleapis.com widgets.outbrain.com drf8e429z5jzt.cloudfront.net
54	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.geektime.co.il
12	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.geektime.co.il
12	www.google.com	1 redirects securepubads.g.doubleclick.net www.geektime.co.il
11	secure.gravatar.com	www.geektime.co.il
9	www.facebook.com	2 redirects www.geektime.co.il connect.facebook.net
8	files.geektime.co.il	www.geektime.co.il
6	platform.twitter.com	www.geektime.co.il platform.twitter.com
4	images.outbrainimg.com	www.geektime.co.il
4	drf8e429z5jzt.cloudfront.net	d2muzdhs7lpmo0.cloudfront.net drf8e429z5jzt.cloudfront.net www.geektime.co.il
4	widgets.outbrain.com	www.geektime.co.il widgets.outbrain.com
3	cdn.ampproject.org	securepubads.g.doubleclick.net
3	d2muzdhs7lpmo0.cloudfront.net	d29k50lkkhkjby.cloudfront.net drf8e429z5jzt.cloudfront.net
3	connect.facebook.net	www.geektime.co.il connect.facebook.net
3	geektimecoil.api.oneall.com	www.geektime.co.il geektimecoil.api.oneall.com ajax.googleapis.com
2	d3i3ab8sb6dtvq.cloudfront.net	www.geektime.co.il
2	staticxx.facebook.com	connect.facebook.net
2	ajax.googleapis.com	www.geektime.co.il
2	www.google-analytics.com	www.geektime.co.il
1	amp-error-reporting.appspot.com	cdn.ampproject.org
1	ping.chartbeat.net
1	bam.nr-data.net	js-agent.newrelic.com
1	static.chartbeat.com	www.geektime.co.il
1	js-agent.newrelic.com	www.geektime.co.il
1	syndication.twitter.com	1 redirects
1	csi.gstatic.com	tpc.googlesyndication.com
1	log.outbrain.com	widgets.outbrain.com
1	odb.outbrain.com	widgets.outbrain.com
1	www.google.de	www.geektime.co.il
1	stats.g.doubleclick.net	1 redirects
1	d2c0t36xs14iag.cloudfront.net	www.geektime.co.il
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	d29k50lkkhkjby.cloudfront.net	www.geektime.co.il
1	89915812.adoric-ads.com	www.geektime.co.il
1	cdn.enable.co.il	www.geektime.co.il
1	www.googletagservices.com	www.geektime.co.il
311	38

This site contains links to these domains. Also see Links.

Domain
crypto.geektime.co.il
geeklist.geektime.co.il
files.geektime.co.il
twitter.com
plus.google.com
takeover.cyberint.com
www.calcalist.co.il
www.outbrain.com
www.twitter.com
www.facebook.com
www.youtube.com
www.instagram.com
t.me
uniqui.co.il
codeart.co.il
www.enable.co.il

Subject Issuer	Validity	Valid
*.geektime.co.il COMODO RSA Domain Validation Secure Server CA	`2017-10-03` - `2020-10-02`	3 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
*.gravatar.com Go Daddy Secure Certificate Authority - G2	`2015-09-05` - `2018-10-14`	3 years	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2018-02-12` - `2019-02-12`	a year	crt.sh
sni156367.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-07-28` - `2019-02-03`	6 months	crt.sh
*.api.oneall.com COMODO RSA Domain Validation Secure Server CA	`2017-07-11` - `2019-07-31`	2 years	crt.sh
adoric.com Amazon	`2018-05-15` - `2019-06-15`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2017-11-22` - `2018-11-21`	a year	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2017-12-02` - `2018-12-05`	a year	crt.sh
*.google.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
tpc.googlesyndication.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-08-07` - `2018-10-06`	2 months	crt.sh
www.google.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
misc-sni.google.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh
*.outbrainimg.com DigiCert ECC Secure Server CA	`2018-04-25` - `2019-04-25`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-08-07` - `2019-04-14`	8 months	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2018-04-02` - `2019-04-18`	a year	crt.sh
*.nr-data.net GeoTrust RSA CA 2018	`2018-01-11` - `2020-03-17`	2 years	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2018-01-02` - `2019-01-02`	a year	crt.sh
*.appspot.com Google Internet Authority G3	`2018-07-24` - `2018-10-02`	2 months	crt.sh

This page contains 40 frames:

Primary Page: https://www.geektime.co.il/sub-domain-hijacking/
Frame ID: 95BB5AE0DC371FEBA5EE7408E70421D8
Requests: 192 HTTP requests in this frame

Frame: https://geektimecoil.api.oneall.com/socialize/login/frame/?oakk=60872&oakv=8fa0cdfe45461cda961e2dfdcf488390bc015ef4d49f3dee1cd60029fccaed1e962be4e2121d294f4d1244f6ed389170dd841b77598c5768b8445eaa3f8d49ba459e42e07f45bc289b5723318910ff2ff9871ca360dfdbfd308b6273bd05f46fdbad9a29110c517f96487bbb7b6a31aab480c4f4b621313a89a267e17e08e222490f32adc5f0df87271083e1f636b74a562818c75a15bd1e6db73b205854f5f575ec5f7f55d47980752e8bbbd75213aeb9ca7c37d22c9bd228fed867032f523b518caf6d3d3b3f192e3ba9458490a7d036d2894eb700e375567e259bc625f8dda9b6864810481a80018104cc3d908d5b13cf2ad2f3a47c6b3e577952fbfbd367e923c04b342fa066a9527fa410d5ba9129294348367639301819b80c6a61eac68f07571cf6946429e22a13524c2f38728ffc9ec5079d59728f9a4dbe530f21ed7d9aff911ce6921e90f156697658e101c21cfa7a70628453789719652bf21f2ec8a71cd290cad5bc75de0e00fc14b5254d0e2828ba8b28acaacaf5de1a5c5c83aa8d7f65aafdcaa4b7aa6075c8710898b1c9967f5e8cdfc845a32fb55310aa8fd6023b34583851ff28a4224f6226c6ec4fcc4a82eb951b6657e0f736bdbc93fec91c86aa9bb611b9f32c05607fa0ef27f572d51d65d6a7dbe9adf823ba14a4a94f2cabe62cffddd14b6db5836d90e277cba479401a6c46babf9e1e09b356ab53329bf3ecc37b4756ace670f09c8d6063fe0fe138c4ca6d7cbfbf794cf41fa429c4&lang=en
Frame ID: 306A60921D96C522FB1A35C866AA1ACC
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
Frame ID: 1B908E6310CB12AC3D97F11D91F71DD4
Requests: 1 HTTP requests in this frame

Frame: https://geektimecoil.api.oneall.com/socialize/login/frame/?oakk=60872&oakv=8fa0cdfe45461cda961e2dfdcf488390bc015ef4d49f3dee1cd60029fccaed1e962be4e2121d294f4d1244f6ed389170dd841b77598c5768b8445eaa3f8d49ba459e42e07f45bc289b5723318910ff2ff9871ca360dfdbfd308b6273bd05f46fdbad9a29110c517f96487bbb7b6a31aab480c4f4b621313a89a267e17e08e222490f32adc5f0df87271083e1f636b74a562818c75a15bd1e6db73b205854f5f575ec5f7f55d47980752e8bbbd75213aeb9ca7c37d22c9bd228fed867032f523b518caf6d3d3b3f192e3ba9458490a7d036d2894eb700e375567e259bc625f8dda9b6864810481a80018104cc3d908d5b13cf2ad2f3a47c6b3e577952fbfbd367e923c04b342fa066a9527fa410d5ba9129294348367639301819b80c6a61eac68f07571cf6946429e22a13524c2f38728ffc9ec5079d59728f9a4dbe530f21ed7d9aff911ce6921e90f156697658e101c21cfa7a70628453789719652bf21f2ec8a71cd290cad5bc75de0e00fc14b5254d0e2828ba8b28acaacaf5de1a5c5c83aa8d7f65aafdcaa4b7aa6075c8710898b1c9967f5e8cdfc845a32fb55310aa8fd6023b34583851ff28a4224f6226c6ec4fcc4a82eb951b6657e0f736bdbc93fec91c86aa9bb611b9f32c05607fa0ef27f572d51d65d6a7dbe9adf823ba14a4a94f2cabe62cffddd14b6db5836d90e277cba479401a6c46babf9e1e09b356ab53329bf3ecc37b4756ace670f09c8d6063fe0fe138c4ca6d7cbfbf794cf41fa429c4&lang=en
Frame ID: E1BE22D1A68A49775C6CD054FE2FD123
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.cb6df5c11eb74c4885e17101a777cb60.html?origin=https%3A%2F%2Fwww.geektime.co.il&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: E88A5FCD53E415C032B9BF2C11276E37
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.10/plugins/share_button.php?app_id=540285849347093&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df1c4f45e5c6bd8c%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&container_width=710&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&layout=button&locale=he_IL&mobile_iframe=true&sdk=joey
Frame ID: 6F08A9128CC0F973F8230B4A94D6600F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.10/plugins/share_button.php?app_id=540285849347093&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df36c39cad31b0bc%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&container_width=640&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&layout=button&locale=he_IL&mobile_iframe=true&sdk=joey
Frame ID: D311B696172CB4649E179B735505FB49
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
Frame ID: 9FF2018357B33FFC354D61FDF47CEA70
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/feedback.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd7%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&colorscheme=light&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&locale=he_IL&numposts=10&sdk=joey&skin=light&version=v2.6&width=730
Frame ID: 99A65B65D98ADA030D04D88EF371ADDC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 29B0604EEEF94A63DD18783B4DEE5FF1
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: FE807273312764B642C1101A6EC417AB
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 73CFAB6670B136C1742FBE21ED41E6B4
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 82A34301E4FAF30959A0803FCB1B2BC2
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: A388BE4ACAEAB61D5B6A533B8583866B
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 2E6728C5D3405A3034BD4F83712D6324
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: A0308366A94775656713AD96329E630F
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 0B7482C59526167C976894D029CA2CAB
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: AE35F34A648F8FA2CD52C7278B5BD8EC
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 1945044388468E9FD1CD464A0C2607EB
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: B76083F2B21999230313950615662145
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: DA135C8D6CC9491F10E979E720054252
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 59E2085370150C1C1E4E420D067C74ED
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: D5B628640CEF77871962D3E60D867FAD
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011533168552513/amp4ads-v0.js
Frame ID: DF0B7942A50F53E2A461730F3A176B56
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: FA0B429DB98B19341FEE12FA100300D7
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 897EDA8289250A1CCA251C83D2BE8533
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: D6AC016A52F6E0F4686874D151D1345C
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 91E4BCCFEEEBA1A1E572F4D6A43A618A
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/simgad/16452750522309980858
Frame ID: A9F32C4EBA911B53415BFDB5DCF95A9A
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: DE48BB9F06E64D98C643BE0CB8793F19
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/simgad/10129281688110050383
Frame ID: C2A30C8E6288EB5F63406605A103B59A
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 59F42DEC04DE9D7E3936488CC2459573
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 1F5E370BCC950C3E2B10537E0C1F4CCF
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: B0549C3207AC206A70371E1123B649BF
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/simgad/14428181134556396145
Frame ID: 25C12D4BF6736705508676D315BE1620
Requests: 6 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8EF28EEC7DA407B3430E0C1ED72DFD36
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.cb6df5c11eb74c4885e17101a777cb60.he.html
Frame ID: 6A9DE18B9285DCC71B5B7782C86E69C6
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.cb6df5c11eb74c4885e17101a777cb60.he.html
Frame ID: 50710386E1399550F1C685D7334DBAF9
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obFrame/obFrame.htm
Frame ID: 583A4556D397D86381F960F61BA710FB
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 94FFC93F1DBD130EDC9314C3E03AB18B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^_sf_(?:endpt|async_config)$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^googletag$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /modernizr(?:-([\d.]*[\d]))?.*\.js/i

New Relic (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^NREUM/i

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

env /^(?:OutbrainPermaLink|OB_releaseVer)$/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^twemoji$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

311
Requests

100 %
HTTPS

56 %
IPv6

25
Domains

38
Subdomains

35
IPs

4
Countries

3381 kB
Transfer

7749 kB
Size

15
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: http://crypto.geektime.co.il/
Title: קריפטו

Search URL Search Domain Scan URL

URL: https://geeklist.geektime.co.il/index_events.php
Title: אירועים

Search URL Search Domain Scan URL

URL: https://geeklist.geektime.co.il/index_services_gate.php
Title: אינדקס שירותים

Search URL Search Domain Scan URL

URL: https://geeklist.geektime.co.il/index_jobs.php
Title: Insider

Search URL Search Domain Scan URL

URL: https://files.geektime.co.il/wp-content/uploads/2018/08/office-620822_1280-1533476524-1024x680.jpg

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%9E%D7%94%20%D7%94%D7%A7%D7%A9%D7%A8%20%D7%91%D7%99%D7%9F%20%D7%A9%D7%9D%20%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%9C%D7%9E%D7%99%D7%97%D7%A9%D7%95%D7%91%20%D7%A2%D7%A0%D7%9F?%20%D7%95%D7%90%D7%9D%20%D7%94%D7%A1%D7%90%D7%91-%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%9E%D7%A4%D7%A0%D7%94%20%D7%9C%D7%A9%D7%A8%D7%AA%20%D7%A9%D7%94%D7%95%D7%90%20%D7%9C%D7%90%20%E2%80%9C%D7%A9...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124606
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://www.geektime.co.il/sub-domain-hijacking/
Title: שתפ/י ב Google

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%91%D7%9B%D7%93%D7%99%20%D7%9C%D7%90%D7%A4%D7%A9%D7%A8%20%D7%A9%D7%A9%D7%A8%D7%95%D7%AA%20%D7%94%D7%A2%D7%A0%D7%9F%20(%D7%AA%D7%9E%D7%99%D7%9B%D7%94,%D7%A0%D7%99%D7%94%D7%95%D7%9C%20%D7%9C%D7%A7%D7%95%D7%97%D7%95%D7%AA,%D7%9E%D7%A8%D7%A7%D7%98%D7%99%D7%A0%D7%92%20%D7%95%D7%9B%D7%95)%20%D7%99%D7%95%D7%A4%D7%99%D7%A2%20%D7%AA%D7%97%D7%AA%20%D7%94%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%A9%D7%9C%20%D7%94...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124608
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://takeover.cyberint.com/
Title: https://takeover.cyberint.com

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%9C%D7%90%20%D7%94%D7%91%D7%A0%D7%AA%D7%99%20%D7%90%D7%99%D7%9A%20%D7%91%D7%93%D7%99%D7%95%D7%A7%20%D7%91%D7%95%D7%91%20%D7%A8%D7%95%D7%A9%D7%9D%20%D7%90%D7%AA%20%D7%94%D7%A1%D7%90%D7%91%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F??%20%D7%94%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%91%D7%91%D7%A2%D7%9C%D7%95%D7%AA%20%D7%94%D7%90%D7%A8%D7%92%D7%95%D7%9F%20%D7%A9%D7%9C%20%D7%90%D7%9C%D7%99%D7%A1.%20%D7%90%D7%9C...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124625
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%A0%D7%A8%D7%90%D7%9C%D7%99%20%D7%94%D7%9B%D7%95%D7%95%D7%A0%D7%94%20%D7%9C%D7%97%D7%98%D7%99%D7%A4%D7%94%20%D7%A9%D7%9C%20%D7%A1%D7%90%D7%91%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%91%D7%97%D7%91%D7%A8%D7%94%20%D7%90%D7%97%D7%A8%D7%AA%20%D7%9B%D7%9E%D7%95%20%D7%9C%D7%9E%D7%A9%D7%9C%20%D7%94%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%D7%A9%D7%9C%20%D7%91%D7%9C%D7%95%D7%92%D7%A1%D7%A4%D7%95%D7%98%20%D7%A9%D7%90%D7%AA%D7%94%20...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124638
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%9C%D7%90%20%D7%94%D7%A6%D7%9C%D7%97%D7%AA%D7%99%20%D7%9C%D7%94%D7%91%D7%99%D7%9F%20%D7%90%D7%99%D7%9A%20%D7%94%D7%97%D7%98%D7%99%D7%A4%D7%94%20%D7%9E%D7%AA%D7%91%D7%A6%D7%A2%D7%AA%20%D7%91%D7%A8%D7%9E%D7%94%20%D7%94%D7%98%D7%9B%D7%A0%D7%99%D7%AA.%D7%9E%D7%90%D7%99%D7%A4%D7%94%20%D7%9C%D7%90%D7%99%D7%A4%D7%94%20%D7%94%D7%94%D7%90%D7%A7%D7%A8%20%D7%A2%D7%95%D7%A9%D7%94%20%D7%90%D7%AA%20%D7%94%D7%94%D7%A4%D7%A0...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124628
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%90%D7%91%D7%9C%20%D7%90%D7%AA%D7%94%20%D7%9C%D7%90%20%D7%99%D7%9B%D7%95%D7%9C%20%D7%9C%D7%94%D7%A4%D7%A0%D7%95%D7%AA%20%D7%A1%D7%90%D7%91%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%A9%D7%9C%D7%90%20%D7%A9%D7%99%D7%99%D7%9A%20%D7%9C%D7%9A%20%D7%9C%D7%90%D7%AA%D7%A8%20%D7%A9%D7%90%D7%AA%D7%94%20%D7%A8%D7%95%D7%A6%D7%94%E2%80%A6.%D7%9B%D7%93%D7%99%20%D7%9C%D7%91%D7%A6%D7%A2%20...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124643
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%90%D7%A0%D7%99%20%D7%90%D7%A0%D7%A1%D7%94%20%D7%9C%D7%94%D7%A1%D7%91%D7%99%D7%A8%20%D7%90%D7%AA%20%D7%94%D7%AA%D7%94%D7%9C%D7%99%D7%9A%20%D7%91%D7%A6%D7%95%D7%A8%D7%94%20%D7%A4%D7%A9%D7%95%D7%98%D7%94%20%D7%99%D7%95%D7%AA%D7%A8:%20%D7%A8%D7%95%D7%91%20%D7%A9%D7%99%D7%A8%D7%95%D7%AA%D7%99%20%D7%94%D7%A2%D7%A0%D7%9F%20%D7%A9%D7%9E%D7%90%D7%A4%D7%A9%D7%A8%D7%99%D7%9D%20%D7%9C%D7%9A%20%D7%9C%D7%94%D7%A4%D7%A0%D7%95...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124669
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%9E%D7%94%20%D7%A9%D7%90%D7%A0%D7%99%20%D7%9C%D7%90%20%D7%9E%D7%91%D7%99%D7%9F%20%D7%96%D7%94,%20%D7%91%D7%99%D7%98%D7%9C%D7%AA%20%D7%90%D7%AA%20%D7%A9%D7%99%D7%A8%D7%95%D7%AA%20%D7%94%D7%A2%D7%A0%D7%9F%20%D7%91%D7%9B%D7%AA%D7%95%D7%91%D7%AA%20abc.cloudservice.test%20%D7%95%D7%A2%D7%93%D7%99%D7%99%D7%9F%20%D7%94...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124696
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%99%D7%A9%20%D7%9E%D7%A9%D7%94%D7%95%20%D7%A9%D7%90%D7%AA%D7%94%20%D7%9E%D7%A4%D7%A1%D7%A4%D7%A1,%20%D7%94%D7%9E%D7%90%D7%9E%D7%A8%20%D7%94%D7%A0%E2%80%9D%D7%9C%20%D7%9E%D7%A6%D7%99%D7%92%20%D7%93%D7%A8%D7%9A%20%D7%A9%D7%AA%D7%95%D7%A7%D7%A3%20%D7%99%D7%9B%D7%95%D7%9C%20%E2%80%9C%D7%9C%D7%97%D7%98%D7%95%D7%A3%E2%80%9D%20...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124698
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%9C%D7%90%20%D7%9E%D7%95%D7%91%D7%9F%20%D7%9C%D7%99%20%D7%9C%D7%9E%D7%94%20%D7%94%D7%AA%D7%9B%D7%95%D7%95%D7%9F%20%D7%94%D7%9E%D7%A9%D7%95%D7%A8%D7%A8.%D7%90%D7%9C%D7%99%D7%A1%20%D7%A2%D7%93%D7%99%D7%99%D7%9F%20%D7%94%D7%91%D7%A2%D7%9C%D7%99%D7%9D%20%D7%A9%D7%9C%20alice-corp.com?%20%D7%90%D7%9D%20%D7%9B%D7%9F,%20%D7%90%D7%96%20...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124647
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%9B%D7%99%20%D7%94%D7%95%D7%90%20%D7%99%D7%9B%D7%95%D7%9C%20%D7%9C%D7%94%D7%A8%D7%A9%D7%9D%20%D7%9C%D7%90%D7%95%D7%AA%D7%95%20%D7%A9%D7%99%D7%A8%D7%95%D7%AA%20%D7%A9%D7%90%D7%99%D7%A8%D7%97%20%D7%90%D7%AA%20%D7%94%D7%9B%D7%AA%D7%95%D7%91%D7%AA%20support.alice-corp.com%20%D7%91%D7%97%D7%A9%D7%91%D7%95%D7%9F%20%D7%9E...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124651
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%AA%D7%95%D7%93%D7%94%20%D7%A2%D7%9C%20%D7%94%D7%94%D7%A1%D7%91%D7%A8,%20%D7%90%D7%91%D7%9C%20%D7%9E%D7%94%20%D7%A9%D7%9C%D7%90%20%D7%9E%D7%95%D7%91%D7%9F%20%D7%9C%D7%99%20%D7%94%D7%95%D7%90%20%D7%94%D7%9E%D7%A9%D7%A4%D7%98%20%D7%94%D7%91%D7%90:%E2%80%9C%D7%94%D7%94%D7%A7%D7%A6%D7%90%D7%94%20%D7%9E%D7%AA%D7%90%D7%A4%D7%A9%D7%A8%D7%AA,%20%D7%9B%D7%90%D7%9E%D7%95%D7%A8...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124655
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%91%D7%95%D7%91%20%D7%90%D7%99%D7%A0%D7%95%20%D7%9E%D7%91%D7%A7%D7%A9%20%D7%91%D7%A2%D7%9C%D7%95%D7%AA%20%D7%A2%D7%9C%20%D7%94%D7%A1%D7%90%D7%91%20%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F,%20%D7%94%D7%95%D7%90%20%D7%9E%D7%A7%D7%A6%D7%94%20%D7%90%D7%AA%20%D7%94%D7%A1%D7%90%D7%91%20%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%9F%20%D7%9C%D7%A2%D7%A6%D7%9E%D7%95%20%D7%9B%D7%A9%D7%9D%20%D7%A9%D7%A2%D7%A9%D7%AA%D7%94%20%D7%90...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124661
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%AA%D7%95%D7%93%D7%94%20%D7%A8%D7%91%D7%94%20%D7%96%D7%94%20%D7%9E%D7%94%20%D7%A9%D7%A9%D7%99%D7%A2%D7%A8%D7%AA%D7%99%20%D7%90%D7%91%D7%9C%20%D7%9C%D7%90%20%D7%94%D7%99%D7%94%20%D7%9C%D7%99%20%D7%9E%D7%95%D7%91%D7%9F.%20%D7%9C%D7%90%20%D7%A8%D7%90%D7%99%D7%AA%D7%99%20/%20%D7%A4%D7%A1%D7%A4%D7%A1%D7%AA%D7%99%20%D7%A9%D7%90%D7%9C%D7%99%D7%A1%20%D7%94%D7%AA%D7%91%D7%A7%D7%A9%D7%94%20%D7%9C%D7%94%D7%95...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124678
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=%D7%A9%D7%90%D7%9C%D7%95%20%D7%99%D7%94%D7%99%D7%95%20%D7%94%D7%A6%D7%A8%D7%95%D7%AA%20%D7%A9%D7%9C%D7%A0%D7%95%E2%80%A6...%20https://www.geektime.co.il/sub-domain-hijacking/#comment-124689
Title: שתפ/י ב Twitter

Search URL Search Domain Scan URL

URL: https://www.calcalist.co.il/local/articles/0,7340,L-3743541,00.html?utm_source=Outbrain&utm_medium=cpc&utm_campaign=Calcalistdesktop2016&obOrigUrl=true
Title:

Search URL Search Domain Scan URL

URL: https://www.outbrain.com/what-is/default/he
Title: Recommended by

Search URL Search Domain Scan URL

URL: http://www.twitter.com/geektimecoil

Search URL Search Domain Scan URL

URL: https://www.facebook.com/geektimecoil

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/b/114065798673118050087/114065798673118050087/posts

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/newsgeekcoil

Search URL Search Domain Scan URL

URL: http://www.instagram.com/geektimecoil

Search URL Search Domain Scan URL

URL: https://t.me/geektimecoil

Search URL Search Domain Scan URL

URL: https://geeklist.geektime.co.il/index_services.php
Title: אינדקס שרותים

Search URL Search Domain Scan URL

URL: http://uniqui.co.il/
Title: Uniq UI

Search URL Search Domain Scan URL

URL: http://codeart.co.il/
Title: CodeArt

Search URL Search Domain Scan URL

URL: https://www.enable.co.il/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 112

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j68&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&gjid=1662850540&_gid=1169463901.1533674785&_u=aGBAgEAB~&z=1033677540 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&_v=j68&z=1033677540 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&_v=j68&z=1033677540&slf_rd=1&random=3525063263

Request Chain 174

https://www.facebook.com/connect/ping?client_id=540285849347093&domain=www.geektime.co.il&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df2403c56597fdc8%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.10 HTTP 302
https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42

Request Chain 175

https://www.facebook.com/plugins/comments.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd7%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&colorscheme=light&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&locale=he_IL&numposts=10&sdk=joey&skin=light&version=v2.6&width=730 HTTP 302
https://www.facebook.com/plugins/feedback.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd7%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&colorscheme=light&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&locale=he_IL&numposts=10&sdk=joey&skin=light&version=v2.6&width=730

Request Chain 333

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

311 HTTP transactions
48 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.geektime.co.il/sub-domain-hijacking/ 210 KB
44 KB 130ms
108ms Document
text/html 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache /

Resource Hash

ea2abda31b399e852f749abc8f606aa6759b01b3cb44ce31ba3c92343c13213a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: www.geektime.co.il
:scheme: https
:path: /sub-domain-hijacking/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8

Response headers

status: 200
date: Tue, 07 Aug 2018 20:46:24 GMT
content-type: text/html; charset=UTF-8
server: Apache
link: <https://www.geektime.co.il/wp-json/>; rel="https://api.w.org/" <https://www.geektime.co.il/?p=375801>; rel=shortlink
last-modified: Tue, 07 Aug 2018 20:29:55 GMT
expires: Tue, 07 Aug 2018 21:29:55 GMT
pragma: public
cache-control: max-age=2611, public
etag: "43f97b49471a1ee5192441f20bdba528"
content-encoding: gzip
vary: Accept-Encoding,User-Agent
referrer-policy
set-cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; expires=Wed, 07 Aug 2019 08:41:56 GMT; path=/; Domain=.geektime.co.il nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; path=/; Domain=.geektime.co.il incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; path=/; Domain=.geektime.co.il
strict-transport-security: max-age=31536000
x-iinfo: 4-23152962-23152963 NNNN CT(22 23 0) RT(1533674783793 0) q(0 0 1 0) r(1 1) U18
x-cdn: Incapsula

GET
H2 200 style.css
www.geektime.co.il/wp-content/themes/geektime/css/ 139 KB
20 KB 102ms
99ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

70325c9ba463b00ed0b5b5c3500f36b00b92a4e2283d4c278b60039aecbbfdec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152978-23149759 2VNN RT(1533674783906 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 20729
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 responsive.css
www.geektime.co.il/wp-content/themes/geektime/css/ 11 KB
3 KB 40ms
36ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/responsive.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

5e37c3d26457aee8229bd15d720d6b796669e4e95cfdc624ad6450ab6cf6486f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/responsive.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152979-23152980 2VNN RT(1533674783908 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 2807
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 variables.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 164 B
348 B 37ms
33ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/variables.js?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

e1be30e5cd0423ca5b025535c575409ea0e2ef4aa38bfd2200d64b8b426d0570

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/variables.js?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23152982-23152383 2VNN RT(1533674783910 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 154
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 ga.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 411 B
380 B 45ms
40ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/ga.js?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6c3c022b6d502745353913db0b96274f2f316a056b2b5fd7018ea23d1ecdbd9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/ga.js?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23152983-23152984 2VNN RT(1533674783911 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 293
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:81c::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 18 May 2018 01:10:24 GMT
server: Golfe2
age: 6456
date: Tue, 07 Aug 2018 18:58:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 14386
expires: Tue, 07 Aug 2018 20:58:48 GMT

GET
H2 200 styles.css
www.geektime.co.il/wp-content/plugins/contact-form-7/includes/css/ 1 KB
722 B 108ms
104ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/contact-form-7/includes/css/styles.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

86b0044f1965f3cebf0a2e54758ebe7b9ec75244b75886646acf078222af6c50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/contact-form-7/includes/css/styles.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152981-23152054 2VNN RT(1533674783909 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 635
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 styles-rtl.css
www.geektime.co.il/wp-content/plugins/contact-form-7/includes/css/ 151 B
211 B 50ms
46ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6179580d96402085861df064616068ac1098d121fad2ff70d260235afe9563bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152985-23149744 2VNN RT(1533674783912 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 125
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 style.css
www.geektime.co.il/wp-content/plugins/geektime-plugin-related-posts/view/assets/css/ 1 KB
550 B 64ms
60ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/geektime-plugin-related-posts/view/assets/css/style.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

3cda7b7d37cc3fe2f8ab8e168c66e390e7ad152839e0d90a8986ff1a970bcc66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/geektime-plugin-related-posts/view/assets/css/style.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152986-23152383 2VNN RT(1533674783914 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 463
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 video-container.min.css
www.geektime.co.il/wp-content/plugins/simple-embed-code/css/ 219 B
236 B 65ms
61ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/simple-embed-code/css/video-container.min.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

9d2b25c42be6d0e04de1e1311f439098212b4d1422b9d8891e2fddee68cb7e41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/simple-embed-code/css/video-container.min.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152987-23152980 2VNN RT(1533674783915 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 150
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 font-awesome.min.css
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/css/ 28 KB
7 KB 140ms
136ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/css/font-awesome.min.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

ed0f05101d480726c58bcd4956a1e7b02f12b538d02058f1b0ebfdabe8a7ef42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/css/font-awesome.min.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152988-23151124 2VNN RT(1533674783919 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 6552
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wpdiscuz.css
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/css/ 40 KB
8 KB 76ms
72ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

b0fc3a1a1e83521a68f7e800ee748ae313de181958e1ab587b434e9136a9a516

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/css/wpdiscuz.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152990-23152984 2VNN RT(1533674783923 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 8219
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wpdiscuz-rtl.css
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/css/ 12 KB
3 KB 134ms
130ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-rtl.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

18d6b5768e277123f7cef486176e5cf5bc8a362a6b981e2faeaf2e5303324e4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-rtl.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152991-23153051 2VNN RT(1533674783924 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 3083
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.jscrollpane.css
www.geektime.co.il/wp-content/themes/geektime/css/ 1 KB
515 B 134ms
131ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/jquery.jscrollpane.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

a000cfb886968b9b8408c78c30e614914fbb6787be460321330ecba8b5f410fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/jquery.jscrollpane.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152992-23153052 2VNN RT(1533674783924 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 428
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 flexslider.css
www.geektime.co.il/wp-content/themes/geektime/css/ 3 KB
1 KB 101ms
97ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/flexslider.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

1ea31985947b3903220f7059b406875f234840aae132c6a3f23edec4a088b772

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/flexslider.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152993-23152383 2VNN RT(1533674783925 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 1237
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 colorbox.css
www.geektime.co.il/wp-content/themes/geektime/css/ 4 KB
1 KB 126ms
122ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/colorbox.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

5d6ea0354e46411a4768146fbe42d75c1a94c0ffaf036080f30c64bbc2538365

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/colorbox.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152994-23149759 2VNN RT(1533674783926 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 1445
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 dashicons.min.css
www.geektime.co.il/wp-includes/css/ 45 KB
28 KB 126ms
123ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/css/dashicons.min.css?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

d0df2ff25fded9e43a0cfa5159393d4482725bfb390e8ca94f34da85b5304117

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/css/dashicons.min.css?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152995-23152383 2VNN RT(1533674783926 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 28598
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 thickbox.css
www.geektime.co.il/wp-includes/js/thickbox/ 3 KB
1019 B 131ms
128ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/thickbox/thickbox.css?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

77d3ee8b636b3b821e24ca9c40ede8ec0e214097ed01dba8feaaa7e55232c8f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/thickbox/thickbox.css?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152996-23152984 2VNN RT(1533674783926 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 932
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
S 200 jquery-ui.css
ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/ 31 KB
6 KB 9ms
6ms Stylesheet
text/css 2a00:1450:4001:81e::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css?ver=4.9.7

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24f099c92866d88ba834404372c3c1ad21bf305e9c501cb8089e520fdd3a63a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 13:31:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2186089
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 5862
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 13:31:35 GMT

GET
H2 200 insider.css
www.geektime.co.il/wp-content/themes/geektime/widgets/insider/ 1 KB
517 B 153ms
150ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/widgets/insider/insider.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

778b4ec12cc2cabb37a28462dfa9dc3451d81f68f84f707d33127e0ab9601b86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/widgets/insider/insider.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152997-23153078 2VNN RT(1533674783927 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 430
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 colorbox.min.css
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/ 3 KB
1 KB 153ms
150ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/colorbox.min.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

cc68cd6051116d5521a1fa8e5636333ce974d91f5dc007d2359300b2d7b995a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/colorbox.min.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23152999-23149037 2VNN RT(1533674783928 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 952
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wmu-frontend.css
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/ 8 KB
2 KB 155ms
152ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

9deed3709dfd7f7910b6e686ca417ff3e49fc4fa8b7d9a1cab87e15477872ba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23153000-23152383 2VNN RT(1533674783928 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 1478
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wmu-frontend-rtl.css
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/ 1 KB
361 B 157ms
154ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend-rtl.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

44d45b5b1597f9fdcf7789ca9c65a15e1df5061d8a6e57b84008e251b55cbf11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend-rtl.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23153001-23152984 2VNN RT(1533674783929 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 274
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 default-rtl.min.css
www.geektime.co.il/wp-content/plugins/tablepress/css/ 6 KB
3 KB 158ms
155ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/tablepress/css/default-rtl.min.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

f2500706bf4bb8cb9a571c63e5f08495231324adc2e3ce5e5eef14f41ae0e46d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/tablepress/css/default-rtl.min.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23153002-23153052 2VNN RT(1533674783930 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 2747
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 94 KB
33 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:81e::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 10:31:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2110476
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 33507
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 10:31:48 GMT

GET
H2 200 jquery.cookie.min.js Show response
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/cookie/ 1 KB
786 B 181ms
179ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/cookie/jquery.cookie.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

36618cc83f71bf0f34f4be177ee4ecd1bb6247e1ad854d573e868c8d13d3c4db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/third-party/cookie/jquery.cookie.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153004-23152984 2VNN RT(1533674783931 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 700
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.autogrowtextarea.min.js Show response
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/autogrow/ 1 KB
644 B 229ms
227ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/autogrow/jquery.autogrowtextarea.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

892550c2f7e3a2fadd14b29dd50f9492a2ef5ea402d8cae6989b20a29322ed2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/third-party/autogrow/jquery.autogrowtextarea.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153005-23153090 2VNN RT(1533674783931 0) q(0 1 1 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 450
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wpdiscuz.js Show response
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/js/ 31 KB
7 KB 189ms
187ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

32c3252ea737fd55e44434f8ac436f4fdb44a7ea32cd721de2e6ab9f67cf7a7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/js/wpdiscuz.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153006-23153052 2VNN RT(1533674783931 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 6994
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.mousewheel.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 1 KB
638 B 205ms
202ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/jquery.mousewheel.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

c0a7b7b39297e2aa6d70e15c56eee918cfe6c14265b5438aa6446c8a47dee8e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/jquery.mousewheel.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153007-23152383 2VNN RT(1533674783932 0) q(0 1 1 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 551
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.jscrollpane.min.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 14 KB
5 KB 204ms
202ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/jquery.jscrollpane.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

525e66f2e5c00d2e162a78a2292fb7643011a5cc51b799b3c518c012911d4138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/jquery.jscrollpane.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153008-23149037 2VNN RT(1533674783932 0) q(0 1 1 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 4690
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.flexslider-min.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 16 KB
5 KB 204ms
203ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/jquery.flexslider-min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

be089916f0daa598e6b1a8470e1ec90b13314fe54618706b3e01cced331d9337

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/jquery.flexslider-min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153009-23151124 2VNN RT(1533674783933 0) q(0 1 1 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 5033
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.colorbox-min.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 10 KB
4 KB 204ms
203ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/jquery.colorbox-min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

9fd7e7878bc2008a0f22feedd5f449f6aafea6cbbd0fa72197ba06b4ec971e23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/jquery.colorbox-min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153010-23153051 2VNN RT(1533674783934 0) q(0 1 1 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 4363
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 effect.min.js Show response
www.geektime.co.il/wp-includes/js/jquery/ui/ 13 KB
5 KB 232ms
231ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/jquery/ui/effect.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

2ec83a308ac8145fad56f6cafa5539065ca2125be89294950e0b5c38d4f31427

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/jquery/ui/effect.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153012-23153089 2VNN RT(1533674783935 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 5016
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 effect-slide.min.js Show response
www.geektime.co.il/wp-includes/js/jquery/ui/ 732 B
525 B 230ms
228ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/jquery/ui/effect-slide.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

fbfed9139e5dbb16fbb5b9f7fbb706aa638e9bb28d27586651e93b787b28f6d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/jquery/ui/effect-slide.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153013-23153083 2VNN RT(1533674783935 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 438
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 functions.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 6 KB
2 KB 233ms
232ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/functions.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

4949e7caad645b93da53e2ca080e6abd82946f60113eb8a5734e231d14c99283

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/functions.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153014-23152383 2VNN RT(1533674783935 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 1537
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 jquery.colorbox.min.js Show response
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/ 13 KB
5 KB 254ms
253ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/jquery.colorbox.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6aa77f37462df432b67f5385517da06bae358e57f3cd1367eb08546df0fe4264

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/jquery.colorbox.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153015-23153090 2VNN RT(1533674783936 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 4869
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wmu-multiple.min.js Show response
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/js/ 5 KB
2 KB 258ms
257ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/js/wmu-multiple.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

1c9d00df117d6c1a27fdf759fa06ff4ffb7dcba92bdf2f15cca4532e8ecc3d55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/js/wmu-multiple.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153016-23152984 2VNN RT(1533674783936 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 1618
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
S 200 gpt.js Show response
www.googletagservices.com/tag/js/ 20 KB
8 KB 55ms
41ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f3895e13214b1592d9afcd937198db48ca9b595f4c44f02d7fff13d384c35af1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "6 / 115 of 1000 / last-modified: 1533651691"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7822
x-xss-protection: 1; mode=block
expires: Tue, 07 Aug 2018 20:46:24 GMT

GET
H2 200 mobile-menu-icon.svg
www.geektime.co.il/wp-content/themes/geektime/css/images/ 937 B
619 B 253ms
253ms Image
image/svg+xml 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/mobile-menu-icon.svg?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

12e4d16e573d049a5601c5eec6f9d0239cab3311acacb6ebeec4fb4f1adac952

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/mobile-menu-icon.svg?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153017-23152963 PNNN RT(1533674783937 0) q(0 2 2 -1) r(2 2) U18
content-length: 466
pragma: public
referrer-policy
server: Apache
etag: "3a9-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=31536000, public, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 logo.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 2 KB
2 KB 253ms
253ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/logo.png?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6b518d799a86766cd92562bf914e914f7d1614b2d740ce8a9f94c08475093d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/logo.png?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153018-23149037 2VNN RT(1533674783937 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 2458
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 office-620822_1280-1533476524-768x510.jpg
files.geektime.co.il/wp-content/uploads/2018/08/ 43 KB
44 KB 78ms
18ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2018/08/office-620822_1280-1533476524-768x510.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6a3b8e9bc88946f5d002772fee42686a7539713f777b242d288d15a99fedb73

Request headers

:path: /wp-content/uploads/2018/08/office-620822_1280-1533476524-768x510.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:05:10 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Sun, 05 Aug 2018 13:42:09 GMT
server: AmazonS3
age: 2475
etag: "bd7f001eaca67d4f0ae3a037d2ed8567"
x-cache: Hit from cloudfront
x-amz-version-id: Y.VISxxFaRg98Azjf8TcoExoFbR.wgE5
status: 200
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 44283
x-amz-cf-id: qwwLBcjfQNM5a-wLP2PejFoU7V1Ye8WEwQgYuAQ0XY-NkXge2QBSoA==

GET
S 200 39732c0688bcb8e9d1d63efbd298715f
secure.gravatar.com/avatar/ 2 KB
2 KB 24ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/39732c0688bcb8e9d1d63efbd298715f?s=120&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: c50ccf068acb226c5a15e6322a724fae8cec6e6a36412a742a1ea2338ebad8b4

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 136387
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="39732c0688bcb8e9d1d63efbd298715f.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/39732c0688bcb8e9d1d63efbd298715f?s=120&d=mm&r=g>; rel="canonical"
content-length: 1770
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
H2 200 GettyImages-94940243-1533450967-500x500.jpg
files.geektime.co.il/wp-content/uploads/2018/08/ 65 KB
66 KB 102ms
43ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2018/08/GettyImages-94940243-1533450967-500x500.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b39ea2d5e637e7d8de0e7ea8dd05f3c8c620dcc19206a5d7b576c2f6cecffe0

Request headers

:path: /wp-content/uploads/2018/08/GettyImages-94940243-1533450967-500x500.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 05 Aug 2018 10:35:04 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Sun, 05 Aug 2018 06:36:16 GMT
server: AmazonS3
age: 2475
etag: "5a9799f52c3b3017b21b09b9c04b5fdc"
x-cache: Hit from cloudfront
x-amz-version-id: zc6Yfvzy953ydUtz.u6b0EbtkkHdjyw8
status: 200
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 66635
x-amz-cf-id: kDwRZNIwW-vtXJF6XS4H8tr2AJbhxmLrMXiFw-QHy22rRv8kUXYHsw==

GET
H2 200 whatsapp-1789194_1920-1533190962-500x500.jpg
files.geektime.co.il/wp-content/uploads/2018/08/ 47 KB
48 KB 92ms
33ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2018/08/whatsapp-1789194_1920-1533190962-500x500.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 738a1aa9736899876992eb810f169b3e682bbdbe12ceedccaa2914ebbd1c11ac

Request headers

:path: /wp-content/uploads/2018/08/whatsapp-1789194_1920-1533190962-500x500.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:05:10 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Thu, 02 Aug 2018 06:22:50 GMT
server: AmazonS3
age: 2475
etag: "dc9fb195c0ec16b8300f2937024846bc"
x-cache: Hit from cloudfront
x-amz-version-id: KSEA_W4YfwG9qwDWW0g7N9sN0s6v4J3V
status: 200
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 48432
x-amz-cf-id: qhF591-XBGy9TcNDMfmgqTpng9MLz3q7ydedvX2CBMJH4izwgulSJg==

GET
S 200 /
secure.gravatar.com/avatar/ 1021 B
1 KB 25ms
7ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/?s=48&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 37a3bd7bc7328f0ead2c0f6f635dddf60615e676e6b4ddf964144012e529de45

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 737347
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="none.png"
accept-ranges: bytes
link: <http://www.gravatar.com/avatar/?s=48&d=mm&r=g>; rel="canonical"
content-length: 1021
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 c0aae8c82bb977b0068eb2efd481862f
secure.gravatar.com/avatar/ 1 KB
1 KB 25ms
7ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/c0aae8c82bb977b0068eb2efd481862f?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 1
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 180627
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="c0aae8c82bb977b0068eb2efd481862f.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/c0aae8c82bb977b0068eb2efd481862f?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 1bc8ce773c46e424787a05fca2729be4
secure.gravatar.com/avatar/ 1 KB
1 KB 25ms
7ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/1bc8ce773c46e424787a05fca2729be4?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 177486
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="1bc8ce773c46e424787a05fca2729be4.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/1bc8ce773c46e424787a05fca2729be4?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 daec2317326842ec49514e2d17316085
secure.gravatar.com/avatar/ 1 KB
1 KB 15ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/daec2317326842ec49514e2d17316085?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 133718
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="daec2317326842ec49514e2d17316085.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/daec2317326842ec49514e2d17316085?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 88e0c64c631ee370f7e101a5822433b6
secure.gravatar.com/avatar/ 1 KB
1 KB 9ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/88e0c64c631ee370f7e101a5822433b6?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 1
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 226523
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="88e0c64c631ee370f7e101a5822433b6.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/88e0c64c631ee370f7e101a5822433b6?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 c8a2f371f1dff3850798c590129992a8
secure.gravatar.com/avatar/ 1 KB
1 KB 8ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/c8a2f371f1dff3850798c590129992a8?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 736999
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="c8a2f371f1dff3850798c590129992a8.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/c8a2f371f1dff3850798c590129992a8?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 807c9c4869bf59d623549d91098ed723
secure.gravatar.com/avatar/ 1 KB
1 KB 8ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/807c9c4869bf59d623549d91098ed723?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 66702
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="807c9c4869bf59d623549d91098ed723.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/807c9c4869bf59d623549d91098ed723?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 d5212adc8ed3b89685efbeb7d305dc55
secure.gravatar.com/avatar/ 1 KB
1 KB 8ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/d5212adc8ed3b89685efbeb7d305dc55?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Sat, 19 Oct 2013 22:34:58 GMT
server: nginx
source-age: 111640
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="d5212adc8ed3b89685efbeb7d305dc55.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/d5212adc8ed3b89685efbeb7d305dc55?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 ac060d91ad375f709d7bcd34345b2f8b
secure.gravatar.com/avatar/ 1 KB
1 KB 9ms
7ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/ac060d91ad375f709d7bcd34345b2f8b?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 204829
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="ac060d91ad375f709d7bcd34345b2f8b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ac060d91ad375f709d7bcd34345b2f8b?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
S 200 f4294c704c62218ea8825940a1add874
secure.gravatar.com/avatar/ 1 KB
1 KB 9ms
7ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f4294c704c62218ea8825940a1add874?s=64&d=mm&r=g
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 30335
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f4294c704c62218ea8825940a1add874.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f4294c704c62218ea8825940a1add874?s=64&d=mm&r=g>; rel="canonical"
content-length: 1163
expires: Tue, 07 Aug 2018 20:51:24 GMT

GET
H2 200 loading.gif
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/img/ 3 KB
3 KB 250ms
250ms Image
image/gif 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/img/loading.gif?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

55bd462226c18a45c9d76d8677480bb8d12109d268071c929ff2c20dbbf7f1c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/img/loading.gif?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-iinfo: 4-23153020-23153051 2VNN RT(1533674783938 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 3180
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H/1.1 200
OK outbrain.js Show response
widgets.outbrain.com/ 70 KB
26 KB 28ms
9ms Script
application/x-javascript 2.18.234.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 58720307d768aa7981cb49516d5b0296322bb169a62cc8ac04a4d514c86251f8

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:24 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Aug 2018 12:02:44 GMT
Server: Apache
ETag: "eb731e7a1a403b7d1d700bf638e36af8:1533643364"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25975

GET
H2 200 loading.gif
www.geektime.co.il/wp-content/themes/geektime/css/images/ 9 KB
9 KB 251ms
251ms Image
image/gif 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/loading.gif?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

68da1f260e79b15d2d5ca9aee0b05e2243ee47cca9d732b3625f4bbb1b77b8bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/loading.gif?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-iinfo: 4-23153021-23152383 2VNN RT(1533674783939 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 9427
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 geek.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 3 KB
3 KB 279ms
279ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/geek.png?x35493

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

7ccc6697afe14eb6322e9348dbe173e27ccc81e003342d91f29471627721dbf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/geek.png?x35493
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153022-23153138 2VNN RT(1533674783940 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 3150
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 widget.css
www.geektime.co.il/wp-content/plugins/geektime-plugin-widget/view/css/ 2 KB
894 B 145ms
143ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/geektime-plugin-widget/view/css/widget.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

99a0cc2e26cd8bcf6be423f397fca4e590241e7ae28db7e9fb1b0a572c715acb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/geektime-plugin-widget/view/css/widget.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23153023-23153083 2VNN RT(1533674783940 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 807
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 widget-rtl.css
www.geektime.co.il/wp-content/plugins/geektime-plugin-widget/view/css/ 56 B
155 B 160ms
157ms Stylesheet
text/css 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/geektime-plugin-widget/view/css/widget-rtl.css?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

27eecbbd20f875d179cb3fd9430b864382189112a700ef87744bc694963b6308

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/geektime-plugin-widget/view/css/widget-rtl.css?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: text/css
status: 200
x-iinfo: 4-23153024-23153078 2VNN RT(1533674783941 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 69
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 comment-reply.min.js Show response
www.geektime.co.il/wp-includes/js/ 1 KB
676 B 270ms
268ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/comment-reply.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/comment-reply.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153025-23153140 2VNN RT(1533674783941 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 589
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 scripts.js Show response
www.geektime.co.il/wp-content/plugins/contact-form-7/includes/js/ 11 KB
3 KB 267ms
264ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/contact-form-7/includes/js/scripts.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

a8eab3db9dd20f6a2ad02452fecc5db4d4051c2a5c8368b956ac2b2fbdf9d4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/contact-form-7/includes/js/scripts.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153026-23152984 2VNN RT(1533674783942 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 3379
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
S 200 init.js Show response
cdn.enable.co.il/licenses/enable-L2218jpqvxtlh2r-0718-5099/ 384 KB
103 KB 50ms
13ms Script
application/javascript 2400:cb00:2048:1::681b:a790
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.enable.co.il/licenses/enable-L2218jpqvxtlh2r-0718-5099/init.js?ver=1.3.0
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::681b:a790 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/5.6.30
Resource Hash: 1ff01a7ae67178a2091e5ff6fac3c9bb3aad9dfd204dfb6a15ebf3dbc1ba59cd

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
cf-cache-status: HIT
x-powered-by: PHP/5.6.30
status: 200
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: 'GET,HEAD,OPTIONS,POST,PUT', GET,HEAD,OPTIONS,POST,PUT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: '*', *
cache-control: public, max-age=28800
cf-polished: origSize=393255
access-control-allow-credentials: 'true', true
cf-ray: 446c97acf82b63d3-FRA
access-control-allow-headers: 'Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers', Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
expires: Wed, 08 Aug 2018 04:46:24 GMT

GET
H2 200 jquery.form.min.js Show response
www.geektime.co.il/wp-includes/js/jquery/ 16 KB
6 KB 267ms
265ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/jquery/jquery.form.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

3ffe72ec886b260bd3fbfb3047fe92e3a78d874d18d46269490dc63536a9188e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/jquery/jquery.form.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153027-23153051 2VNN RT(1533674783942 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 6090
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 thickbox.js Show response
www.geektime.co.il/wp-includes/js/thickbox/ 10 KB
3 KB 314ms
311ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/thickbox/thickbox.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

e087226aadb62a62d70155f11b5fe3f1d320b86fe0f1efad5ef31636ceb252f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/thickbox/thickbox.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153028-23153142 2VNN RT(1533674783942 0) q(0 2 2 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 2740
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 underscore.min.js Show response
www.geektime.co.il/wp-includes/js/ 16 KB
6 KB 269ms
267ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/underscore.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

ca6d57cfee3a41248c7967ac760b85c2424afe4de9ba114c94230c62fb32d47c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/underscore.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153029-23152383 2VNN RT(1533674783943 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 5674
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 shortcode.min.js Show response
www.geektime.co.il/wp-includes/js/ 3 KB
1 KB 299ms
297ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/shortcode.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

deec2a8bb1f58cc22032a11551c936182f34b3faeb693ef3a9536e4c2adfaf95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/shortcode.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153030-23153052 2VNN RT(1533674783943 0) q(0 2 2 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 1138
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 media-upload.min.js Show response
www.geektime.co.il/wp-admin/js/ 1 KB
710 B 299ms
297ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-admin/js/media-upload.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

fb18dc303d59ba8d8179acc3414a17ff4ec0f3f33a7417601bb9bfa5941a352b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-admin/js/media-upload.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153031-23153150 NNNN CT(0 0 0) RT(1533674783943 0) q(0 2 2 -1) r(3 3) U9
content-length: 586
pragma: public
referrer-policy
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
server: Apache
etag: "481-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 core.min.js Show response
www.geektime.co.il/wp-includes/js/jquery/ui/ 4 KB
2 KB 305ms
303ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/jquery/ui/core.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

f14da5f7c1b354763b83a4693a5ab31c090d27ffed48a7277c81805fe8c3c3ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/jquery/ui/core.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153032-23153138 2VNN RT(1533674783944 0) q(0 2 2 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 1697
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 widget.min.js Show response
www.geektime.co.il/wp-includes/js/jquery/ui/ 7 KB
3 KB 299ms
298ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/jquery/ui/widget.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

4510ab210aec47aae080c12222eec390d161cc1df39903b7d913853360215fff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/jquery/ui/widget.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153033-23153051 2VNN RT(1533674783944 0) q(0 2 2 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 2479
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 datepicker.min.js Show response
www.geektime.co.il/wp-includes/js/jquery/ui/ 35 KB
11 KB 323ms
322ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/jquery/ui/datepicker.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

f1d886f7cab134a530eaff578d56800d9ff174a92006062231ff850706399b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/jquery/ui/datepicker.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153034-23152984 2VNN RT(1533674783947 0) q(0 3 3 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 10881
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 insider.js Show response
www.geektime.co.il/wp-content/themes/geektime/widgets/insider/ 3 KB
1 KB 324ms
323ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/widgets/insider/insider.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

45f398bf1edd8f8578e6465d82f840e7c86dc76d6c6259315133ee55b2ed7ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/widgets/insider/insider.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153036-23153052 2VNN RT(1533674783950 0) q(0 3 3 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 961
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 new-tab.min.js Show response
www.geektime.co.il/wp-content/plugins/page-links-to/js/ 907 B
592 B 325ms
323ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/page-links-to/js/new-tab.min.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

b09b913e08fab359e017940041eb480f3447783a3bb2fc805cab0378c374024e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/page-links-to/js/new-tab.min.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153038-23149759 2VNN RT(1533674783952 0) q(0 3 3 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 504
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 wp-embed.min.js Show response
www.geektime.co.il/wp-includes/js/ 1 KB
839 B 332ms
331ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/wp-embed.min.js?x35493&ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/wp-embed.min.js?x35493&ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153040-23153138 2VNN RT(1533674783953 0) q(0 3 3 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 751
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 widget.js Show response
www.geektime.co.il/wp-content/plugins/geektime-plugin-widget/view/js/ 69 B
188 B 337ms
336ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/geektime-plugin-widget/view/js/widget.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

e10fd71086da69c7ddc8300928e89900017505ea1af6198337c54daa823f7451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/geektime-plugin-widget/view/js/widget.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153044-23149037 2VNN RT(1533674783955 0) q(0 3 3 -1) r(3 3) U18
cache-control: max-age=31536000, public
content-length: 77
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 polyfill.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 511 B
403 B 157ms
156ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/polyfill.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

93322785dcdbe5b5fc6d43db0795c0cfd339f9307da5014fbe7fb8798df3bbc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/polyfill.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153041-23149037 2VNN RT(1533674783954 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 316
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 responsive.js Show response
www.geektime.co.il/wp-content/themes/geektime/js/ 2 KB
1 KB 158ms
158ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/js/responsive.js?x35493&ver=1533580828

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

02b3e58eb3c170cccf25b3e6d6a6a1b10a53b5a9db3dbf275594de21799c21b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/js/responsive.js?x35493&ver=1533580828
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153042-23153089 2VNN RT(1533674783954 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 951
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.geektime.co.il/wp-includes/js/ 11 KB
4 KB 244ms
244ms Script
application/x-javascript 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-includes/js/wp-emoji-release.min.js?ver=1533580829

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

a0be121d953691a90de00ce456caa95ba8fc6ced658cd50f9ab66a84ccd246a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=1533580829
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
strict-transport-security: max-age=31536000
content-type: application/x-javascript
status: 200
x-iinfo: 4-23153076-23153051 2VNN RT(1533674784026 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 4175
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H/1.1 200
OK library.js Show response
geektimecoil.api.oneall.com/socialize/ 45 KB
12 KB 33ms
1ms Script
text/javascript 136.243.63.184
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://geektimecoil.api.oneall.com/socialize/library.js
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.243.63.184 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: xip08.oneall.com
Software: nginx /
Resource Hash: 2dabb68cc274e4c809640bb7baf9e7fcc898fdb0d8d16b825e1055e5fbd0a944

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: private
Date: Tue, 07 Aug 2018 20:46:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 26 May 2016 12:47:35 GMT
Server: nginx
X-Forwarded-Target: xuniform.oneall.com
Vary: Accept-Encoding
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
X-OneAll-Library-Base: 7.0c
Cache-Control: max-age=14400, private
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Content-Length: 12213
X-Cached: HIT
Expires: Wed, 08 Aug 2018 00:46:17 GMT

GET
S 200 adoric.js Show response
89915812.adoric-ads.com/ 86 KB
26 KB 889ms
281ms Script
text/javascript 54.230.44.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://89915812.adoric-ads.com/adoric.js

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.44.175 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-44-175.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

0f7100ecfbea17a9b9a38e793ef35534f05d1c852c3af91bf1ce8bc05a92a0d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"15644-1NM+/Pzk9BSY5PZAGTXj8ghj4+U"
x-download-options: noopen
strict-transport-security: max-age=15552000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/javascript; charset=utf-8
via: 1.1 4cef090fba24867bb1a518bc7c5a1e98.cloudfront.net (CloudFront)
cache-control: max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Credentials
x-amz-cf-id: r-8B6uYTqPaidfZ0zxhFrPoMy_r3CGAf6aoh4On-ScgEmfMbjVHn7g==

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 43 KB
14 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b6143b6b4d86918d18cd84b60ae0f37f74522fc145896a4f9645746070cb28d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 13455
x-xss-protection: 0
pragma: public
x-fb-debug: cQftIxqXMPLCloiUmGHr0jmRscZHrDm2ru96s1ckWydOVQdMgbzCbmAbB3Vhn23oq/nadLM+QC8i5Q5RBkzutg==
date: Tue, 07 Aug 2018 20:46:24 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 sdk.js Show response
connect.facebook.net/he_IL/ 218 KB
66 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/he_IL/sdk.js

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

1cbc5f96381bbcab87e4d03bb2f59ba20534469c88a13b265c11b580ea0c11a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-md5: dGtiw6V82idxYQgV8+/Ujg==
status: 200
content-length: 67506
x-xss-protection: 0
x-fb-debug: /kAhF7EmDuLrRMKiWcSkUXyfnxWvTFYj5ls1c/48EU9NsbDCN9IYVQ5X9fGljyOj2+zRKfEPSQ8ObwT6VOs+Og==
x-fb-content-md5: 0e3b7c45f7c457dc06acab4757d27c28
x-frame-options: DENY
etag: "653263a48f7a4d31faba0f08c45ee5d1"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 07 Aug 2018 20:48:27 GMT

GET
H/1.1 200
OK widget-c.js Show response
d29k50lkkhkjby.cloudfront.net/19762010-862c/5/ 745 B
1 KB 347ms
14ms Script
application/javascript 52.85.245.90
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d29k50lkkhkjby.cloudfront.net/19762010-862c/5/widget-c.js
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.245.90 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-245-90.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c160b4146398047774c4d0e00a8b8e3d8a0f0126a7da8cf35069213bd5594d3e

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 19 Sep 2016 11:29:25 GMT
Via: 1.1 1f0b42f241167f63f522e5c1d8579e22.cloudfront.net (CloudFront)
Last-Modified: Wed, 13 Jul 2016 05:31:22 GMT
Server: AmazonS3
Age: 1329144
ETag: "556703401437228aa49c78fd74a8807d"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Cache-Control: max-age=29030400, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 745
X-Amz-Cf-Id: k5EyFJ099dMpoGe0ku6088uMOsxuZEPkc3ReY4p8i3g-efQDaHZKjw==

GET
H2 200 icons.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 27 KB
27 KB 189ms
188ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/icons.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

dc086755ad466c79a7c36cf749c8395d39d1a6e9412e29b14a23158eddcf1821

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/icons.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "2b7d9481"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153098-23153052 2VNN RT(1533674784089 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 27475
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 line-sep2.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 84 B
181 B 189ms
188ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/line-sep2.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

f2814092c30f4857fc313c8abefbaa7c18a35e2c7c12134f448e3cd81166e2e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/line-sep2.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "eb759578"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153099-23153142 2VNN RT(1533674784090 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 84
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 new.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 7 KB
7 KB 189ms
188ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/new.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

31be7b8212ca468b7cb223642570c662f25cf9b6443cf164fc6b0a654cb0b087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/new.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "9a37f7eb"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153100-23152984 2VNN RT(1533674784090 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 6787
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 logo.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 2 KB
3 KB 196ms
195ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/logo.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6b518d799a86766cd92562bf914e914f7d1614b2d740ce8a9f94c08475093d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/logo.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:23 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "b4b91650"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153101-23153138 2VNN RT(1533674784091 0) q(0 2 2 -1) r(2 2) U18
cache-control: max-age=31536000, public
content-length: 2458
expires: Wed, 07 Aug 2019 20:46:23 GMT

GET
H2 200 opensanshebrew-bold-webfont.woff
www.geektime.co.il/wp-content/themes/geektime/css/fonts/ 14 KB
14 KB 40ms
40ms Font
application/font-woff 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/fonts/opensanshebrew-bold-webfont.woff

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

22a63798dfc04117296d0d0aaa9e426e55d6bd43aa7e2f79d898e76adc918e86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/fonts/opensanshebrew-bold-webfont.woff
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
origin: https://www.geektime.co.il
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153102-23152984 2NNN RT(1533674784091 0) q(0 0 0 -1) r(1 1) U18
content-length: 13801
pragma: public
referrer-policy
server: Apache
etag: "3620-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: application/font-woff
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 opensanshebrew-regular-webfont.woff
www.geektime.co.il/wp-content/themes/geektime/css/fonts/ 13 KB
14 KB 51ms
50ms Font
application/font-woff 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/fonts/opensanshebrew-regular-webfont.woff

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

636f52528d61a565f93b83ec8fa646435c1b64f67ba5f4db64314f1692214fa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/fonts/opensanshebrew-regular-webfont.woff
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
origin: https://www.geektime.co.il
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153103-23149037 2NNN RT(1533674784092 0) q(0 1 1 -1) r(1 1) U18
content-length: 13743
pragma: public
referrer-policy
server: Apache
etag: "35f0-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: application/font-woff
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 118 KB
35 KB 24ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A1) /
Resource Hash: e5f8d0ce988d869b287f9498b3c779eaddd47b3e19c5fd82fee9f286e8f74298

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:24 GMT
Content-Encoding: gzip
Last-Modified: Fri, 27 Jul 2018 16:48:04 GMT
Server: ECS (fcn/41A1)
Etag: "ea6d43e2e4c9a7da8dadb95b466ec5cd+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Content-Length: 35308

GET
H2 200 logo.png
www.geektime.co.il/wp-content/plugins/geektime-plugin-related-posts/view/assets/img/ 2 KB
3 KB 149ms
145ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/plugins/geektime-plugin-related-posts/view/assets/img/logo.png

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6b518d799a86766cd92562bf914e914f7d1614b2d740ce8a9f94c08475093d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/geektime-plugin-related-posts/view/assets/img/logo.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/plugins/geektime-plugin-related-posts/view/assets/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/plugins/geektime-plugin-related-posts/view/assets/css/style.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "b4b91650"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153128-23152383 2VNN RT(1533674784145 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 2458
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 file.png
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/img/ 368 B
465 B 129ms
126ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/img/file.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

935d1b43ac576da5865a37515a61e46b8887650b7cc7442ce46905ba9e1d493c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/img/file.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "f729baa2"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153144-23153051 2VNN RT(1533674784168 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 368
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 video.png
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/img/ 310 B
407 B 138ms
136ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/img/video.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

7e61b6470d6bc14c919fd962e1c4624900a5a0bd7d17d8ce163c8ffb160819e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/img/video.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "ff2bf98c"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153146-23153142 2VNN RT(1533674784169 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 310
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 image.png
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/img/ 386 B
483 B 138ms
136ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/img/image.png

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

dcea5d68f5c4ac88ae98dca8f8a5aa2faafe6ed2f38be4013360f7d72ca955db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/img/image.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/css/wmu-frontend.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "601f11fd"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153147-23152984 2VNN RT(1533674784173 0) q(0 1 1 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 386
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 fontawesome-webfont.woff2
www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/fonts/ 70 KB
70 KB 53ms
52ms Font
application/font-woff2 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
origin: https://www.geektime.co.il
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/css/font-awesome.min.css?x35493&ver=1533580828
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-4.6.3/css/font-awesome.min.css?x35493&ver=1533580828
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153148-23152963 PNNN RT(1533674784177 0) q(0 0 0 -1) r(1 1) U18
pragma: public
referrer-policy
server: Apache
etag: "118d8-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: application/font-woff2
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
S 200 241881409682514 Show response
connect.facebook.net/signals/config/ 80 KB
17 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/241881409682514?v=2.8.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

0a3bdd8d1bbe7f0fe01eb34f5ca937c08033edbc2febeb1742ef6b3f1b846fbc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 16728
x-xss-protection: 0
pragma: public
x-fb-debug: iNI1RL+Wz7gdihZubMoYg5mreEhZiYZCRkgJC1J7uU2I5z6X+pxadZeEraCbEUKavjvYtCLUC12YdxzbcvSo8w==
x-frame-options: DENY
date: Tue, 07 Aug 2018 20:46:24 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 29ms
28ms Script
application/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.geektime.co.il

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 28ms
27ms Script
application/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.geektime.co.il

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 pubads_impl_237.js Show response
securepubads.g.doubleclick.net/gpt/ 179 KB
62 KB 53ms
40ms Script
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

sffe /

Resource Hash

b0b3c8f57bae0e0f2240b410e306fef853b90d73d16eef0e28d6be3d8810e589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Aug 2018 13:57:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 63104
x-xss-protection: 1; mode=block
expires: Tue, 07 Aug 2018 20:46:24 GMT

GET
H/1.1 200
OK /
geektimecoil.api.oneall.com/socialize/login/frame/ Frame 306A 0
0 35ms
33ms Document
text/html 136.243.63.184
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://geektimecoil.api.oneall.com/socialize/login/frame/?oakk=60872&oakv=8fa0cdfe45461cda961e2dfdcf488390bc015ef4d49f3dee1cd60029fccaed1e962be4e2121d294f4d1244f6ed389170dd841b77598c5768b8445eaa3f8d49ba459e42e07f45bc289b5723318910ff2ff9871ca360dfdbfd308b6273bd05f46fdbad9a29110c517f96487bbb7b6a31aab480c4f4b621313a89a267e17e08e222490f32adc5f0df87271083e1f636b74a562818c75a15bd1e6db73b205854f5f575ec5f7f55d47980752e8bbbd75213aeb9ca7c37d22c9bd228fed867032f523b518caf6d3d3b3f192e3ba9458490a7d036d2894eb700e375567e259bc625f8dda9b6864810481a80018104cc3d908d5b13cf2ad2f3a47c6b3e577952fbfbd367e923c04b342fa066a9527fa410d5ba9129294348367639301819b80c6a61eac68f07571cf6946429e22a13524c2f38728ffc9ec5079d59728f9a4dbe530f21ed7d9aff911ce6921e90f156697658e101c21cfa7a70628453789719652bf21f2ec8a71cd290cad5bc75de0e00fc14b5254d0e2828ba8b28acaacaf5de1a5c5c83aa8d7f65aafdcaa4b7aa6075c8710898b1c9967f5e8cdfc845a32fb55310aa8fd6023b34583851ff28a4224f6226c6ec4fcc4a82eb951b6657e0f736bdbc93fec91c86aa9bb611b9f32c05607fa0ef27f572d51d65d6a7dbe9adf823ba14a4a94f2cabe62cffddd14b6db5836d90e277cba479401a6c46babf9e1e09b356ab53329bf3ecc37b4756ace670f09c8d6063fe0fe138c4ca6d7cbfbf794cf41fa429c4&lang=en
Requested by: Host: geektimecoil.api.oneall.com
URL: https://geektimecoil.api.oneall.com/socialize/library.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.243.63.184 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: xip08.oneall.com
Software: nginx /
Resource Hash

Request headers

Host: geektimecoil.api.oneall.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

Server: nginx
Date: Tue, 07 Aug 2018 20:46:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 978
Connection: keep-alive
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
X-Forwarded-Target: xvictor.oneall.com
Vary: Accept-Encoding
Content-Encoding: gzip
X-Accepted-Source: xalpha.oneall.com

GET
H2 200 /
www.geektime.co.il/sub-domain-hijacking/ 64 KB
64 KB 41ms
40ms Image
text/html 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/sub-domain-hijacking/

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /sub-domain-hijacking/
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
status: 200
x-iinfo: 4-23153169-23152963 PNNN RT(1533674784321 0) q(0 0 0 -1) r(0 0) U12
pragma: public
referrer-policy
last-modified: Tue, 07 Aug 2018 20:29:55 GMT
server: Apache
etag: "43f97b49471a1ee5192441f20bdba528"
strict-transport-security: max-age=31536000
content-type: text/html; charset=UTF-8
cache-control: max-age=2611, public
link: <https://www.geektime.co.il/wp-json/>; rel="https://api.w.org/" <https://www.geektime.co.il/?p=375801>; rel=shortlink
expires: Tue, 07 Aug 2018 21:29:55 GMT

GET
H2 200 apple-2.jpg
files.geektime.co.il/wp-content/uploads/2016/01/ 3 KB
4 KB 16ms
15ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2016/01/apple-2.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5ad7197631453613fe1e6a9a8c132ec4b7569ed202b3dee70a5b23471de38bf9

Request headers

:path: /wp-content/uploads/2016/01/apple-2.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 08 Apr 2018 07:38:53 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Tue, 07 Nov 2017 16:22:01 GMT
server: AmazonS3
age: 10501652
etag: "1f2d22baacbb5bc3c925def4f866aa48"
x-cache: Hit from cloudfront
x-amz-version-id: 2mmQsDDbjJeNI.7uHf2XTR82aFi821BS
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 3284
x-amz-cf-id: c8GsCNhV5AcmC0DNS7Ffz4PsI4D58fYZLGS2y2Ex9ld2FrZsBsWO2w==

GET
H2 200 ch-android-small.jpg
files.geektime.co.il/wp-content/uploads/2016/01/ 2 KB
3 KB 17ms
15ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2016/01/ch-android-small.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9590bb52a00d0f8a264332a08ff088c516fb2f04fd33efa5738dc689b96abce6

Request headers

:path: /wp-content/uploads/2016/01/ch-android-small.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 08 Apr 2018 07:38:53 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Tue, 07 Nov 2017 16:22:14 GMT
server: AmazonS3
age: 10501652
etag: "72c9c13eda5d724d1327d34c0b88ffb3"
x-cache: Hit from cloudfront
x-amz-version-id: pVnIB49D6jw5dOATZ9c.p1PWYM__XEKq
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 2350
x-amz-cf-id: _rldftiC9NC8lOSyGWhDOc7UjqslXWsY84dQT9xps5xxFdJoYOy7Sg==

GET
H2 200 ch-google-small.jpg
files.geektime.co.il/wp-content/uploads/2016/01/ 2 KB
2 KB 18ms
16ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2016/01/ch-google-small.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f5c38e66c86e21d4595d690c9306412a326c3489d7fc821b1ffb5eb398e04556

Request headers

:path: /wp-content/uploads/2016/01/ch-google-small.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 08 Apr 2018 07:38:53 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Tue, 07 Nov 2017 16:22:15 GMT
server: AmazonS3
age: 10501652
etag: "2ed4e4630c1b5430a1505aca4807634b"
x-cache: Hit from cloudfront
x-amz-version-id: P0vyAVLYyYNidW9dwAzhZICNbglRdc1.
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 1869
x-amz-cf-id: d9QltstE8fdzvNF5_ey0vMjwGFvErNGrNTNWLoic-Dnjw4Xba0HMZg==

GET
H2 200 230x45.jpg
files.geektime.co.il/wp-content/uploads/2016/07/ 5 KB
5 KB 18ms
16ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2016/07/230x45.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e479afdffad35cdee2e1cd4ff3f63116d27fb2910045e5def8eb4627977f09c9

Request headers

:path: /wp-content/uploads/2016/07/230x45.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 08 Apr 2018 07:38:53 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Tue, 07 Nov 2017 17:05:20 GMT
server: AmazonS3
age: 10501652
etag: "8089a899eef72585d5a06568d9edab03"
x-cache: Hit from cloudfront
x-amz-version-id: V9Lh.Ob4MKHejVrGhHI6iCFF9OBgQJgE
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 5098
x-amz-cf-id: EmtZtxW-hD0TOFt3HvJG0f-8gO3OTuU6BquzKim_MqfNwKg9oBtpQA==

GET
H2 200 shutterstock_3079998051.jpg
files.geektime.co.il/wp-content/uploads/2015/11/ 4 KB
4 KB 18ms
17ms Image
image/jpeg 2600:9000:2002:3a00:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.geektime.co.il/wp-content/uploads/2015/11/shutterstock_3079998051.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:3a00:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adeb590fa7857c3c38ba7d9bb556e2d0d50058bc4552f6a0714d390bd86c66ea

Request headers

:path: /wp-content/uploads/2015/11/shutterstock_3079998051.jpg
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: files.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 08 Apr 2018 07:38:53 GMT
via: 1.1 481aeb3116af8cfe075adc0004d928d7.cloudfront.net (CloudFront)
last-modified: Mon, 04 Sep 2017 20:25:48 GMT
server: AmazonS3
age: 20305
etag: "795afe89d310d6d2549342fb0f1bb25d"
x-cache: Hit from cloudfront
x-amz-version-id: iCaP6KHTPyXtJ5gUHTJ.RyMfWF4cecx9
status: 200
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 4003
x-amz-cf-id: VGARAoxzjPKWjVZAx0XIVu4N-2OpO2me0vT3P84mISStPJBR5l69NA==

GET
S 200 ch-hr-small.jpg
d2c0t36xs14iag.cloudfront.net/wp-content/uploads/2016/01/ 4 KB
5 KB 49ms
18ms Image
image/jpeg 2600:9000:2002:9800:1f:ed15:a600:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2c0t36xs14iag.cloudfront.net/wp-content/uploads/2016/01/ch-hr-small.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2002:9800:1f:ed15:a600:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 611557bc1967c8d08b2b65b4b44cd4ccd63652995c09a3cbbad8e62cf355cca5

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 08 Apr 2018 07:38:54 GMT
via: 1.1 4edcf55d6938e557aa2c6e71997d17b4.cloudfront.net (CloudFront)
last-modified: Tue, 07 Nov 2017 16:22:15 GMT
server: AmazonS3
age: 10501651
etag: "804f32ae5638ae1627255909740ade9a"
x-cache: Hit from cloudfront
x-amz-version-id: Jw_R3V1pJJ0Ywmzm8TAccpVohKRybN.b
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/jpeg
content-length: 4301
x-amz-cf-id: 3gCBzJmWoEEEFUMItCFkUJFuAJPdsh3G4umlWvn9-Q269e-mZViYcw==

GET
H2 200 loader.gif
www.geektime.co.il/wp-content/themes/geektime/css/images/ 12 KB
12 KB 32ms
31ms Image
image/gif 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/loader.gif

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

d93d2fd3b5eee61794d42a633ad55acbca35f8340732b1411d26fe338db7cb37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/loader.gif
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "c322142f"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-iinfo: 4-23153190-23153142 2VNN RT(1533674784384 0) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=31536000, public
content-length: 12433
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 social-icons.ttf
www.geektime.co.il/wp-content/themes/geektime/css/fonts/ 3 KB
2 KB 34ms
33ms Font
application/x-font-ttf 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/fonts/social-icons.ttf?i8o7f0

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

dd3b7682f853df302ea3646f1c0ad1293f5918a5699c33516a82cf7d107057aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/fonts/social-icons.ttf?i8o7f0
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785
origin: https://www.geektime.co.il
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153193-23152963 PNNN RT(1533674784405 0) q(0 0 0 -1) r(0 0) U18
content-length: 1937
pragma: public
referrer-policy
server: Apache
etag: "bd8-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: application/x-font-ttf
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:25 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
294 B 17ms
5ms Image
image/gif 2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=241881409682514&ev=PageView&dl=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&rl=&if=false&ts=1533674785065&sw=1600&sh=1200&v=2.8.24&r=stable&ec=0&o=30&it=1533674784926&exp=button_click_send_beacon
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 07 Aug 2018 20:46:25 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
98 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=540285849347093&ev=fb_page_view&dl=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&rl=&if=false&ts=1533674785115&sw=1600&sh=1200
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 07 Aug 2018 20:46:25 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
98 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=540285849347093&ev=fb_page_view&dl=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&rl=&if=false&ts=1533674785116&sw=1600&sh=1200
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 07 Aug 2018 20:46:25 GMT

GET
S 200 collect
www.google-analytics.com/ 35 B
109 B 6ms
6ms Image
image/gif 2a00:1450:4001:81c::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j68&a=219880660&t=pageview&_s=1&dl=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&ul=en-us&de=UTF-8&dt=%D7%9B%D7%9A%20%D7%AA%D7%9E%D7%A0%D7%A2%D7%95%20%D7%90%D7%AA%20%D7%97%D7%98%D7%99%D7%A4%D7%AA%20%D7%94%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%A0%D7%99%D7%9D%20%D7%A9%D7%9C%D7%9B%D7%9D%20%7C%20%D7%92%D7%99%D7%A7%D7%98%D7%99%D7%99%D7%9D&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAgEAB~&jid=710432514&gjid=1662850540&cid=950697005.1533674785&tid=UA-8205872-1&_gid=1169463901.1533674785&cd1=%D7%9B%D7%AA%D7%91%20%D7%90%D7%95%D7%A8%D7%97&cd2=%D7%90%D7%91%D7%98%D7%97%D7%AA%20%D7%9E%D7%99%D7%93%D7%A2&cg1=&z=1785614248

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jul 2018 00:10:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 678954
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j68&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&gjid=1662850540&_gid=1169463901.1533674785&_u=aGBAgEAB~&z=1033677540
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&_v=j68&z=1033677540
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&_v=j68&z=1033677540&slf_rd=1&random=3525063263

42 B
120 B

27ms
17ms

Image
image/gif

2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&_v=j68&z=1033677540&slf_rd=1&random=3525063263

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-8205872-1&cid=950697005.1533674785&jid=710432514&_v=j68&z=1033677540&slf_rd=1&random=3525063263
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 QX17B8fU-Vm.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 1B90 0
0 20ms
6ms Document
text/html 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/he_IL/sdk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.geektime.co.il/sub-domain-hijacking/
accept-encoding: gzip, deflate
cookie: fr=0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

status: 200
expires: Mon, 05 Aug 2019 21:32:43 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
content-encoding: gzip
x-fb-debug: V7idC9P3w8brpCj5zMHONCRNQaUOecWEYaw9j1WUcgPiKxJFht29q3mQP+WGxwsIddeImgF5WWAPdr1YdDO7Ng==
content-length: 13909
date: Tue, 07 Aug 2018 20:46:25 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
6 KB 52ms
51ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FTop_Banner_1064x85&sz=728x90%7C970x90%7C1064x85&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785220&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=595&ady=82&adk=4014738975&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=100&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1064x-1&msz=1064x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

62ec76908054fdd23d0d11b92f522dd7c95b7547a515badc184e9776e178c1ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 5487
x-xss-protection: 1; mode=block
google-lineitem-id: 4577091262
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138225145658
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 pubads_impl_rendering_237.js Show response
securepubads.g.doubleclick.net/gpt/ 42 KB
16 KB 40ms
40ms Script
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_237.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

sffe /

Resource Hash

841e51f02812313861d79651021e1bfdcb966aaa484871437158e58350dd2364

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Aug 2018 13:57:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 16465
x-xss-protection: 1; mode=block
expires: Tue, 07 Aug 2018 20:46:25 GMT

GET
S 200 container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ 0
0 18ms
6ms Other
text/html 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires: Wed, 07 Aug 2019 06:32:48 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Mon, 11 Jun 2018 14:38:59 GMT
content-type: text/html

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 65ms
65ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2Fmw_355x120_1&sz=355x120&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785229&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=0&adk=3768781946&gut=v2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1064x-1&msz=0x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

7527402fd66f9aad2fad1a73b857f53149ae13e9570d267cf59441e53a954daa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4697
x-xss-protection: 1; mode=block
google-lineitem-id: 2877691710
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 114165093630
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 68ms
68ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy3&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FContent_3_468x60&sz=468x60&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785236&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=756&ady=3569&adk=3247627141&gut=v2&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=640x-1&msz=640x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e9fc2ebc232f9538cbf39777ed8f7859404f48c1b7435e9a4a31c4de4572198c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4706
x-xss-protection: 1; mode=block
google-lineitem-id: 2749257150
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138222909586
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 75ms
74ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy4&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FContent_1_468x60&sz=468x60&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785243&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=668&ady=9033&adk=4147111271&gut=v2&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=640x-1&msz=0x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

844f9732695f73389b36a85df23207e9522fcaf9017f28a24b76d14ca1ff3307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4804
x-xss-protection: 1; mode=block
google-lineitem-id: 4665053244
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138238168333
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 79ms
79ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy5&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons1_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785248&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=444&ady=261&adk=1008871096&gut=v2&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

212643044af8cfdd92cbf8ad7392b2ba604f5e70e60e26efc7bc704b792d46aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4695
x-xss-protection: 1; mode=block
google-lineitem-id: 4745673581
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239419048
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 83ms
83ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy6&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons2_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785253&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=309&ady=261&adk=3389671593&gut=v2&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

33e5633e0d4c8b475013d9937639fea6ad767fae6d5772d0050cd3eb1b79c911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4787
x-xss-protection: 1; mode=block
google-lineitem-id: 4665047904
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138238023915
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 86ms
86ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy7&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons3_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785259&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=444&ady=396&adk=2315662090&gut=v2&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e27d93b990ec505dd4e040af635af9b8aa77b03fd88a2ba46d28ee08585b262c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4713
x-xss-protection: 1; mode=block
google-lineitem-id: 4676468762
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138233561117
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 92ms
91ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy8&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons4_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785266&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=309&ady=396&adk=517171833&gut=v2&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

1799185b58ab125b62d6b3887e652218ec489773a7f9edf1ec4b899a42ee039c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4718
x-xss-protection: 1; mode=block
google-lineitem-id: 4718881896
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239365722
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 95ms
94ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy9&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons5_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785272&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=444&ady=531&adk=3018266717&gut=v2&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

946c1706aeaa9ad3b5bf250fe8f5bde147f2ccd22c5054d29cbd14d97eefdeb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4685
x-xss-protection: 1; mode=block
google-lineitem-id: 2836133070
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 114160948110
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 151ms
150ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy10&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons6_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785276&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=309&ady=531&adk=1856787216&gut=v2&ifi=10&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

9b2bcb63b668fb622a1e7445096b8ad89857c1c33e1e9cdcd3c239cfcb787b71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4731
x-xss-protection: 1; mode=block
google-lineitem-id: 2849346870
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 114163887150
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 96ms
96ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy11&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons7_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785280&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=444&ady=666&adk=1100542113&gut=v2&ifi=11&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

715fc3267a9e21a3a29209590eb541818f2a8e905f76ff7c8726db8cfad82675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4880
x-xss-protection: 1; mode=block
google-lineitem-id: 2749257390
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138222871677
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 105ms
104ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy12&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons8_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785284&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=309&ady=666&adk=3054857422&gut=v2&ifi=12&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

b85e3c3d4eb1aa3372ec7548d05a9065630f87c3cab8d7f65983b8b25df47522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4898
x-xss-protection: 1; mode=block
google-lineitem-id: 4688458203
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138234511253
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 113ms
113ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy13&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSidebar_box2_300x250&sz=300x250&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785288&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=289&ady=811&adk=1886321011&gut=v2&ifi=13&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

525182226fff7487114aa5395a800ac612f5e23f034fed48cf2691a06a39abc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4925
x-xss-protection: 1; mode=block
google-lineitem-id: 4688458707
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138234511526
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 161ms
161ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy14&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSidebar_box1_300x250&sz=300x250&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785293&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=289&ady=1784&adk=3360623279&gut=v2&ifi=14&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

1899753bdf59777889f349744f4ad783b8da2f85b31f0147a3edb94b5db99ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4932
x-xss-protection: 1; mode=block
google-lineitem-id: 4719122099
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138237285295
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
5 KB 167ms
166ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy15&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons16_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785299&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=444&ady=2056&adk=4068968454&gut=v2&ifi=15&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

2684bde8e94b03118572440aacdac0ede86141c45eb6802cd6d0b55a971601d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4547
x-xss-protection: 1; mode=block
google-lineitem-id: 4745673581
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239419045
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 222ms
222ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy16&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons17_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785303&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=309&ady=2056&adk=3912436235&gut=v2&ifi=16&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

97d075973a3cfd6831376dbc388e3ac8bb592aa93c5bdde8a6583ef2f741474a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4748
x-xss-protection: 1; mode=block
google-lineitem-id: 2749257390
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138222871662
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 176ms
176ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy17&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons18_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785307&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=444&ady=2191&adk=1143811454&gut=v2&ifi=17&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

89b8af7f459c9606f758655eef80da8346e96fce5d8874edab9b5d5631fc1bc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4823
x-xss-protection: 1; mode=block
google-lineitem-id: 4718881896
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239396345
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 183ms
183ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy18&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons19_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785312&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=309&ady=2191&adk=3650336957&gut=v2&ifi=18&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=135x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

ea375778a23dc3952b223038b42e7d3fd51bdab3ecc3ad53093f30b16ad6da93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4776
x-xss-protection: 1; mode=block
google-lineitem-id: 4748681276
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239580441
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 210ms
210ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy19&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSidebar_Box3_300x250&sz=300x250&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785316&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=289&ady=2336&adk=3658354143&gut=v2&ifi=19&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

3dc05e85049c8dfa6ca4868bf9c5570a6128c4b4bdac0b073d88826b5c211a55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4916
x-xss-protection: 1; mode=block
google-lineitem-id: 4352253989
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138223344780
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 210ms
210ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy20&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons9_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785320&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=1185&ady=9134&adk=1585664219&gut=v2&ifi=20&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

fd7663f06e3e570f2a9060891c0d9cc793ea46df0354a2cf7104b1d0f6fb8431

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4757
x-xss-protection: 1; mode=block
google-lineitem-id: 4748681276
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239580474
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 214ms
214ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy21&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons10_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785324&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=1033&ady=9134&adk=3132845139&gut=v2&ifi=21&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

a3e871b7d7f60fe98dd383dfc253b6aa56c1b00d9685ba3fce8686cee31a69c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4852
x-xss-protection: 1; mode=block
google-lineitem-id: 4665047904
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138238065038
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 235ms
234ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy22&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons11_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785328&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=881&ady=9134&adk=3524473975&gut=v2&ifi=22&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e849f0463a898427503dd7be590d212f9a6bc6fc9ab50fde1f1edee1f20e99a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4907
x-xss-protection: 1; mode=block
google-lineitem-id: 4667914013
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138232833683
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 217ms
217ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy23&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons12_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785333&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=729&ady=9134&adk=275267120&gut=v2&ifi=23&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

8328719a02f2cb646430fa7bf81b76a1a327e3e9a2dda6995b6d7e9d3d154877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4902
x-xss-protection: 1; mode=block
google-lineitem-id: 2749257390
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138222871509
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 238ms
238ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy24&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons13_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785337&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=577&ady=9134&adk=4017791007&gut=v2&ifi=24&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

3c278f9f1215a62b2a7050f6a9dab506ccde383318eb132585b3c9401c414c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4883
x-xss-protection: 1; mode=block
google-lineitem-id: 4676468762
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138233495118
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 260ms
260ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy25&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons14_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785343&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=425&ady=9134&adk=2807847637&gut=v2&ifi=25&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

eb1527d8e13fd32027d41fdcb6978b55638efcebe7a6ae0236f50fecbc6250fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4744
x-xss-protection: 1; mode=block
google-lineitem-id: 2836133070
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 114160948350
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
5 KB 270ms
269ms XHR
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3631024690513444&correlator=2050617187878778&output=json_html&callback=googletag.impl.pubads.callbackProxy26&impl=fif&adsid=NT&eid=21061864%2C21062388%2C21061803&vrg=237&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F3325390%2FSpons15_125x125&sz=125x125&cust_params=geektime%3Dpost%2520information-security%2520375801&cookie_enabled=1&bc=7&abxe=1&lmt=1533673795&dt=1533674785347&dlt=1533674784541&idt=661&frm=20&biw=1585&bih=1200&oid=3&adx=273&ady=9134&adk=484304111&gut=v2&ifi=26&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&dssz=101&icsg=4497706126934015&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=152x-1&msz=127x-1&ga_vid=950697005.1533674785&ga_sid=1533674785&ga_hid=219880660&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

6e3d70da06fa9d78f0635116e1ecf517d343f8f66872a945448abb660ec69124

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4894
x-xss-protection: 1; mode=block
google-lineitem-id: 4688458203
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138234511325
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.geektime.co.il
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget.js Show response
d2muzdhs7lpmo0.cloudfront.net/ 2 KB
1 KB 91ms
68ms Script
text/javascript 52.85.177.71
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2muzdhs7lpmo0.cloudfront.net/widget.js?id=19762010&secure&8520415
Requested by: Host: d29k50lkkhkjby.cloudfront.net
URL: https://d29k50lkkhkjby.cloudfront.net/19762010-862c/5/widget-c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.177.71 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-177-71.fra6.r.cloudfront.net
Software: Apache /
Resource Hash: 06166286ca3df71a4cf13c2af4eca50784a5bfc4fb137021dc211f9b2c1066b7

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Aug 2018 20:45:42 GMT
Content-Encoding: gzip
Server: Apache
Age: 43
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript; charset=UTF-8
Via: 1.1 f17892129c0657c8d9d0809a1b0b00be.cloudfront.net (CloudFront)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache="set-cookie"
Connection: keep-alive
Content-Length: 874
X-Amz-Cf-Id: yJ4ERe3H6WP_qGJkfEK-lEzcJqa6bZczI2xWiHFdyLJWeCD4WSme-Q==

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2276c4652aed67dc1f63d3c79c0e93d3a5d98b4121f1fd1f2a035ba56e93ce45

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c13ccc2804c88b3d8b5332ea1567951173f61839292e8e63ad4eb533071823ba

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 866 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce56768a8799373c69c80bd891b73971709c7c1cf7c5927d8a68e797200204c2

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8bbb61e038c09003a96ceac9b033b487e17d59b187aba6ba1f5738ba51b6fd74

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 955 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9988945bb423eed2743fcfdc1d2622af3431722fd4f3a29c93474c0eec7419d4

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 698d325d67773d4672cccc9731da6fb461f710e14c92656d31d3591861a34963

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 438 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9b558927a37e59adb70b8b84d906567d44d340905118ed80c0a633d81195954

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72287519988bf32a51797a3e4529f1945197247996a9e7cd19437566ff5a0308

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 756 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57b939134c767c30d52288f097418952db4c6898c53643698b469d2ab228587c

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 625 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fb5ba492d85eac12ddd6da3362f0896117bd3691846bd4dcb3b9e51ecfe762a

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 898 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22987271a9db59c5c4749fcfcd07dbd2a2c1b4b4734e8a2c6b760d850d2edab3

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 208e7dfb8897d244b166f2becabf3823d6bfe440fc484310070478bbc6efabf5

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf6e922ce5f6641693634211a3e10cedda8625e38d030b543e80d7cbb4973eef

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a9eebdc31e86178ee372c00a9993914de2f4f14381a2772438fda00d22da436

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22896f8e3db5cc4458cd24273d949898eaa8db677372beeddef29903a5564565

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 949 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b4b11cc882379b04a094a4250c36ffbe3a699b626d966302cc9378b625c3128

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 318e620f71199b8c51e3bc6bd8be989f73c4f4a115c19bb28d13752b7bcb3608

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a67a1fef37f113ae2b73e8fbcb611cd2db6f97ada4ef7aab05c45ebcd5c0fbf3

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 701 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0bcd692ba843c2535734127f8a23443fe95c6eedf06d1d32693a7521456f68b3

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40c2df35f1dc731fdf432146528e5d6255ed545bd7d928f188f1cb6e5d9ca183

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5cd8a82c8f3cdd485d0a2c5150cc76aebf357481c9529a535e78e3d1321676c

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 787 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a2fcea3847d29436cb6c465b7c65413fe22240ecc9b7184abb7bc65e97db9f4

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 148f0c71dd7ce39afae6ba47bf737657dcb983a70cdaff9c53c287e1a4f20b6f

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml

GET
H/1.1 200
OK /
geektimecoil.api.oneall.com/socialize/login/frame/ Frame E1BE 0
0 41ms
40ms Document
text/html 136.243.63.184
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://geektimecoil.api.oneall.com/socialize/login/frame/?oakk=60872&oakv=8fa0cdfe45461cda961e2dfdcf488390bc015ef4d49f3dee1cd60029fccaed1e962be4e2121d294f4d1244f6ed389170dd841b77598c5768b8445eaa3f8d49ba459e42e07f45bc289b5723318910ff2ff9871ca360dfdbfd308b6273bd05f46fdbad9a29110c517f96487bbb7b6a31aab480c4f4b621313a89a267e17e08e222490f32adc5f0df87271083e1f636b74a562818c75a15bd1e6db73b205854f5f575ec5f7f55d47980752e8bbbd75213aeb9ca7c37d22c9bd228fed867032f523b518caf6d3d3b3f192e3ba9458490a7d036d2894eb700e375567e259bc625f8dda9b6864810481a80018104cc3d908d5b13cf2ad2f3a47c6b3e577952fbfbd367e923c04b342fa066a9527fa410d5ba9129294348367639301819b80c6a61eac68f07571cf6946429e22a13524c2f38728ffc9ec5079d59728f9a4dbe530f21ed7d9aff911ce6921e90f156697658e101c21cfa7a70628453789719652bf21f2ec8a71cd290cad5bc75de0e00fc14b5254d0e2828ba8b28acaacaf5de1a5c5c83aa8d7f65aafdcaa4b7aa6075c8710898b1c9967f5e8cdfc845a32fb55310aa8fd6023b34583851ff28a4224f6226c6ec4fcc4a82eb951b6657e0f736bdbc93fec91c86aa9bb611b9f32c05607fa0ef27f572d51d65d6a7dbe9adf823ba14a4a94f2cabe62cffddd14b6db5836d90e277cba479401a6c46babf9e1e09b356ab53329bf3ecc37b4756ace670f09c8d6063fe0fe138c4ca6d7cbfbf794cf41fa429c4&lang=en
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.243.63.184 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: xip08.oneall.com
Software: nginx /
Resource Hash

Request headers

Host: geektimecoil.api.oneall.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

Server: nginx
Date: Tue, 07 Aug 2018 20:46:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 978
Connection: keep-alive
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
X-Forwarded-Target: xvictor.oneall.com
Vary: Accept-Encoding
Content-Encoding: gzip
X-Accepted-Source: xalpha.oneall.com

GET
H2 200 overlay.png
www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/images/ 115 B
220 B 31ms
31ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/images/overlay.png

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

752df758c0fc34e6a6c0459a43d88fc37d622528b45468b6be5db2e95a0b86cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/images/overlay.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785; _gat=1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/colorbox.min.css?x35493&ver=1533580828
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/wp-content/plugins/wpdiscuz-media-uploader/assets/third-party/colorbox/colorbox.min.css?x35493&ver=1533580828
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
x-cdn: Incapsula
etag: "25cee9d4"
strict-transport-security: max-age=31536000
content-type: image/png
status: 200
x-iinfo: 4-23153261-23153142 2VNN RT(1533674784819 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 115
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H2 200 loadingAnimation.gif
www.geektime.co.il/wp-includes/js/thickbox/ 15 KB
15 KB 31ms
31ms Image
image/gif 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-includes/js/thickbox/loadingAnimation.gif

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/thickbox/loadingAnimation.gif
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785; _gat=1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:24 GMT
last-modified: Mon, 06 Aug 2018 18:40:29 GMT
x-cdn: Incapsula
etag: "946c642b"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-iinfo: 4-23153262-23152383 2VNN RT(1533674784829 0) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=31536000, public
content-length: 15238
expires: Wed, 07 Aug 2019 20:46:24 GMT

GET
H/1.1 200
OK widget_iframe.cb6df5c11eb74c4885e17101a777cb60.html
platform.twitter.com/widgets/ Frame E88A 0
0 9ms
8ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.cb6df5c11eb74c4885e17101a777cb60.html?origin=https%3A%2F%2Fwww.geektime.co.il&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4187) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

Content-Encoding: gzip
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Aug 2018 20:46:25 GMT
Etag: "6f4bb4155518386526ca164541e6b1ce+gzip"
Last-Modified: Fri, 27 Jul 2018 16:47:05 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4187)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5868

GET
H/1.1 200
OK button.bf357a6ba1a5f1fa0ddb61377ae3add5.js Show response
platform.twitter.com/js/ 4 KB
2 KB 15ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.bf357a6ba1a5f1fa0ddb61377ae3add5.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40AE) /
Resource Hash: 71ef2be76ecf12f431795805b6bfb5a20523b7692be0e6106e8e2d18d3d33632

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:25 GMT
Content-Encoding: gzip
Last-Modified: Fri, 27 Jul 2018 16:47:00 GMT
Server: ECS (fcn/40AE)
Etag: "1d8bf9d779a256fc7c4434c8ce2298c8+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Content-Length: 1397

GET
S 200 get Show response
odb.outbrain.com/utils/ 40 KB
8 KB 138ms
131ms Script
text/x-json 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&srcUrl=https%3A%2F%2Fwww.geektime.co.il%2Ffeed%2F&settings=true&recs=true&widgetJSId=AR_2&key=NANOWDGT01&idx=0&version=01004900&ref=&apv=false&sig=nUJdnvUF&format=html&rand=88756&winW=1600&winH=1200&scrW=1600&scrH=1200&adblck=false&secured=true

Requested by

Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

5b2454f13e616245b06b5101d8cdf16d679ca364b3b45d8ca1cf4dde79ffcf60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=0; includeSubDomains;
content-encoding: gzip
traffic-path: NYDC1, JFK, FRA, Europe1
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
status: 200
x-cache-hits: 0, 0
x-served-by: cache-jfk8139-JFK, cache-fra19122-FRA
pragma: no-cache
x-timer: S1533674786.569835,VS0,VE125
date: Tue, 07 Aug 2018 20:46:25 GMT
vary: Accept-Encoding, User-Agent
content-type: text/x-json; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
backend-ip: 104.156.90.39
accept-ranges: bytes, bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 share_button.php
www.facebook.com/v2.10/plugins/ Frame 6F08 0
0 61ms
51ms Document
text/html 2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.10/plugins/share_button.php?app_id=540285849347093&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df1c4f45e5c6bd8c%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&container_width=710&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&layout=button&locale=he_IL&mobile_iframe=true&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/he_IL/sdk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.10/plugins/share_button.php?app_id=540285849347093&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df1c4f45e5c6bd8c%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&container_width=710&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&layout=button&locale=he_IL&mobile_iframe=true&sdk=joey
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.geektime.co.il/sub-domain-hijacking/
accept-encoding: gzip, deflate
cookie: fr=0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

status: 200
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v2.10
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
cache-control: private, no-cache, no-store, must-revalidate
timing-allow-origin: *
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expect-ct: max-age=86400, report-uri="http://reports.fb.com/expectct/"
pragma: no-cache
x-xss-protection: 0
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset="utf-8"
x-fb-debug: oL8V+R5DQAml6VZ5h1RIBZtXu18yshRD1w6wof5pmen5RU7CE1ER+2aXAg8JqtrtsHjU4wzYgpuh9tHCnOJ/EA==
date: Tue, 07 Aug 2018 20:46:25 GMT

GET
H2 200 share_button.php
www.facebook.com/v2.10/plugins/ Frame D311 0
0 61ms
56ms Document
text/html 2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.10/plugins/share_button.php?app_id=540285849347093&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df36c39cad31b0bc%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&container_width=640&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&layout=button&locale=he_IL&mobile_iframe=true&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/he_IL/sdk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.10/plugins/share_button.php?app_id=540285849347093&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df36c39cad31b0bc%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&container_width=640&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&layout=button&locale=he_IL&mobile_iframe=true&sdk=joey
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.geektime.co.il/sub-domain-hijacking/
accept-encoding: gzip, deflate
cookie: fr=0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

status: 200
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v2.10
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
cache-control: private, no-cache, no-store, must-revalidate
timing-allow-origin: *
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expect-ct: max-age=86400, report-uri="http://reports.fb.com/expectct/"
pragma: no-cache
x-xss-protection: 0
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset="utf-8"
x-fb-debug: v+mSnQWjmraKw5enMpguzpBJGv1zT+FEYZ2DPZUHWv++Rf/12UmzZFv8+AXA4idduJ3HBuB0nJYZm3Ty3kjW6A==
date: Tue, 07 Aug 2018 20:46:25 GMT

GET
H2

200

QX17B8fU-Vm.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 9FF2
Redirect Chain

https://www.facebook.com/connect/ping?client_id=540285849347093&domain=www.geektime.co.il&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fver...
https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42

0
0

7ms
6ms

Document
text/html

2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/he_IL/sdk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.geektime.co.il/sub-domain-hijacking/
accept-encoding: gzip, deflate
cookie: fr=0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

status: 200
expires: Mon, 05 Aug 2019 21:32:43 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
content-encoding: gzip
x-fb-debug: V7idC9P3w8brpCj5zMHONCRNQaUOecWEYaw9j1WUcgPiKxJFht29q3mQP+WGxwsIddeImgF5WWAPdr1YdDO7Ng==
content-length: 13909
date: Tue, 07 Aug 2018 20:46:25 GMT

Redirect headers

status: 302
x-xss-protection: 0
pragma: no-cache
location: https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42#cb=f2403c56597fdc8&domain=www.geektime.co.il&origin=https%3A%2F%2Fwww.geektime.co.il%2Ff18a257c0cdb7d4&relation=parent&error=unknown_user
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
cache-control: private, no-cache, no-store, must-revalidate
expect-ct: max-age=86400, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: text/html; charset="utf-8"
x-fb-debug: CScAvoPxXUIImXb958sDzXjNJbpxyXaMD2FJJP6JuAyZQ12gtdRtHc5s8DnpqTRVUp3zKFBehbSKHIaKiy6eIQ==
content-length: 0
date: Tue, 07 Aug 2018 20:46:25 GMT

GET
H2

200

feedback.php
www.facebook.com/plugins/ Frame 99A6
Redirect Chain

https://www.facebook.com/plugins/comments.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd...
https://www.facebook.com/plugins/feedback.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd...

0
0

253ms
252ms

Document
text/html

2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/feedback.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd7%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&colorscheme=light&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&locale=he_IL&numposts=10&sdk=joey&skin=light&version=v2.6&width=730

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/he_IL/sdk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/feedback.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd7%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&colorscheme=light&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&locale=he_IL&numposts=10&sdk=joey&skin=light&version=v2.6&width=730
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.geektime.co.il/sub-domain-hijacking/
accept-encoding: gzip, deflate
cookie: fr=0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

status: 200
timing-allow-origin: *
x-xss-protection: 0
pragma: no-cache
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
cache-control: private, no-cache, no-store, must-revalidate
expect-ct: max-age=86400, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset="utf-8"
x-fb-debug: xhv8Q6/i4aviSn4E71B3rdEdplbHKl3xWX147jMNpBidFgKSzveaHoNyHIWqLBEJ8OwRSbt0JOscxOiUdH1lfw==
date: Tue, 07 Aug 2018 20:46:25 GMT

Redirect headers

status: 302
location: https://www.facebook.com/plugins/feedback.php?api_key=540285849347093&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df39e7fa2b87bd7%26domain%3Dwww.geektime.co.il%26origin%3Dhttps%253A%252F%252Fwww.geektime.co.il%252Ff18a257c0cdb7d4%26relation%3Dparent.parent&colorscheme=light&href=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&locale=he_IL&numposts=10&sdk=joey&skin=light&version=v2.6&width=730
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
vary: Origin
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-origin: https://www.facebook.com
access-control-allow-credentials: true
content-type: text/html; charset="utf-8"
x-fb-debug: VXNtAaa7EDSUp8f1Vm9IviADInTttXxtbkQ0sjPkAoscIsAZTS5b7DBKa6sXix97pVk3ATCavpsZHah54z+evQ==
content-length: 0
date: Tue, 07 Aug 2018 20:46:25 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 29B0 3 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 29B0 71 KB
26 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 17126760668331965656
tpc.googlesyndication.com/simgad/ Frame 29B0 87 KB
87 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17126760668331965656

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

204563d1794ce01cdaced70253b393d683ea2794f7b9f7847674324705966162

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 12 Jul 2018 12:47:09 GMT
x-content-type-options: nosniff
age: 2275156
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 89124
x-xss-protection: 1; mode=block
last-modified: Tue, 13 Feb 2018 06:52:06 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jul 2019 12:47:09 GMT

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 70 KB
26 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

6546ea7bd057a25d0198ff233e30008c8c8f99bcef163ff487a255db68577007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:09:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26269
x-xss-protection: 1; mode=block
server: cafe
etag: 15748226983099521862
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Aug 2018 21:09:05 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame FE80 3 KB
1 KB 14ms
11ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame FE80 71 KB
26 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 14494291070696035233
tpc.googlesyndication.com/simgad/ Frame FE80 54 KB
54 KB 14ms
12ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14494291070696035233

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

fa71e7dc05c3dab927092a72838d3022f4f664fb57e9c63eaf3a9123bb0b26c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 20:16:36 GMT
x-content-type-options: nosniff
age: 2161789
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 54816
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 07:41:00 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 20:16:36 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 73CF 3 KB
1 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 73CF 71 KB
26 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 11494498377103361283
tpc.googlesyndication.com/simgad/ Frame 73CF 49 KB
49 KB 12ms
12ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11494498377103361283

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b113823a6472233cac041732b6d7b1558001a95e9a0d990be0156441e1ef0eaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 20:17:10 GMT
x-content-type-options: nosniff
age: 2161755
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 50427
x-xss-protection: 1; mode=block
last-modified: Sun, 21 Jan 2018 09:58:05 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 20:17:10 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 82A3 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 82A3 71 KB
26 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 8412533143868089412
tpc.googlesyndication.com/simgad/ Frame 82A3 39 KB
39 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8412533143868089412

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

228a1caeea9985f0636c71d57562bded62958cd73ef1d25b13577135810e81c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 12:38:20 GMT
x-content-type-options: nosniff
age: 2102885
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 39463
x-xss-protection: 1; mode=block
last-modified: Thu, 05 Jul 2018 17:42:22 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 12:38:20 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame A388 3 KB
1 KB 13ms
3ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame A388 71 KB
26 KB 11ms
2ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 12164562118942050727
tpc.googlesyndication.com/simgad/ Frame A388 39 KB
39 KB 13ms
4ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12164562118942050727

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a41212d22124dca99b596be6f72e026a91951a30bdf6e2c34a5144f7841a464b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 23 Jul 2018 21:00:23 GMT
x-content-type-options: nosniff
age: 1295162
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 40288
x-xss-protection: 1; mode=block
last-modified: Mon, 23 Jul 2018 12:42:24 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jul 2019 21:00:23 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 2E67 3 KB
1 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 2E67 71 KB
26 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 3490289138977904173
tpc.googlesyndication.com/simgad/ Frame 2E67 8 KB
8 KB 11ms
7ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3490289138977904173

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ee3f1345921def23f64617ddcaa7439063d43510c69bc4119e899607d510ea73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 17:31:54 GMT
x-content-type-options: nosniff
age: 2171671
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8055
x-xss-protection: 1; mode=block
last-modified: Thu, 05 Jul 2018 13:43:00 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 17:31:54 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame A030 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame A030 71 KB
26 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 12450422211155799290
tpc.googlesyndication.com/simgad/ Frame A030 10 KB
10 KB 8ms
7ms Image
image/png 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12450422211155799290

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

19ac2a5dec18de96af24f5d8da292bb5515a44296811ca115cd047b5a17c5179

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 09 Jul 2018 19:48:12 GMT
x-content-type-options: nosniff
age: 2509093
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 10487
x-xss-protection: 1; mode=block
last-modified: Fri, 18 May 2018 08:06:09 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Jul 2019 19:48:12 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 0B74 3 KB
1 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 0B74 71 KB
26 KB 9ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 1950401006735637522
tpc.googlesyndication.com/simgad/ Frame 0B74 7 KB
7 KB 9ms
6ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1950401006735637522

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7b8a9cf1e0b98f6c2bbd9c140a54e84b4a9e2b9db7bd61063064f987841e94a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 24 Jul 2018 06:25:10 GMT
x-content-type-options: nosniff
age: 1261275
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7226
x-xss-protection: 1; mode=block
last-modified: Tue, 24 Jul 2018 06:18:00 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Jul 2019 06:25:10 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame AE35 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame AE35 71 KB
26 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 1030317211693884857
tpc.googlesyndication.com/simgad/ Frame AE35 12 KB
13 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1030317211693884857

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d63f7203aa5f1d2a6a47d1ea515286d195b619a46027aa352587e2f71118f2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 09 Jul 2018 19:12:00 GMT
x-content-type-options: nosniff
age: 2511265
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 12749
x-xss-protection: 1; mode=block
last-modified: Tue, 13 Dec 2016 10:17:06 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Jul 2019 19:12:00 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 1945 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 1945 71 KB
26 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame 1945 0
58 B 15ms
14ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSld3IL61Q9ZGiHiZ81nXVyp-lWuSB7P7T8tg1-xibvy-WdGI_9Nhq0ZhC0Idmmsp7BRkMDRfXWJW5H_-1XOycOLR7R_Q
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 10129281688110050383
tpc.googlesyndication.com/simgad/ Frame 1945 41 KB
42 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10129281688110050383

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

23cfd905cc3212cfd17922e360ea93f2e893b5273fbe1e104a092e35af329e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 12:58:03 GMT
x-content-type-options: nosniff
age: 2101702
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42436
x-xss-protection: 1; mode=block
last-modified: Sun, 21 Jan 2018 09:55:44 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 12:58:03 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame B760 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame B760 71 KB
26 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame B760 0
58 B 16ms
13ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTKSp3SP4QqCb1MdiTImMzaA9P62duHcvv39NXz0X8TsdWRxE0vLBoSnYrgiddLroues_EpN_jLRAAHFDWy0bw-aqVoSg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 14428181134556396145
tpc.googlesyndication.com/simgad/ Frame B760 19 KB
19 KB 9ms
6ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14428181134556396145

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a47eb2a049419655bdd5f5f9f9ac681b474778d4e22da74596fb8fefde277fa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 20:20:55 GMT
x-content-type-options: nosniff
age: 2161530
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 19583
x-xss-protection: 1; mode=block
last-modified: Mon, 28 May 2018 07:21:47 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 20:20:55 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame DA13 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame DA13 71 KB
26 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame DA13 0
58 B 15ms
13ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRE1FEDPuBfHHIGbZUz7rczKQ1TOmNlJdaVbEAvKPMpaHbXlDh4-PbrqLrS2InBP58O9XTdmhR7wOxRdIHma64D5EFMLg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 3522879769437653665
tpc.googlesyndication.com/simgad/ Frame DA13 63 KB
63 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3522879769437653665

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ea081aa3fe8287e00ffd3f490871c8fca965c992c0954abd3e65ed123ab18d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 12 Jul 2018 21:11:12 GMT
x-content-type-options: nosniff
age: 2244913
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 64078
x-xss-protection: 1; mode=block
last-modified: Mon, 28 May 2018 07:24:32 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jul 2019 21:11:12 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 59E2 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 59E2 71 KB
26 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 1543011367046172163
tpc.googlesyndication.com/simgad/ Frame 59E2 32 KB
32 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1543011367046172163

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

65874210d095ec7cfb1d8c9a98e3d0cc2e0bf5d700b0705b246353ce42fa98b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 10 Jul 2018 06:53:49 GMT
x-content-type-options: nosniff
age: 2469156
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 33107
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 07:39:39 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Jul 2019 06:53:49 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame D5B6 3 KB
1 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame D5B6 71 KB
26 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame D5B6 0
58 B 18ms
14ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRNTc_2dCRlJ9UbRDhNT9Bgiw6ZqKwcqYxRGSbADIH4dk10X012vAWc1XWfRAIxBztqleQYpKxomG66GIUe4KG_Bko1Uw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 5804036992371058284
tpc.googlesyndication.com/simgad/ Frame D5B6 28 KB
28 KB 13ms
10ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5804036992371058284

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0878e78816bca2997416f5a09211c2897fc17ee086774176fd2c8a580eaf788f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 12:44:16 GMT
x-content-type-options: nosniff
age: 2102529
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 28328
x-xss-protection: 1; mode=block
last-modified: Tue, 26 Jun 2018 16:48:31 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 12:44:16 GMT

GET
S 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/011533168552513/ 20 KB
8 KB 71ms
13ms Script
text/javascript 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011533168552513/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c35adf6a5eb8b3e010a6f002cb9fcd9941b8f613ea0c724da2f9fe39cbe0928b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 438197
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7944
x-xss-protection: 1; mode=block
last-modified: Thu, 02 Aug 2018 02:15:00 GMT
server: sffe
date: Thu, 02 Aug 2018 19:03:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Aug 2019 19:03:08 GMT

GET
S 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011533168552513/ Frame DF0B 256 KB
81 KB 70ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011533168552513/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b55d475700b26979db3cc124b0680a5e1cc7cdd30a0f1281ebe2485cec1127fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 437767
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 82626
x-xss-protection: 1; mode=block
last-modified: Thu, 02 Aug 2018 02:15:00 GMT
server: sffe
date: Thu, 02 Aug 2018 19:10:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Aug 2019 19:10:18 GMT

GET
S 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011533168552513/v0/ Frame DF0B 104 KB
34 KB 61ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011533168552513/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

724e73bbd044c77c989432766a913714bf52128d4111cfd8b49e2f45595dd837

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 439104
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 34122
x-xss-protection: 1; mode=block
last-modified: Thu, 02 Aug 2018 02:15:00 GMT
server: sffe
date: Thu, 02 Aug 2018 18:48:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Aug 2019 18:48:01 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame FA0B 3 KB
1 KB 11ms
4ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame FA0B 71 KB
26 KB 12ms
4ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame FA0B 0
58 B 19ms
12ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTlGGJtEFE5dP03l2jbKRvAtlz8ZdDL5B2sB9A-k37IE22WhF9Dq8bjjY5NTkvIJHiP956h7MdQydop0lkI_QR12qTzPw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 2416521092845180993
tpc.googlesyndication.com/simgad/ Frame FA0B 7 KB
7 KB 13ms
6ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2416521092845180993

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7b8a9cf1e0b98f6c2bbd9c140a54e84b4a9e2b9db7bd61063064f987841e94a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 24 Jul 2018 06:24:14 GMT
x-content-type-options: nosniff
age: 1261331
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7226
x-xss-protection: 1; mode=block
last-modified: Tue, 24 Jul 2018 06:17:44 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Jul 2019 06:24:14 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 897E 3 KB
1 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 897E 71 KB
26 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 16452750522309980858
tpc.googlesyndication.com/simgad/ Frame 897E 17 KB
17 KB 13ms
8ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16452750522309980858

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6a344abd2c828a3ed59e48715d8ba4c63051502a6a45d248b3f2ee6703c96325

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 26 Jul 2018 11:02:55 GMT
x-content-type-options: nosniff
age: 1071810
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17215
x-xss-protection: 1; mode=block
last-modified: Thu, 26 Jul 2018 10:51:20 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Jul 2019 11:02:55 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame D6AC 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame D6AC 71 KB
26 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 3866945191198730315
tpc.googlesyndication.com/simgad/ Frame D6AC 43 KB
43 KB 15ms
13ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3866945191198730315

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

11345f31322926daa557eeb9c4adaefde6dd433b88e2c5f14adca26bc205f0d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 20:10:23 GMT
x-content-type-options: nosniff
age: 2162162
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 44103
x-xss-protection: 1; mode=block
last-modified: Sun, 21 Jan 2018 09:56:07 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 20:10:23 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 91E4 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 91E4 71 KB
26 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame 91E4 0
58 B 14ms
14ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSaG3ntMzdhPA0AevhyBydEThu6avRW5N_MYHGM_2Ufe0WdB7ZyHQF31eUM9vYTb6TC9sxyGGpziSP6W7fEtAcnI7xPzg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 712943972351243430
tpc.googlesyndication.com/simgad/ Frame 91E4 99 KB
99 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/712943972351243430

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

04093e689c7bc91c85ce0032f11d4054c4a2200840fc4dbec42a971ad0da205c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 12:53:48 GMT
x-content-type-options: nosniff
age: 2101957
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 101090
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Jan 2018 10:13:03 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 12:53:48 GMT

GET
S 200 16452750522309980858
tpc.googlesyndication.com/simgad/ Frame A9F3 17 KB
17 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16452750522309980858

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6a344abd2c828a3ed59e48715d8ba4c63051502a6a45d248b3f2ee6703c96325

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 26 Jul 2018 11:02:55 GMT
x-content-type-options: nosniff
age: 1071810
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17215
x-xss-protection: 1; mode=block
last-modified: Thu, 26 Jul 2018 10:51:20 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Jul 2019 11:02:55 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame A9F3 3 KB
1 KB 13ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame A9F3 71 KB
26 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame DE48 3 KB
1 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame DE48 71 KB
26 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 16765322390831346942
tpc.googlesyndication.com/simgad/ Frame DE48 8 KB
8 KB 21ms
14ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16765322390831346942

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b673c2c9beeed79840bfa30a084aff7134a289f00f3a64e318244f3a30577984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 07:48:10 GMT
x-content-type-options: nosniff
age: 2120295
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8170
x-xss-protection: 1; mode=block
last-modified: Thu, 05 Jul 2018 13:43:03 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 07:48:10 GMT

GET
S 200 10129281688110050383
tpc.googlesyndication.com/simgad/ Frame C2A3 41 KB
42 KB 15ms
10ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10129281688110050383

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

23cfd905cc3212cfd17922e360ea93f2e893b5273fbe1e104a092e35af329e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 12:58:03 GMT
x-content-type-options: nosniff
age: 2101702
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42436
x-xss-protection: 1; mode=block
last-modified: Sun, 21 Jan 2018 09:55:44 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 12:58:03 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame C2A3 3 KB
1 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame C2A3 71 KB
26 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame C2A3 0
58 B 18ms
13ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQIo1bwSsCyPTrSjivAUdLLoZMOaK1ju9zJTMzjJ9abrtGMGzNWS8ccIcakQIKvjkhu2JysuVRTSQsIetgQjso7A7JYIA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 59F4 3 KB
1 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 59F4 71 KB
26 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame 59F4 0
58 B 17ms
14ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8mnkBAYPZGyKs3ig1LjpRX8mK6auvjK7yDoHiYcAM9Yf0BSSqg3mVcMJ65plDWY397dWBRRxyDx4etM8lc5O8Vgu7Cw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 6051357394967952628
tpc.googlesyndication.com/simgad/ Frame 59F4 42 KB
42 KB 19ms
17ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6051357394967952628

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b7e3972b72883c7e89f294072595f195faec95343ccb2b1b50d5ca706647f1b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 14 Jul 2018 12:43:09 GMT
x-content-type-options: nosniff
age: 2102596
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 43172
x-xss-protection: 1; mode=block
last-modified: Wed, 09 May 2018 07:46:30 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2019 12:43:09 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 1F5E 3 KB
1 KB 18ms
8ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 1F5E 71 KB
26 KB 18ms
8ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame 1F5E 0
58 B 24ms
10ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTd9GiGYsbcJ7hjFnq1c30OkwOUb0Si-wC13vCvMSmRTuzxlw5g3_8oVp0cjvxLEoTkNM4b8Ze3zo2vJsVITWCisSqSpw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 1769951122764034276
tpc.googlesyndication.com/simgad/ Frame 1F5E 10 KB
10 KB 19ms
9ms Image
image/png 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1769951122764034276

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

19ac2a5dec18de96af24f5d8da292bb5515a44296811ca115cd047b5a17c5179

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 10 Jul 2018 06:53:49 GMT
x-content-type-options: nosniff
age: 2469156
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 10487
x-xss-protection: 1; mode=block
last-modified: Fri, 18 May 2018 08:06:21 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Jul 2019 06:53:49 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 29B0 0
89 B 55ms
39ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshdkL-RMkRHBOwfRYumkySV4zeSS5u_nlU5EOxB5mfF-V4LEshMHr8f5livsvdadbQOt5-tkx0GcCXNJej2boRAbYKWzsuBRFGRwMP1yJjbmRtSJ1Tu7hPrJbQe8VamPKAvddC62H6pn9mO_GDUAd9EG52jxVWQU2jIa3JWMmMxH9Q6TMSm4FJq7NHvNG4HChe9-b4WrMTCyIx2Ro1it6WVg9n9dAaL5eP8qR7GoOkBfHN7sVApyppNWECUPCozLKAsA&sai=AMfl-YRnumImG9lrmFL6nWehdNNv-yreLXpLPUmIsKNNn-epsLsdXIjXi_RLvwJYv8i9P_HidTP6_mANk1o0kfpPg_blCGhjC_7bXZt1V65ITw&sig=Cg0ArKJSzCQmxHpV19gYEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame FE80 0
53 B 60ms
43ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssvTS6-x9ommcekbW7vHXX5WWb6qCLuclUkzlm8MElmWdCEKRbDxHfOhy5prW2EVYr2fjUeTKTzgQy9tZnRTChS7r_J3DDKZUdoEQAlokGSblRQqH4OSDVbEHZWCoPih0baOv6W-aJ-iAN17oxHIwfOwSM0L3mYkljRviD54ZlZtIIz6c68EPthFBE2sXUsxeQamSjDpCEqdIprJw7E500njYQswttTsPChmAcTm35dn0A_RG_L4P0Y4Ahs&sai=AMfl-YRzQqnkORWn3eE-qYtk5tLt5_PNR957aA_oTwm3qy5Oe0uCy01Hh03wcdFkW0jjcTcsapkHeIhnaDHGhDaePs15SdHavBE3QJ2pLush7Q&sig=Cg0ArKJSzASqBBwC5m8eEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 73CF 0
61 B 61ms
45ms Image
image/gif 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRIYX9luZWa1yc0fLTz2S8nmbLOOpNnwdJx2RkupvmnMEQx7fT24IZCNWyCRhNT_E7gkGpUFRy_sxoBy3S7euNQuQs6U-GXUW-adMMqYK6KSzK7njwBT58-jFI5jSORcQhG5sLxOpQkgvIkAQCJ3HEgwkWnPNuB8YxeXJJdvvEQpbEb-fJN29wEMc0uKEj1Ap7SsK2RcKBgztFw09yVMddXnVWq78GK7SPitgMgffgi2dheaIqHm_3-hUa3aFwTI4&sai=AMfl-YTHlJwcPVWy2V0LM0lzn7CLxwD7LZ-5WE8Rt6RHX19txJ8INb1DuLLsg_NCkdbwRPKS9kZkERxbaNVKOT9TLvTTkzlz5CbAUTJoa4wE&sig=Cg0ArKJSzDE98aXItnFQEAE&adurl=

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Aug 2018 20:46:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 82A3 0
53 B 60ms
45ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv91TidVrEDu4TqF_3N3v3GMPuQroEliUnnMpkAr-cKdysgDfcyzpq9ZPRX4UjAA4kI6y5rI_sjmBEy_3GPX4XkmWUctv7jw3qxJy40qP3e9ItwOD0H80lxw_eobkwq9WtjcguKEzF_3pSIhb6OzWGaXJ2G0mbGGRg0wIH4yx5NGO6EP6etal67IuZAWmCwtBJyKG4OYRXaMp00AomcDNDfgygYRhPBYImdctjGrZZ3_5AKlSS1jng2PJo9bkBeX9c&sai=AMfl-YRFOug0RdDgPBIOBWDc6jycCxORQFYUwBzBEhNmf0P2RJTeEJHPA05GfYdS8hE2phz6GVjcz-A3F5wgiBcJ5fwEIBl9Hxm4tnBJM47d&sig=Cg0ArKJSzG-RTIRLvyGoEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame A388 0
53 B 58ms
42ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss66SEMcNwPjcfrJZnWWMLQnZNal9J4RwNQKUq_PFycbPHU3ZIjE9Be9PSSNY3sOFiT6hKrWqTKOFjj1I96ie1IoRqNrPQCrEhJlHRvRwFjCowb0eE0Q5fgE0-d_BOilu-47cYHzKunJIYHkq_9P9n0YvM9qUxngNtneCpvuqq_R76weGTmVirm3rz0TrfcX3kP3VY_lzoazwDpf4j4AyJEIa51HWbs9fZBVDCojf4WL6IjoWObg7uZdODA9VM&sai=AMfl-YSIb3Xi5-NBYghgMr8rOKWqBN5Q8mll5TLFW1Pdb5WSbs1zaKXh2w4l7xqboqoch3PXY3wHdfvCB4rTKHrDI03rWQhJZTGLkwMOA3fRyg&sig=Cg0ArKJSzHZcoM6B1GX-EAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2E67 0
62 B 56ms
41ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstjaYzYp0aIj6Pag07_vFkdmWFtnQPSY-xztSG45JfWWWUT5hiFg3eQ0GIh0Lr9yrmPViWe1VQnfxnbNCFOBaWbzpEbHM2C3b4GazcQklOCKXqdTCG0XObUi3D5tu0Fsztt5d7hFop6z8dOXii2L69PqorVGOs4dq3wYJFa_IC02A-UC_JiKwp63_zQhPcWb-HRyf1SHPsRk28JEMPmGdXscRRMPtU2af5J4CPwJAblSiwl8ABepCtOcKCa-l0&sai=AMfl-YRiT8AxEsAVcrtvZGYy_ivZh9CjW5hUZijk3pdg-a5O8j2ge-F95_6ZZVN1atD16Q4gj6Ld2Vt9RKNxN6znr3TXvs-GRt0f8E0fzGe1&sig=Cg0ArKJSzNrL2DUiFz4qEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame A030 0
62 B 57ms
41ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvk6RSPzuK73BF269Vhm1bHT1_fo8hP9SREiAunQM2R3sOQBh8wBsTBUCDyTTn7DlkHikopgvDtyNQ9cf6xvraVxHAPcM8xusEeifawr3eIDJ-NOI4qZWx8kD3l-0GletdQ7IJkckjqVsXZgaUDkBsBfFb8RwvE3nSTVm6fq18B4_MlOWF3fUEX96ZuHCOVLBPo5pEZQXpStVIZY4h6rkAIkRBfVenIcVnlYl-1aSem3EgPM2HcCBGP8hu79vo&sai=AMfl-YR8xw3OaAluhWlTbf29C1jVbkoF5s9DAbPIbZR5QPvEufkHviIlm0FUEiF3KGOyKE4qv--Se-QJj0Xoe3tM6SXQKUxtACIlrMZe0PO4OA&sig=Cg0ArKJSzH6DRTOd3jYqEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0B74 0
53 B 60ms
45ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvNmf5jXAA3lwpTsyk2C3kgSF_8UUAVpiw0p9_BKam4hyO1NAG9SHvjJojfMLfK8mNUu1b2YdmwPQoSA2VM8bqTfYTn-v-s4_w5ot_vwB_YgFpfIsQGyb6T-ARzgJ9gZYoYasSDWL6047932LWeLJdjj8-H47BuBFULbD_EVyFdVVV_bOw_czPKLNiWUD_DN1zSACsKU0wxZd9wPxeFsbGOHP-jy7QWqJZeOICeWyszZ31PW3Ut83jQf5r7aWM&sai=AMfl-YQPNqs76fy3_jpSaMFeXzu50AB21gZKsSfDJEuGH-RMv92hSMtyYOdHx_MeLDIFnXtq54h-d6mcWWLscTz0h5CNFUJOy42mF_Qq33GC&sig=Cg0ArKJSzNl5P_skeH85EAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame AE35 0
53 B 61ms
46ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsveGJYo245Jfh9PM8G97TD2Z9kMJ56F3sbHf43jBtuLpwb_cVuSxHWO-HNaBr7n_FeP-mkrQe_FiE-ebsuPi3NMoQOlJje66xp4F4aINxOKTCWivZIbaqCYJaarOQ4vx_l670VDHFcwVDZSXegafw1YbtUkvpfUmUUM_lFi3knVP7COJvWg5ElrD5B6ssLl4ON8geDeoK80wGrm4DBLVKLIrzauY3YhLo5ND0fHMI80f1XsxIytajJiKIOYxDg&sai=AMfl-YS-7BZXnBhB2wvJZpAjB8ycUY21-pfQYrFQbSVKBTVXyYBnV2HFJRROW_IuCSjG7l_ng71KY94p9eVFnMRBVskvEafVmjqhNgrBBBr8&sig=Cg0ArKJSzCuzJ26FWC7DEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1945 0
53 B 59ms
44ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuhkghX_Bv9nLSNyIiNvpoFAzELgAdFRn9eIedvzhFciXw9NCBbNeKaO7mIyJ94lbQAde0amTKZA0YgtVFOaDXRzSKzwGKjTJNgsvVVPWI-_LOfj8A52FzVWxb4tj7170Gw-Hg9jA4YmgX8Anq1P4rsVgPVL9Mr4wsKbubG37p5WP7d-Zx3iobnIDcn7z7Mfind7InQfP32ldQAN_tjDnDTmpiQN60uODoyhGR4PAmRsfaMoQbkLd4T96nmQ4E&sai=AMfl-YS8sSJJC1paV0zLdl_WXFa41opFBvgPc52wmf9fkuLr-_Y2CX7P8U4elXDticcYBRDepgBdsDU3RkHOROdw3gljMWgonA7SnEydqZIKPeJlOdnidYn0y7Vvezo&sig=Cg0ArKJSzLg2jae_W5D4EAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame B760 0
53 B 60ms
46ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBt86EUuscLz5zAihlory-NtDInSFgTMmBKJAdQ5vpz_Qd4_obLzTj3w4TtAZDFEouo0ceOiQ7rRBw0-Ydk412XEvQG1EzqAs7zdY4X1sgIxRhWKhUKckidQdiBtkomdJ0vKcsr_Fgd_eBA2s-EK1IoudkL9XVEX8TQ0Sm7CWF4Doi9vq916Ya6a7SoCQgqGASs6TJiKAY9NDQlNZDHmkMLQeLdQd3LmOME2reeWRbuOEcJUwLvw_T3LSUXuo&sai=AMfl-YSRUgBScYMYDJ_-G_CbN6KmhMQcUpoS3LWQxBynC4n34EFqL1b3zGUjFcF_Xp0jNYW34MJtptbRms9yTju-WLGBqUgSWdVi8jgqp0zSF-9EWB3tLIRbQz3svmiI&sig=Cg0ArKJSzOHNFq9NQxXdEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame DA13 0
53 B 59ms
45ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvC3fWZuyLEHR4BpQD6ShEPxzPpfMif6r5nwGffqFk4GlJ3mmW7RdHUWfT5JYsadV9MSvrYmMNj7MFdfN5x26ApI3XeipdC2-IAatScMI9GDKwuvIssqjEMfdJBOGH1ekfcWfxrlZ2sysyV9ppgqx4Ccux2B47PvE4Qu4as4dZ_Ht3mxGiIfbpUolIUczRqE_qqWQ9SU76xFCdo8-SXPaYaOCfxks_rekWXkZxxjR8SaDhzWw50dFWGDkF81RsfkY5GGUQp&sai=AMfl-YRjtwmApSl-ceSBJSBRETcR0QDp6DtFy9hIFv-dcOjAbP5GblgWPD0JPe0MNGMjmd21wdx5I7SdpX9kYYicBtUaCK-QnGv3B5lLtV_aG5fz_JPcC5majE5EqT11&sig=Cg0ArKJSzLqGeBQbokuuEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 59E2 0
53 B 60ms
46ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuelsgA0ZvH6WFwMYebYhZEUC4sFwmA9GdP6Cn72Orjn4CxXhYykR_RRqw0FeB-ihudnQsGFdhmFpxJNqaWRDgPbZIcu7Spql8HtADij7_3DEkmI1IbyZnIngXqUQcCBMLR90ZXsee6ZBj931e_ZbGFds0ENfJJUhMofZylBQqRHaWIoMsdiz21fE7tuQK6ypOFMPMRxFv4oLGYjQkB04Jq_JMO2kJSFC4_jScAjFwSoVzhVuTnVyR7L_yPK1I&sai=AMfl-YR5scM42fNtQKSCdC1nVagoAxKSkboBdqmj38g22LjkNVhztMLlFLRE_kIbHfwbJKh58RcgbwSrsuOfFOSHaqaJDCb-Kjxc1sVLawEhHDhxUfvqZKGGwfHkc08&sig=Cg0ArKJSzNXRNDM8tK8nEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame D5B6 0
53 B 60ms
47ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsslGnTkitMcQNrqPAzC4q9qmuVeyMfgJC-2qEXj7bfv0wRZWEtmBlCOIH8vjqBpWcfQmXen2c37wILwiqh81ZJob7KH_UuEzm3ewBkH_aE7Am6_mV4D0Y0ZkQRZ-L4FUhZbfVSuGgxJtJRubZ-BkTWK9xjl5EJC3mkhGL3SZWCBpjqH6uaeVbYi65DnlEIw50_SfqefR6vdPkJ9Z0B52JgpUCx7eP0Q6NKRF_3HT_aVG076fX8YSud-Ctc0GvBLG8RdeS6v&sai=AMfl-YQttPFnLT5jZOhR0_RagB7rWdH-u6E3baYVqMhM5tXYgkERaPXl376eYLpjWCta-fw8ivBI6Hh5S2icvqnK1UxLuCDv2DghuCj8ptzcHfs1Rz6lW9I88snBRaM_&sig=Cg0ArKJSzJ5PX3vNOos-EAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 1313371143828290157
tpc.googlesyndication.com/simgad/ Frame DF0B 39 KB
39 KB 19ms
5ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1313371143828290157

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a41212d22124dca99b596be6f72e026a91951a30bdf6e2c34a5144f7841a464b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 23 Jul 2018 21:00:24 GMT
x-content-type-options: nosniff
age: 1295161
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 40288
x-xss-protection: 1; mode=block
last-modified: Mon, 23 Jul 2018 12:42:20 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jul 2019 21:00:24 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame DF0B 0
53 B 60ms
47ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstr3I2BLFlGxN6lZFtCtjd1PsPdByx1qOjE5GaALJomcX3aZ3M46-lz_p2NHLTg93m1HT80QaGpjfzrW_PExj7MbxUCHzn2KQSj7WFMugzfA3OTYp13EK19UPZPp15qmTlapLk55loDB_Pttmj8BO46EBmBlhJ5zVlDDmJC3boU2BG1uUDeP8MWizWlsMWFDsWQupdx2sW31hTHHKiFtSim2WvFoJ5GtYLmzIlYsKq4iep9emQhoj55YDF4jkWB&sai=AMfl-YQD5m6f2dWYlAywwndan_oS_MhSTEPYZCLWBRXgHSoe25uhVJj7pKGoiVLtEoqhn9Wnq8CEgpy7k7iqUHr4u_57FygrPrbcwZRssz7x6c8ujhKtnHo2BZ-4hRpn&sig=Cg0ArKJSzOrVWI5M5HPWEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 204 l
www.google.com/ads/measurement/ Frame DF0B 0
58 B 26ms
13ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR5c9kQ6soJWyjbSLKePOqgFjJ3Vq-rdUYnH2wo5eSIu2J_DjNSTeh7MZhi5hQRA505dYz3p3SWgCrsxjjMTpIVxwHiig
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame FA0B 0
53 B 59ms
47ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv2yChTFEozRmLOAIE-QFBv1zWIOJh4OuQlRvadHMqqdrioHwHyCoXK_cn-s2myYCgly5LvnjW1jhMeXv4fsR91iMH01T1RV35684U9S96PZl4cNafMbqo9JZjPG3iQLI0ajsSr7kj0zo1R66FOhwfSU_EOgkQV4yu4jiJGMfPSXyw0OYTLhHjWbNi-aFVKFIH1C5lTc3YwboGVk5SPzE2dmPtsErVd_fXAutA0yb1028zA05LyM0iHObFmiXSN&sai=AMfl-YTre8oC1Y8K1btDNzRhf4pTHM3CD8oR21HHw4GcD20HPpKAb7sxsM0cUWgD2CdF0FzxyP7tkEb3yeKZ8Dcrr8F_EsG1YYx3En0uqGQ-ubF34MWAcEIuQK1RrOU&sig=Cg0ArKJSzKzAN_ZgpNYVEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 897E 0
53 B 59ms
46ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvFC1iYo4bRNbtY1huRCeWqAcVhR-NH-gDF01z5WwLic4fXZpMd8Ks7Bs-MyN0cRF72gRHn85lqeQFltQd3yPR20UEmQpu6jTVKkcy28sLFzBlyZnkz7Xc7gF7OAdvOmkV3GmQK10v0dB5wt7HWcMfsNx3P9ZxUfWHpSXUo1zcyxF-qCZw9O99jM6qdwSFrKbmjkk_hlqoYIajMef1utGoCA3rOB_I9j4RdYPeA5hbpXVYmWIWwfiVz9_3aI3O9&sai=AMfl-YS57RqtyPT_eIbKPDPgtNphzKxhVhunRJE-ot82HZqPmwJxMvzhtyz8kIPYA5qsvrtlpO7JSQGW1NKXKxL-K6cqLdWaJH7J0Ymp7shM5tpbtldd9darJ3g7L2GD&sig=Cg0ArKJSzGqR_kor148zEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame D6AC 0
62 B 60ms
47ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssryuQhnxHk5rbzADXg2sVAXee_a2vCH-ygZJdI4KAVAGXW7YslWuxcWV2sIcsVRZIJ3742P9aLdpiKkwj9tWCeQdglmZ8cIPl5VBoNtWZjorj4Yp42idNDHUVCY3OyK0Wye7ZWdXb0wPKld1-Bf74iVHOQKUZ6e_u4qo3qedSZ4tNV5on65HkQkHHCfDcxMF7sT-bJSuqeTpbNOI2ZmYfd33c4dqN8xm6KTYv8L1qpdp1x4xHMAKEXMwh36E4g&sai=AMfl-YS9A8V9HpndXR6x5lD6UJ847djjD1mWLlf9pGjJQBk7Np8yBIyrHyN4auBRHyEFU7sB7stlJdgo4a3_T3nehssilkCNrMissZAOdidnNBNf1_JImnlajwlAKXW7&sig=Cg0ArKJSzNjFVmJwPVFnEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 91E4 0
53 B 60ms
48ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQQ6OhGdkmwK4yQqttYU4oVvvm7EdmeKZBP8l_rcOMkQvMCiafGIVhqrIateiZiW7HF8Y_bLFILkx-xTFHB9L8UEWGtnET3JpQPUc-7h-5fL1lLQkQQjYznUsvRGoYlW5lu-xNc5uyyM5oNnat5VjPDOZOWOQ59584xrZslAxHe_DsK3uXWfySfAHZe5TU8wdpSy6ewmSGpg4BkmSXiYbKJ6_kBuPP8PSKrgHjihMo3EObSwZCteXzjXU84Mdzi8mlAz0_&sai=AMfl-YQbxEwJ2IOLLwhVXssPdn-0onf9rbU11p96CtNxbtatPKRtRVaaR4hZbVR1Om_Th9xqzed1q_tlVlGKkisEPBPuR2iTbS_NMb6epX9N6ZNsShUIw06de7f25zc&sig=Cg0ArKJSzLfORKxJszjoEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame A9F3 0
62 B 60ms
47ms Image
image/gif 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvWmTO7RG0bP3pftsKDhuhHrNG83zGiqjZfM6mDU7qbXiO4WlC_ohwYZzYh5jEVsBUhf7-eYzSVwULBfr-kswuiZfDbv95Q59iFucajyrK5vLuSds0VTnqBQ__Xcth4bohWgEysCWfzd4og_dYhrgCYIcT5XcFp0MCLGj4LcW6MAR2Uku86gU4iHl7xw8INfft5X3HqA6z0MOmpcjDR58SJrNHHk3jBAEkz4_ZuFrjObgcjOL-CS__9GfxOmU4&sai=AMfl-YRJYqxpZzf6qRgcPk6AOMn-mUwj6nbBPuABONpcVbNq9qE6hmeHjqS33Ug7vx-IdiIsvZB42F4mCWvmhmgfRTVa2vtYrI_Ki5QXik60NRzoZIKf2jW21Bd9Hufs&sig=Cg0ArKJSzGy__wNPVYRsEAE&adurl=

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Aug 2018 20:46:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame DE48 0
62 B 60ms
48ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuorM3BZAysOe8iCNszzPazF0YrdFI-EvSw1Kh2AExpWzzIGsaGB1xSBtM9fg30zFYWEFfGDQl4ctEqE6y7vOP1PsWZou6TjijGEJpcvC7U8C-pOKJuTc8tQ6rRnE4h5kI_sXjVOONvb_DxepwbzNEcMdqW43h5fmvnHZ4HyXGO5fhS2tvgrrQO2zWkYvyIW96ehEwH8_xLAIzxB2e9S5qK1Sc7VyML4eHjrWRi0HPQIODSc45WhlIqnmzOTkTD&sai=AMfl-YTycXBzew4XYI2MKPSXtJYjih9PgGrg9YwKaeJLRQ1UYyqqz21As5-5HZG97SlbDlaS8rCQdmBGlST-Vj_3cJq2bwwmd8IDwk6QTMwzpo1JmVcPOZ8iE0KpAQA&sig=Cg0ArKJSzLsWj8n4YcQDEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame C2A3 0
62 B 60ms
48ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv7a2XDPM2bgSXgkM-PMwQ8iJSmrh1mHtCubLEvOuZMmEqjvV4ezo77Ve4Hw5qF73GxfJvI6YKMU1oxDtxG7c9TbIv0hmmFNX9mGbHzV7zehl47G-cDxfrblbKiMM3an2nOPkKrSLTfFaf4EKZHCX98kr2bWHJi_0R-Pv8G75OR3VmVK5qyWllBhFIkSY9qCYcndvGLHD5vZmNRa6FIL-XuppEEPTDtB5GnHd58HjDnPBmVgaQFpp_EeiCJPsTY&sai=AMfl-YRZA3-q71opHaAtp95eCyqYelaRoriRc2kTBLcfCBF94kBS9SQ8oiKYov6Uaf8XiDtA5nxePGiySZUZpVYC_Z76etLItObOjk398mpjtQlqBB97bfyIyQck1IXl&sig=Cg0ArKJSzBWUfpwo1dWVEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 59F4 0
53 B 60ms
48ms Image
image/gif 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstUe-rks2tLrP6k3iG-ufvAfDyQXt_PpRVLZgVqWl0haek7yHxEHVhsFfAjvPv_mxrD_Hf0Z5wNIhN95ESsfnR4ay-WyPrF32CTjQF9fu-2Z78V5W1R5HCCKVmiD2UrakTVNoL1yDPa-W8bYAcJIm7gEJVWDdFqq9GY1RrxKKfWAke7-JCtpsN-nhccc4EsfSf9PbxqzCyaSqPX4nqbc9y2UeD9hojZnAdhJTY0LoMZ2GqZevEKbbFJnqpqb0zg&sai=AMfl-YQh7BjLfSiVmxP2nrHRCSIFx6XePrJUug-0xxGlq3XUWJmygdEU6vVIXfXpfcJ088TQwQ-EoQ1hPZjubWbUT3ATK9wAkQ_JBzCHumKqP9_k24b7t_RorH-SJdw&sig=Cg0ArKJSzEfjCpn43C6qEAE&adurl=

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Aug 2018 20:46:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1F5E 0
53 B 59ms
48ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsup5SMNT_BtDvWgEzwLXDQ-Ka8jxH_mBQO5DvUW_Qqn_1Nw3soLBjffv0mQpOZHWCjcoe43XEzzDNYLBKFXzLyIFb692yTuJBnv8rus2w4zGabEwGB1aKtA2iaQf34S9pGEqype77bQVdQue6zOMXz6dPzvHScoYNfPu8FeOAQMsD4Cp0C1d0ogRDZynnmpMvNRvRvDbtximMSa285O04BiBB-P4nn3c0C9EOeJ__bT4ZBKZY4bEXwzrsiJ6d7j&sai=AMfl-YQIppS9jufy711gjM8Rv0icHtSgfWKyMzIx27ozODwz9U2F8LOZ7NkJVyN4KA-LMmbp16qGSa8RAL7GFKBsH9nvzIyGb_ZXJet8ITxC-zILu3pawKHNQY-YfgM&sig=Cg0ArKJSzLUpw8MWRswqEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK za_widget_348e.js Show response
drf8e429z5jzt.cloudfront.net/js/ 651 KB
183 KB 337ms
13ms Script
application/x-javascript 54.230.95.41
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://drf8e429z5jzt.cloudfront.net/js/za_widget_348e.js
Requested by: Host: d2muzdhs7lpmo0.cloudfront.net
URL: https://d2muzdhs7lpmo0.cloudfront.net/widget.js?id=19762010&secure&8520415
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fb572ddb80148baf463f0fe6c4cd785e0991a4b63ef0aa3c30ff0def31e426ff

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 30 Jul 2018 12:05:37 GMT
Content-Encoding: gzip
Age: 722450
x-amz-meta-cb-modifiedtime: Mon, 30 Jul 2018 11:59:50 GMT
x-amz-meta-cb-realsize: 666450
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 186471
Last-Modified: Mon, 30 Jul 2018 12:01:41 GMT
Server: AmazonS3
ETag: "ec5ffc793635b93a4751a925e7e4a78b"
Content-Type: application/x-javascript
Via: 1.1 bb93dfaee440e32ac88831363641e2c2.cloudfront.net (CloudFront)
Cache-Control: max-age=31556926,public
Accept-Ranges: bytes
X-Amz-Cf-Id: WmvulBbg75rBJRYcU9FWJXHCXLoFemOb2PFrocqt-z1esVnjPaBe0w==

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame B054 3 KB
1 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame B054 71 KB
26 KB 12ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 200 10783059095966920708
tpc.googlesyndication.com/simgad/ Frame B054 12 KB
12 KB 16ms
9ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10783059095966920708

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d9325b6277dd43c0d927a0d61080bc3f53c509866167cc710c46576ec8aa71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 20:20:55 GMT
x-content-type-options: nosniff
age: 2161530
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 12495
x-xss-protection: 1; mode=block
last-modified: Tue, 13 Dec 2016 10:17:16 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 20:20:55 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame B054 0
53 B 51ms
45ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuPZ__2h-SB9La8o2OoSPw0W8R-TrBZAwwfghrlkRSmYWUhfJjA_gAO_70jqV7hIjE_BJOQsQbaCgTYEVWIyKJOXVhhV-DX2PMQqc7zrCzkbo4CrrBNYGWjTl7z1JnlPQaZ_fNZ8gARVfAxiPvFdVcGl_eWv78nq-UEo7bOZ6KoBpgw2zgUeNpZk_LAgoOYj9Injk7T1GTHxp1kowRBKF9YsaHgPRcSN1NNpyEQf17MVqite5D2A5klKweJhGy6&sai=AMfl-YQyHKpCXniyY37bToq_D9EWnuOZi75TsBFR9tozYDKXzEp0PUtjGQJMEaujc91yDn86N7iXgxK1zTXdOB-5vBPVjUZVEwZcOQPBDVEwi_ZnLCT4k6UigXgpW3I&sig=Cg0ArKJSzNG5MiG13BR6EAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

GET
S 200 14428181134556396145
tpc.googlesyndication.com/simgad/ Frame 25C1 19 KB
19 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14428181134556396145

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a47eb2a049419655bdd5f5f9f9ac681b474778d4e22da74596fb8fefde277fa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 13 Jul 2018 20:20:55 GMT
x-content-type-options: nosniff
age: 2161530
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 19583
x-xss-protection: 1; mode=block
last-modified: Mon, 28 May 2018 07:21:47 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jul 2019 20:20:55 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/ Frame 25C1 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1349
x-xss-protection: 1; mode=block
server: cafe
etag: 8956746284566214480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:45 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/ Frame 25C1 71 KB
26 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:35:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 26366
x-xss-protection: 1; mode=block
server: cafe
etag: 17113453447230713914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:35:48 GMT

GET
S 204 l
www.google.com/ads/measurement/ Frame 25C1 0
58 B 14ms
14ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQUytgSuN0MEtrPZTt-1BaQPxba_QKtyYWWPRWHjC845fIHFeZE30nA-4uQ7_U2yPsVAMWYs76y3hC_YUufHEQqPpzTbg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_237.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 25C1 0
62 B 44ms
43ms Image
text/html 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv92tebg0_TsjU66GhBdQxsYmbhlusKDdBnhsGt6N7ly5kQNgBcd8ZtbjyPyJCoVLoXYCipX1SnJ1oY_ciK-IndZRL1Bejjh4ofiY2KsQUFynWZ8IqFaJZiC9eD0LHPGjRPpu0sl9OBZCNxeDXULONTY9cA6OToYXGRVpeyJRRKWb-n8s9B3_s4-g_5v_xccuSX-X8lH36X6saBLNHUU4k21FflS5LTv-l-2E2Q8VALZaxZ3heblaG_c0mNKSxx&sai=AMfl-YTnVU9ndzGah73ZLqpoZofmLSuxIFE9U8aMQc-OlOptMu4HC2BLuhiokdaghyhA9aahPBcESjHqCWSfDUkj0zSQf8qtq9541rHWB8C3SpsuwbaBdpIK0Cq3I-k&sig=Cg0ArKJSzLabAR5VWSccEAE&adurl=
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s17-in-f66.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: private
content-type: text/html; charset=UTF-8

POST
H2 200 /
www.facebook.com/tr/ Frame 8EF2 0
0 8ms
5ms Document
text/plain 2a03:2880:f11c:8186:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://www.facebook.com/tr/
Requested by: Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 5155
pragma: no-cache
cache-control: no-cache
origin: https://www.geektime.co.il
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.geektime.co.il/sub-domain-hijacking/
accept-encoding: gzip, deflate
cookie: fr=0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
Origin: https://www.geektime.co.il
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

status: 200
content-type: text/plain
content-length: 0
server: proxygen-bolt
date: Tue, 07 Aug 2018 20:46:25 GMT

GET
H/1.1 200
OK tweet_button.cb6df5c11eb74c4885e17101a777cb60.he.html
platform.twitter.com/widgets/ Frame 6A9D 0
0 12ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.cb6df5c11eb74c4885e17101a777cb60.he.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41AB) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

Content-Encoding: gzip
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Aug 2018 20:46:25 GMT
Etag: "9b882dc825351e8a8ff79ff39729216c+gzip"
Last-Modified: Fri, 27 Jul 2018 16:47:04 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41AB)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 12906

GET
H/1.1 200
OK tweet_button.cb6df5c11eb74c4885e17101a777cb60.he.html
platform.twitter.com/widgets/ Frame 5071 0
0 8ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.cb6df5c11eb74c4885e17101a777cb60.he.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A2) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

Content-Encoding: gzip
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Aug 2018 20:46:25 GMT
Etag: "9b882dc825351e8a8ff79ff39729216c+gzip"
Last-Modified: Fri, 27 Jul 2018 16:47:04 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41A2)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 12906

GET
H/1.1 200
OK ob_logo_16x16.png
widgets.outbrain.com/images/widgetIcons/ 1 KB
2 KB 6ms
5ms Image
image/png 2.18.234.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_16x16.png
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 77f703c4f140a4a24d0fb351cc4e36716ccc4e7c5cac201f28b09a31d5f84f67

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:25 GMT
Last-Modified: Thu, 02 Aug 2018 14:28:00 GMT
Server: Apache
ETag: "96dd1eed1ecd3297bab335082e4a072e:1533220080"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/png
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1524

GET
H2 200 almoni-dl-aaa-400.ttf
www.geektime.co.il/wp-content/themes/geektime/css/fonts/ 54 KB
31 KB 44ms
40ms Font
application/x-font-ttf 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/fonts/almoni-dl-aaa-400.ttf

Requested by

Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

7bf386cf0cffe89f0f0937f8c2b4bef5e4fa5c4d1d4c0ed4873af5ac2e87f51d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/fonts/almoni-dl-aaa-400.ttf
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785; _gat=1; __gads=ID=74a56b73986488d2:T=1533674785:S=ALNI_MYkZAl2vNc-OCPfZKWad2UN7UecNg
origin: https://www.geektime.co.il
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.geektime.co.il/wp-content/themes/geektime/css/style.css?x35493&ver=1533580828
Origin: https://www.geektime.co.il

Response headers

date: Tue, 07 Aug 2018 20:46:25 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153374-23152963 PNNN RT(1533674785318 0) q(0 0 0 -1) r(0 0) U18
content-length: 31354
pragma: public
referrer-policy
server: Apache
etag: "d938-572c89c7cbf00-gzip"
strict-transport-security: max-age=31536000
content-type: application/x-font-ttf
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:25 GMT

GET
H/1.1 200
OK achoice.svg
widgets.outbrain.com/images/widgetIcons/ 3 KB
2 KB 14ms
7ms Image
image/svg+xml 2.18.234.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Aug 2018 14:27:58 GMT
Server: Apache
ETag: "9d26fa4e7238ed94f1d0d92afb453b3e:1533220078"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1368

GET
H/1.1 200
OK obFrame.htm
widgets.outbrain.com/nanoWidget/externals/obFrame/ Frame 583A 0
0 28ms
20ms Document
text/html 2.18.234.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/obFrame/obFrame.htm
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: widgets.outbrain.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.geektime.co.il/sub-domain-hijacking/
Accept-Encoding: gzip, deflate
Cookie: obuidt_a5402d4355ee=1533674785609; obuid=82b2cfe1-c437-4175-8bce-a5402d4355ee; _ofcap_DOC1=AG8AZgBjAGEAcAACAAAAAHlcqywAZAMCv4oAZAMSryMAZAMgngQAZA==; recs_bb6b03c5cf4fca583eeb14409ebfa091=0B2036116268A2035071877A2037130625A2036208806ACD1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8
Referer: https://www.geektime.co.il/sub-domain-hijacking/

Response headers

Server: Apache
ETag: "e6fec2d067781e804b0f040fe10a9a09:1533643344"
Last-Modified: Tue, 07 Aug 2018 12:02:24 GMT
Accept-Ranges: bytes
Content-Type: text/html
Access-Control-Allow-Origin: * *
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=604800
Date: Tue, 07 Aug 2018 20:46:25 GMT
Content-Length: 2745
Connection: keep-alive
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST

GET
H/1.1 200
OK eyJpdSI6IjNhY2I2NWY1OTQ3ZDRkYWI4OTA1YzlmZWI4N2NmZjJhOWM5NDY4MzhiMzQzZjE2MTA4NTY5ZTkyMDNjYzBhMWMiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
images.outbrainimg.com/transform/v3/ 7 KB
7 KB 54ms
6ms Image
image/webp 2.18.232.28
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjNhY2I2NWY1OTQ3ZDRkYWI4OTA1YzlmZWI4N2NmZjJhOWM5NDY4MzhiMzQzZjE2MTA4NTY5ZTkyMDNjYzBhMWMiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.28 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 58215e9ae0354094337a2ee46b7faa4a84767b31dd55b8756381f5862d4a2899

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Aug 2018 10:09:43 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2079285
Connection: keep-alive
Content-Length: 7014

GET
H/1.1 200
OK eyJpdSI6ImM2Y2FhZjk0ZDgxZjMzYzdkMzEwOGFmNTgwMTY5MTBmODcyMDE0NWIyZTRmNTdiZTdhZjIwNDc1OWE4ZmMzNDQiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
images.outbrainimg.com/transform/v3/ 5 KB
5 KB 54ms
6ms Image
image/webp 2.18.232.28
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.outbrainimg.com/transform/v3/eyJpdSI6ImM2Y2FhZjk0ZDgxZjMzYzdkMzEwOGFmNTgwMTY5MTBmODcyMDE0NWIyZTRmNTdiZTdhZjIwNDc1OWE4ZmMzNDQiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2.18.232.28 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-232-28.deploy.static.akamaitechnologies.com

Software

Resource Hash

925512d66ea196076682aa29dab7bf3ff3bacb8a4a9ba5251dd0c631f8e7d2c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Encoding: gzip
Last-Modified: Wed, 11 Jul 2018 09:06:21 GMT
Date: Tue, 07 Aug 2018 20:46:26 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=1045341
Connection: keep-alive
Content-Length: 5048

GET
H/1.1 200
OK eyJpdSI6ImZjZTNjYjUzYzFkYWFkNTE5YTcxMzUyZjU2Mjg3OTI2OTE2NTIyOTAxZDEzOTQxOGFkZmU4ZjBkNDg3NWI5ZjYiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
images.outbrainimg.com/transform/v3/ 23 KB
23 KB 53ms
6ms Image
image/webp 2.18.232.28
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImZjZTNjYjUzYzFkYWFkNTE5YTcxMzUyZjU2Mjg3OTI2OTE2NTIyOTAxZDEzOTQxOGFkZmU4ZjBkNDg3NWI5ZjYiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.28 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 008ba97d2744e7b0e9444cf7e2482ac97d5ae4c0edf4c19348b33f2aa204ffaf

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:26 GMT
Content-Encoding: gzip
Last-Modified: Sun, 05 Aug 2018 15:17:36 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2269887
Connection: keep-alive
Content-Length: 23273

GET
H/1.1 200
OK eyJpdSI6IjM2ZTU3ODJhNzE5NTBlMjAzZTU4NjdlNGJiMjQ0ZTU5Yjg4MGRmZjk2Njk5ODYwYjRkMmQ5MTRkNjA2YzZlNzYiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
images.outbrainimg.com/transform/v3/ 4 KB
4 KB 74ms
27ms Image
image/webp 2.18.232.28
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjM2ZTU3ODJhNzE5NTBlMjAzZTU4NjdlNGJiMjQ0ZTU5Yjg4MGRmZjk2Njk5ODYwYjRkMmQ5MTRkNjA2YzZlNzYiLCJ3IjoxNjUsImgiOjExMCwiZCI6MS41LCJjcyI6MCwiZiI6MH0.webp
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.28 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 86091c7144ca02cd813d34991149e8517f91c5c88acaa6fe531e7ed2a356b9ed

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 20:46:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Aug 2018 14:02:59 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2095396
Connection: keep-alive
Content-Length: 4036

GET
DATA 200
OK truncated
/ Frame 29B0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9c84c1be59c044087f641f4b76e4d148531f68bedcb71d1a5c373a0a546fa4c

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FE80 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec4db13b0ab9ab1d19dad36b9d0304cec835a0a20e387357198f0e97bad32788

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 73CF 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d839732a2079e6a7b3955d1938fe01cd08a0a210ac0a4c8a27d51caef2cda5f0

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 82A3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 360279a2268de57bb2ca84fb3fd3eab5c87d1dfc090b44ac36a4c4af58f51a4c

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A388 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44728f6f40b060ea8f79068188b77b261955a32664eb89e7ef645e75cdba4111

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2E67 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0a333d7889dfbee195a7219b3274485b93351142969b5458c4d9c15dd6a2c083

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A030 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72f948aef2f06d5980fc2b24ffe05ddff22137bcd654572c47e15863281ec3ce

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0B74 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70a5a83735503304b267717c6034a58b170316e74dec705e0e4f786f8f04c726

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame AE35 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 853069c5c0b7677ab2a8191a390ac98cd35dd3d09515cc100d6827e656c803fc

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1945 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6efaad1ed2b57c0d6896c4b93967f13d7fc544e6b73a50b3ca06172291b8865f

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B760 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab3a0a67390def19ea098e1f7a13a2be2af61fa50d4404c2400ebca2c5b7a603

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DA13 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 737463e0eb6b1e1ede3caac19811311bf987f649d32913f87ee0fbb07f6d0200

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 59E2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf350d0c8194c08a0e549fbad3ed6944aa1c5fc821c630f8619f9291fb5e51f9

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D5B6 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb15f3ae8871ad23912761e2b429dd0eda9b7e870208e96afeebce4e72591e0e

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FA0B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 663329b35c6942305e6952c474e878c87bf84ca2317ab0c59e0dd976f40de2a0

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 897E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae7eb27278ddfe9e2ec41b2626d186ba0e0d0ae4e55bc8b4f70a18471d557210

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D6AC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1769731061c6f05bc603f75792b72bc1aa22e29f5dafa9b1ec9a68398030b556

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 91E4 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e99477737be95f393f9fc22b8003715a28e9f0d7b322832df252eb461fe81196

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A9F3 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9d50e464740a306424d9b96d66636198740540f8a92fd4a3a51d17c9b52900e

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C2A3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd6f7a0a762b822b14435b73390f16b322f7c2088f7d423badb623cfc951874b

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DE48 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e31ed6b8e4408de919ac4c8bad711b3c340501b6ac4ce702d8a44f73faf2d4da

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 59F4 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0375d9cae30ba703e380705d2b2ec49b2a32c9836cd76d10e5ebd75c36dc9881

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1F5E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95ab65273d4f8736a1b539178ce47ea8b481fd2f11f4b736ec17800274c0a0b1

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B054 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9a8ec9c485da3e47219c9923e7dbc8966e7b6f54f01ade3fbb4ac136c670be8

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 25C1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef3047d41a80348a0f49e0d45162615488ac3c9c1105c3885e91826058add50a

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 rum.js Show response
tpc.googlesyndication.com/pagead/js/r20180801/r20110914/ Frame 29B0 41 KB
16 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/rum.js

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:810::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb3ea51f7d25a9f40c5f5297875da8833c3752c470071ecb03df8afa58afb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 06:32:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 15804
x-xss-protection: 1; mode=block
server: cafe
etag: 12872360508127877586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Aug 2018 06:32:46 GMT

GET
H/1.1 200
OK widgetGlobalEvent Show response
log.outbrain.com/loggerServices/ 4 B
299 B 353ms
90ms Script
application/json 74.201.198.92
Internap Network ...

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrain.com/loggerServices/widgetGlobalEvent?eT=0&tm=1464&pid=1381&sid=4875670&wId=101&wRV=01004900&rId=b3e619311996400e910890f4611fead9&idx=0&pvId=b3e619311996400e910890f4611fead9&org=3&pad=1&pVis=1&eIdx=&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 74.201.198.92 , United States, ASN13789 (INTERNAP-BLK3 - Internap Network Services Corporation, US),
Reverse DNS
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Aug 2018 20:46:26 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 4
Expires: 0

POST
S 204 csi
csi.gstatic.com/ Frame 29B0 0
202 B 45ms
15ms Other
image/gif 2a00:1450:400c:c0b::5e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~jkk6dawv&ctx=2&gqid=IQVqW-e9Do-MtgfU9J-wDg&qqid=CJaVmubn29wCFZiK7Qodg3YHgg&met.4=fb.d9~lb.ls~ol.s2~idt.ii~dt.5&met.3=123.lo_4~121.ls~118.s0~117.s2~115.uh~122.uh~118.va_1~115.xq~122.xq~113.xt_7~112.xs_8&met.1=1.jkk6d9z3~14.9o~15.9o~16.9o~17.9o~18.9o~19.9v~20.9v~21.9v~22.ll~23.ll&met.7=CB4QChgBIOADKOADMOcDOAdo4QNw5wN40QyAAcUKiAHWGLABAbgBAw~CAcQChgBIOEDKOEDMO4DOA1o4QNw6AN49s4BgAH-zQGIAce2BLABAbgBAw~CBcQBhgBIOEDKOEDMPgDOBdo4gNw7gN4-rkFgAGkuAWIAaS4BbABAbgBAw~CCIQBhgBINYEKNYEMI0FODg~CBgQChgBIOkIKOkIMPAIOAdo6Qhw7wh4snyAAbx7iAHFygKwAQG4AQM&met.2=15.5~16.2uwj
Requested by: Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20180801/r20110914/rum.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a00:1450:400c:c0b::5e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
status: 204
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame 94FF
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

6ms
6ms

Document
text/html

2606:2800:234:46c:e8b:1e2f:2bd:694
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4184) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 95BB5AE0DC371FEBA5EE7408E70421D8

Response headers

Accept-Ranges: bytes
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Aug 2018 20:46:26 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Fri, 27 Jul 2018 16:48:03 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4184)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Tue, 07 Aug 2018 20:46:26 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Tue, 07 Aug 2018 20:46:26 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 668589261b8d71c1dc9dc89c4044c50e
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 119
x-transaction: 000ecee500b30e58
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FE80 42 B
178 B 14ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstAw_ZdhqlygR5sYYfZVVoGx33X3nxc_OyKYfPD5BNBGgwpl9_Dc3ZKJAMmUM_qxVTeEF7rhvKiM972j8qLQGlERVxBF5CXoZQ&sig=Cg0ArKJSzBxwETFqc_V7EAE&r=z&adk=3768781946&tt=462&bs=1585,1200&mtos=0,0,0,0,0&tos=0,0,0,0,0&p=0,0,0,0&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&rst=1533674785705&rpt=425&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-56-27--1-26-1&tvt=441&op=1&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=5&clc=0&cac=0&cd=0x0&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK InitSessionApi.php Show response
d2muzdhs7lpmo0.cloudfront.net/php/ 636 KB
53 KB 185ms
184ms Script
text/javascript 52.85.177.71
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2muzdhs7lpmo0.cloudfront.net/php/InitSessionApi.php?customerId=19762010&host=www.geektime.co.il&Referrer=Direct%2FUnknown&OriginalReferrer=Direct%2FUnknown&PrevVisits=%5B%22NA%22%5D&LocalTime=20%3A46&url=https%3A%2F%2Fwww.geektime.co.il%2Fsub-domain-hijacking%2F&initBuckets=%5B%5B-330%2C-351%5D%2C%5B-355%2C-376%5D%2C%5B-598%2C-600%5D%2C%5B-24%2C-30%5D%2C%5B-63%2C-64%5D%2C%5B-16%2C-18%5D%2C%5B-42%2C-43%5D%2C%5B-45%2C-46%5D%2C%5B-53%2C-54%5D%5D&callbackFunc=__ZA.initSessionCallback&tHost=geektime.co.il&getMapping
Requested by: Host: drf8e429z5jzt.cloudfront.net
URL: https://drf8e429z5jzt.cloudfront.net/js/za_widget_348e.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.177.71 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-177-71.fra6.r.cloudfront.net
Software: Apache /
Resource Hash: 633ae5bda96bda0811aa1e5f401fb16ec7efcbde386166fd8a6062ae3ad1093d

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Aug 2018 20:46:26 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=UTF-8
Via: 1.1 f17892129c0657c8d9d0809a1b0b00be.cloudfront.net (CloudFront)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache="set-cookie"
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: PnZ7rsyxFz0gXEhJS4rErnJvLObJiool-4A2P3DzoPPJnsqQRdZbOQ==

GET
H2 200 popup_bg.png
www.geektime.co.il/wp-content/themes/geektime/css/images/ 21 KB
21 KB 32ms
32ms Image
image/png 45.60.47.210
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geektime.co.il/wp-content/themes/geektime/css/images/popup_bg.png

Requested by

Host: drf8e429z5jzt.cloudfront.net
URL: https://drf8e429z5jzt.cloudfront.net/js/za_widget_348e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.60.47.210 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Apache / W3 Total Cache/0.9.7

Resource Hash

77846554e574593c5f132836a95feb3c24a6ddff6a52a7240297731c7415b4a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/geektime/css/images/popup_bg.png
pragma: no-cache
cookie: visid_incap_1337684=zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7; nlbi_1337684=8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL; incap_ses_260_1337684=AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==; _ga=GA1.3.950697005.1533674785; _gid=GA1.3.1169463901.1533674785; _gat=1; __gads=ID=74a56b73986488d2:T=1533674785:S=ALNI_MYkZAl2vNc-OCPfZKWad2UN7UecNg; __za_cd_19762010=%7B%22visits%22%3A%22%5B1533674786%5D%22%7D; __za_19762010=%7B%22sId%22%3A12446077%2C%22dbwId%22%3A%221%22%2C%22sCode%22%3A%22327fa8068644ce94d46d41685e25b652%22%2C%22sInt%22%3A5000%2C%22aLim%22%3A1000%2C%22asLim%22%3A1000%2C%22na%22%3A0%2C%22td%22%3A1%2C%22ca%22%3A%221%22%7D; __za_cds_19762010=%7B%22data_for_campaign%22%3A%7B%22country%22%3A%22DE%22%2C%22language%22%3A%22UNSET%22%2C%22ip%22%3A%22148.251.45.254%2C%2035.158.136.162%22%2C%22start_time%22%3A1533674742000%7D%7D
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.geektime.co.il
referer: https://www.geektime.co.il/sub-domain-hijacking/
:scheme: https
:method: GET
Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:26 GMT
vary: User-Agent
x-cdn: Incapsula
x-powered-by: W3 Total Cache/0.9.7
status: 200
x-iinfo: 4-23153545-23152984 2NNN RT(1533674786242 0) q(0 0 0 -1) r(0 0) U18
content-length: 21655
pragma: public
referrer-policy
last-modified: Mon, 06 Aug 2018 18:40:28 GMT
server: Apache
etag: "5497-572c89c7cbf00"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 07 Aug 2019 20:46:26 GMT

GET
H/1.1 200
OK selectArrow3.png
drf8e429z5jzt.cloudfront.net/images/campaigns/ 134 B
743 B 7ms
7ms Image
image/png 54.230.95.41
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://drf8e429z5jzt.cloudfront.net/images/campaigns/selectArrow3.png
Requested by: Host: drf8e429z5jzt.cloudfront.net
URL: https://drf8e429z5jzt.cloudfront.net/js/za_widget_348e.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a4355788894a8523107e5f194b18a0396879a69bc12951ab8ccc636930fa599

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 27 Sep 2017 01:03:09 GMT
Content-Encoding: gzip
Age: 27200598
x-amz-meta-cb-modifiedtime: Mon, 04 Jul 2016 08:28:20 GMT
x-amz-meta-cb-realsize: 134
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 150
Last-Modified: Mon, 04 Jul 2016 08:30:35 GMT
Server: AmazonS3
ETag: "a408731cf03644b0a9f1289e5aa6bc77"
Content-Type: image/png
Via: 1.1 bb93dfaee440e32ac88831363641e2c2.cloudfront.net (CloudFront)
Cache-Control: max-age=31556926,public
Accept-Ranges: bytes
X-Amz-Cf-Id: x3EPKZTO1ygX3EEuVhEcjUSC2-_R8Myy2jLulaMNREXEhUW3i11zvQ==

GET
H/1.1 200
OK AddActionApi.php Show response
d2muzdhs7lpmo0.cloudfront.net/php/ 198 B
685 B 146ms
145ms Script
text/javascript 52.85.177.71
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2muzdhs7lpmo0.cloudfront.net/php/AddActionApi.php?customerId=19762010&sessionId=12446077&dbwId=1&sessionCode=327fa8068644ce94d46d41685e25b652&actionsArray=%5B%5B1533674786%2C-3%2C%223303%22%2C%223304%22%2C1%2C%7B%22campaign_id%22%3A%2211637%22%2C%22shown%22%3A%22true%22%7D%5D%5D&callbackFunc=__ZA.addActionCallback&actionPairs=[[-321,-596],[-322,-597],[-66,-128],[-380,-569],[-330,-351],[-355,-376],[-598,-600],[-24,-30],[-63,-64],[-16,-18],[-42,-43],[-45,-46],[-53,-54]]
Requested by: Host: drf8e429z5jzt.cloudfront.net
URL: https://drf8e429z5jzt.cloudfront.net/js/za_widget_348e.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.177.71 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-177-71.fra6.r.cloudfront.net
Software: Apache /
Resource Hash: 187f4fbcd661949f7402e4e25796c8e74f229cef3eb1385491c0566be22a9f67

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Aug 2018 20:46:26 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=UTF-8
Via: 1.1 f17892129c0657c8d9d0809a1b0b00be.cloudfront.net (CloudFront)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache="set-cookie"
Connection: keep-alive
Content-Length: 152
X-Amz-Cf-Id: Bk0JvZdcdBgVpn2GuDbG9lQkqUSvkFVnq57YZGGDlvI_G-KCfDx3WA==

GET
S 200 arrow.png
d3i3ab8sb6dtvq.cloudfront.net/images/19762010/ 2 KB
2 KB 341ms
15ms Image
image/png 52.85.177.71
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3i3ab8sb6dtvq.cloudfront.net/images/19762010/arrow.png
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.177.71 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-177-71.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b684d66a5af424fecd0525c2038a3c08a0fd7ae81f3b0ecdb276dcfc50fd924a

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 08 Dec 2017 10:15:29 GMT
via: 1.1 f32dfb4a33594b7c1c1bbebfe50a0bfd.cloudfront.net (CloudFront)
last-modified: Wed, 30 Aug 2017 12:14:32 GMT
server: AmazonS3
age: 20946659
etag: "97165fb81c6fdb888edef50d0df44a55"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=29030400, public
accept-ranges: bytes
content-length: 1991
x-amz-cf-id: OJQExnEHgpwkRwVUb0f4biylI4vxbZp2fcfaz_H6w0KyyPK_5pRDig==

GET
H/1.1 200
OK zoom-logo-z4.png
drf8e429z5jzt.cloudfront.net/images/ 835 B
1 KB 9ms
8ms Image
image/png 54.230.95.41
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://drf8e429z5jzt.cloudfront.net/images/zoom-logo-z4.png
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9d3f882ba36b5ac8aa7a33812d750efc5ea87f251a2dd7cacae0eae36c7481d9

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 14:13:07 GMT
Content-Encoding: gzip
Age: 27585200
x-amz-meta-cb-modifiedtime: Wed, 16 Sep 2015 12:08:30 GMT
x-amz-meta-cb-realsize: 835
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 823
Last-Modified: Wed, 16 Sep 2015 12:12:22 GMT
Server: AmazonS3
ETag: "f635382bf77987d383051132579ed323"
Content-Type: image/png
Via: 1.1 bb93dfaee440e32ac88831363641e2c2.cloudfront.net (CloudFront)
Cache-Control: max-age=31556926,public
Accept-Ranges: bytes
X-Amz-Cf-Id: sqgdK9T-5S1T-FJvwnJmOoOHumEH8IdcdPpeIXxcuwsK4FkWc286bQ==

GET
S 200 working%20500X164.jpg
d3i3ab8sb6dtvq.cloudfront.net/images/19762010/ 91 KB
91 KB 344ms
18ms Image
image/jpeg 52.85.177.71
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3i3ab8sb6dtvq.cloudfront.net/images/19762010/working%20500X164.jpg
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.177.71 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-177-71.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 14448c3cef1f86ba2021677bdec1e3b797112d989bd2fe89887c90dda5b32727

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 19 Nov 2017 04:21:03 GMT
via: 1.1 f32dfb4a33594b7c1c1bbebfe50a0bfd.cloudfront.net (CloudFront)
last-modified: Tue, 25 Jul 2017 13:07:44 GMT
server: AmazonS3
age: 22609525
etag: "5dec9162dc707ef1eaac7d8f4210931b"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=29030400, public
accept-ranges: bytes
content-length: 93203
x-amz-cf-id: GHqCWT-fPAaiOa_KW5hD0kIJ-ddBCXIzcyN2qtZiSm2udPpkj7PsCw==

GET
H/1.1 200
OK close1.png
drf8e429z5jzt.cloudfront.net/images/ 2 KB
2 KB 16ms
8ms Image
image/png 54.230.95.41
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://drf8e429z5jzt.cloudfront.net/images/close1.png
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8184ee5619d203360368df1ad66fd499a0dd8de9392b6cd1ee4e20c2c5b912d7

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 14:13:00 GMT
Content-Encoding: gzip
Age: 27585207
x-amz-meta-cb-modifiedtime: Mon, 17 Nov 2014 15:38:52 GMT
x-amz-meta-cb-realsize: 2038
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1772
Last-Modified: Fri, 28 Nov 2014 15:49:56 GMT
Server: AmazonS3
ETag: "6a592fd56c3319f8c76010d4aaf3c36e"
Content-Type: image/png
Via: 1.1 bb93dfaee440e32ac88831363641e2c2.cloudfront.net (CloudFront)
Cache-Control: max-age=31556926, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 4_viYWb9skncvkC0cgzzrNn6xAoSUFxp4y9He92xUmjMWBMQVTIjog==

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame A388 42 B
110 B 15ms
15ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEWtsyEeTdv2mruUBDtGzm4U5K3hrKW-Fb9k6_LwqQ1EIokkSwsvSQB7h5RMD0GdXr47TZ1qs7wlJYmw5HB21B7_kuvgJVbtY&sig=Cg0ArKJSzCnW7RTtUHePEAE&adk=1008871096&tt=1069&bs=1585,1200&mtos=1038,1038,1038,1038,1038&tos=1038,0,0,0,0&p=256,443,384,571&mcvt=1038&rs=3&ht=0&tfs=28&tls=1065&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785719&rpt=409&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-63-29--1-376-3&tvt=1048&op=1&r=v&id=osdim&ti=1&uc=15&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=126x126&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2E67 42 B
110 B 15ms
15ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvctvs6STS4X9wykkS4zacSOBPE6AkJVSChLkXKdnOID4GZGfdFWWvgaM7vCIdctOgW7OrB5KLbJJujdnzQxInSWftMgyJc1E0&sig=Cg0ArKJSzPVwhog8XJhpEAE&adk=3389671593&tt=1069&bs=1585,1200&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&p=256,309,383,436&mcvt=1039&rs=3&ht=0&tfs=27&tls=1065&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785727&rpt=399&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-63-29--1-376-3&tvt=1048&op=1&r=v&id=osdim&ti=1&uc=15&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame A030 42 B
110 B 15ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst-8ZS4iLCGm1S0szcWJNXrzVrpDA60YX1WZI0w-PzixneAS8jwzUwD16QK4w6Qz38hkU5NeEC3cyHnES7YhcZFd9tTeeo2j3I&sig=Cg0ArKJSzOlu9LIR0y8CEAE&adk=2315662090&tt=1069&bs=1585,1200&mtos=1037,1037,1037,1037,1037&tos=1037,0,0,0,0&p=391,444,518,571&mcvt=1037&rs=3&ht=0&tfs=29&tls=1065&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785739&rpt=390&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-63-29--1-376-3&tvt=1048&op=1&r=v&id=osdim&ti=1&uc=15&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0B74 42 B
110 B 15ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssuhCQNKKrZLI2RYBdt5TGrzENStInGPKnoZtCnxF5AE0hcxD75BH5F7rNO3nxFau84-nySMdzfNCQxUBl3aQbnPQAw6yhwiYE&sig=Cg0ArKJSzHIZRjBJ8rcREAE&adk=517171833&tt=1069&bs=1585,1200&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&p=391,309,518,436&mcvt=1031&rs=3&ht=0&tfs=34&tls=1065&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785746&rpt=388&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-63-29--1-376-3&tvt=1048&op=1&r=v&id=osdim&ti=1&uc=15&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame AE35 42 B
110 B 15ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstlEmKX6qkLWLZGzGUSvYk25-fTyhEjfnZLCZ5IXdE_FhOLloKZcuXZuCqSAQ8NZMT1i_1PI3m1tt9giDPmCweO_wvUXeLCs0E&sig=Cg0ArKJSzNWk3QLrTwTlEAE&adk=3018266717&tt=1069&bs=1585,1200&mtos=1030,1030,1030,1030,1030&tos=1030,0,0,0,0&p=526,444,653,571&mcvt=1030&rs=3&ht=0&tfs=35&tls=1065&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785750&rpt=385&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-63-29--1-376-3&tvt=1048&op=1&r=v&id=osdim&ti=1&uc=15&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 59E2 42 B
110 B 15ms
15ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstcPMpZxgbrdwzaRj7_Ni1ztgsmuyNxdOqfhWnxw6dmCHKWx1zLL5VcMdMsRVknN1q7e3ylEZkEu2lCqszEoTrr7jP6cONNvsE&sig=Cg0ArKJSzMWAwzEcqHMEEAE&adk=1856787216&tt=1069&bs=1585,1200&mtos=1028,1028,1028,1028,1028&tos=1028,0,0,0,0&p=526,309,653,436&mcvt=1028&rs=3&ht=0&tfs=37&tls=1065&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785769&rpt=368&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=-1&deb=1-0-26-63-29--1-376-3&tvt=1048&op=1&r=v&id=osdim&ti=1&uc=15&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Requested by

Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 nr-1071.min.js Show response
js-agent.newrelic.com/ 23 KB
9 KB 6ms
6ms Script
application/javascript 151.101.14.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1071.min.js
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 20:46:27 GMT
content-encoding: gzip
x-amz-request-id: 481FE111768851BD
x-cache: HIT
status: 200
content-length: 9086
x-amz-id-2: 0YRbL+xndniUNryTFyPMh7blhTKIHFgax7VZOYNB0faQOHdTX/PT1kK81w0HdqDzPFNiC/1Ey3g=
x-served-by: cache-fra19129-FRA
last-modified: Wed, 28 Feb 2018 23:33:31 GMT
server: AmazonS3
x-timer: S1533674787.261659,VS0,VE0
etag: "a1a545c95f313a230157b47dca555c25"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2431

GET
S 200 chartbeat.js Show response
static.chartbeat.com/js/ 34 KB
14 KB 114ms
69ms Script
application/x-javascript 2600:9000:200e:fa00:18:1fcd:348:2461
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.geektime.co.il
URL: https://www.geektime.co.il/sub-domain-hijacking/
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200e:fa00:18:1fcd:348:2461 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: cb9babbd8dd457f73a6d5313bde435278858e7a8de71b03c0ae6396526baaffd

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 07 Aug 2018 19:11:28 GMT
content-encoding: gzip
last-modified: Thu, 07 Jun 2018 02:33:28 GMT
server: nginx
age: 5699
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
x-amz-cf-id: lSdwWS0cKXLguPK5Io-OXf5PLc-Hk2RJFuP3McBBbz8s-GFHkIuUHQ==
via: 1.1 e482e2c19d6e57adc72e19f731c7bf44.cloudfront.net (CloudFront)
expires: Wed, 08 Aug 2018 19:11:28 GMT

GET
H/1.1 200
OK 56595e2f7e Show response
bam.nr-data.net/1/ 57 B
261 B 110ms
109ms Script
text/javascript 162.247.242.18
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/56595e2f7e?a=154326587&v=1071.385e752&to=MlABMhACXUtZWkENXQsaIgUWClxWF0pcClUJUA%3D%3D&rst=2875&ref=https://www.geektime.co.il/sub-domain-hijacking/&ap=2856&be=140&fe=2847&dc=994&perf=%7B%22timing%22:%7B%22of%22:1533674784409,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:7,%22c%22:7,%22s%22:12,%22ce%22:22,%22rq%22:22,%22rp%22:130,%22rpe%22:155,%22dl%22:132,%22di%22:715,%22ds%22:994,%22de%22:1148,%22dc%22:2847,%22l%22:2847,%22le%22:2862%7D,%22navigation%22:%7B%7D%7D&at=HhcCRFgYTkU%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1071.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.18 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-6.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 29B0 42 B
110 B 15ms
15ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvO-AN1G3wWgVVsY0Bx4sv3jYZfmd6-A81GmAScKD857c3b_zWfpEHvzENEvc7CISX6KGX8TJGbaiE59IIRamldyD5MzKDB7T0&sig=Cg0ArKJSzG8wxWrCMUSOEAE&adk=4014738975&tt=1265&bs=1585,1200&mtos=1142,1142,1142,1142,1142&tos=1142,0,0,0,0&p=82,259,169,1325&mcvt=1142&rs=3&ht=0&tfs=120&tls=1262&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785696&rpt=464&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=1261&deb=1-26-26-66-30--1-651-3&tvt=1244&op=1&r=v&id=osdim&ti=1&uc=26&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=1064x85&v=r20180801

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1945 42 B
110 B 14ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkCBegwah6lkXeqCwfEkebiqVfB55g6mA-rF7UMb6-syNCUrgxulY3yDeqb47f0ckRV8MmcqEqWA1HNesf2gesRgwwNg1qpoo&sig=Cg0ArKJSzKNBd-oAYViHEAE&adk=1100542113&tt=1265&bs=1585,1200&mtos=1099,1099,1099,1099,1099&tos=1099,0,0,0,0&p=661,444,788,571&mcvt=1099&rs=3&ht=0&tfs=163&tls=1262&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785754&rpt=497&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=1261&deb=1-26-26-66-30--1-651-3&tvt=1244&op=1&r=v&id=osdim&ti=1&uc=26&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B760 42 B
110 B 16ms
16ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssY59FembSvk8k7XsQw44fetB3JvkXvNgbocm_ELQt_Qg9jnU8ocaQMJoE4R4n5HjxljZXezDQQQ6DjC5RWfBL4WGnQcSkmi9A&sig=Cg0ArKJSzEdk_vnDyDPPEAE&adk=3054857422&tt=1265&bs=1585,1200&mtos=1094,1094,1094,1094,1094&tos=1094,0,0,0,0&p=661,309,788,436&mcvt=1094&rs=3&ht=0&tfs=168&tls=1262&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785759&rpt=509&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=1261&deb=1-26-26-66-30--1-651-3&tvt=1244&op=1&r=v&id=osdim&ti=1&uc=26&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=125x125&v=r20180801

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DA13 42 B
110 B 15ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstWgGpVbnNkXnCsAMRfsJa7Omms-2VFrC30li4gQl3pFBvyTdWCx11ClC_ZBuZ9eqDufwUQQiCkcXsndIOSW7s50gvqY_5rtZo&sig=Cg0ArKJSzOjOFvDiYFgHEAE&adk=1886321011&tt=1265&bs=1585,1200&mtos=1091,1091,1091,1091,1091&tos=1091,0,0,0,0&p=806,289,1058,591&mcvt=1091&rs=3&ht=0&tfs=171&tls=1262&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1533674785765&rpt=506&bos=1600,1200&ps=1585,10227&ss=1600,1200&pt=1261&deb=1-26-26-66-30--1-651-3&tvt=1244&op=1&r=v&id=osdim&ti=1&uc=26&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=300x250&v=r20180801

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Aug 2018 20:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ping
ping.chartbeat.net/ 43 B
213 B 391ms
103ms Image
image/gif 54.221.210.243
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=geektime.co.il&p=%2Fsub-domain-hijacking%2F&u=CntyRlBn6mF_C5clb9&d=geektime.co.il&g=3181&g0=%D7%90%D7%91%D7%98%D7%97%D7%AA%20%D7%9E%D7%99%D7%93%D7%A2&g1=%D7%9B%D7%AA%D7%91%20%D7%90%D7%95%D7%A8%D7%97&n=1&f=00001&c=0&x=0&m=0&y=10227&o=1585&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2847&t=BS5RSaDkbe5ODYaf0FBFoWjPCeaMTB&V=106&i=%D7%9B%D7%9A%20%D7%AA%D7%9E%D7%A0%D7%A2%D7%95%20%D7%90%D7%AA%20%D7%97%D7%98%D7%99%D7%A4%D7%AA%20%D7%94%D7%93%D7%95%D7%9E%D7%99%D7%99%D7%A0%D7%99%D7%9D%20%D7%A9%D7%9C%D7%9B%D7%9D%20%7C%20%D7%92%D7%99%D7%A7%D7%98%D7%99%D7%99%D7%9D&tz=0&sn=1&sv=BAbrzVBlxy2DLh2_ZBykjgwCDRWVj&sd=1&im=067b9ff3&_
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.210.243 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-221-210-243.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
S 200 r Show response
amp-error-reporting.appspot.com/ Frame DF0B 2 B
155 B 154ms
118ms XHR
text/plain 2a00:1450:4001:810::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011533168552513/amp4ads-v0.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:810::2014 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.geektime.co.il/sub-domain-hijacking/
Origin: https://www.geektime.co.il
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 07 Aug 2018 20:46:27 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 2

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.outbrain.com/	1970-01-18 20:10:50	Name: obuid Value: 82b2cfe1-c437-4175-8bce-a5402d4355ee
.outbrain.com/	1970-01-18 18:11:19	Name: _ofcap_DOC1 Value: AG8AZgBjAGEAcAACAAAAAHlcqywAZAMCv4oAZAMSryMAZAMgngQAZA==
.geektime.co.il/	1969-12-31 23:59:59	Name: incap_ses_260_1337684 Value: AL/sBaJK42Vb/th7SOubAx8FalsAAAAA/UoZiBfvxgYwYxs5lCPanQ==
.facebook.com/	1970-01-18 20:10:50	Name: fr Value: 0fRqRXhmr2cCHn8WK..BbagUh...1.0.BbagUh.
.geektime.co.il/	1970-01-19 11:32:26	Name: __gads Value: ID=74a56b73986488d2:T=1533674785:S=ALNI_MYkZAl2vNc-OCPfZKWad2UN7UecNg
.geektime.co.il/	1970-01-18 18:01:14	Name: _gat Value: 1
.geektime.co.il/	1969-12-31 23:59:59	Name: __za_19762010 Value: %7B%22sId%22%3A12446077%2C%22dbwId%22%3A%221%22%2C%22sCode%22%3A%22327fa8068644ce94d46d41685e25b652%22%2C%22sInt%22%3A5000%2C%22aLim%22%3A1000%2C%22asLim%22%3A1000%2C%22na%22%3A1%2C%22td%22%3A1%2C%22ca%22%3A%221%22%7D
.geektime.co.il/	1969-12-31 23:59:59	Name: __za_cds_19762010 Value: %7B%22data_for_campaign%22%3A%7B%22country%22%3A%22DE%22%2C%22language%22%3A%22UNSET%22%2C%22ip%22%3A%22148.251.45.254%2C%2035.158.136.162%22%2C%22start_time%22%3A1533674742000%7D%7D
.outbrain.com/	1970-01-18 20:10:50	Name: obuidt_a5402d4355ee Value: 1533674785609
.geektime.co.il/	1970-01-19 11:32:26	Name: _ga Value: GA1.3.950697005.1533674785
.geektime.co.il/	1970-01-19 02:46:50	Name: __za_cd_19762010 Value: %7B%22visits%22%3A%22%5B1533674786%5D%22%2C%22campaigns_status%22%3A%7B%2211637%22%3A1533674786%7D%7D
.geektime.co.il/	1970-01-18 18:02:41	Name: _gid Value: GA1.3.1169463901.1533674785
.outbrain.com/	1970-01-18 18:01:14	Name: recs_bb6b03c5cf4fca583eeb14409ebfa091 Value: 0B2036116268A2035071877A2037130625A2036208806ACD1
.geektime.co.il/	1969-12-31 23:59:59	Name: nlbi_1337684 Value: 8fWcWDZTbRcKvV91TLwJVgAAAABPDIhUatlgpshTVQMlo5FL
.geektime.co.il/	1970-01-19 02:46:07	Name: visid_incap_1337684 Value: zMXFtUoiQdS8ZKEkxUUwBB8FalsAAAAAQUIPAAAAAABgWvR18Ps2Ie8Wjekz/ZI7

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://www.geektime.co.il/wp-content/themes/geektime/widgets/insider/insider.js?x35493&ver=1533580828(Line 6) Message: can't call "getInsiderWidget" function, please send valid parameter of target selector string!
console-api	error	URL: https://89915812.adoric-ads.com/adoric.js(Line 1) Message: _Adoric_error: TypeError: Cannot read property 'setItem' of null
console-api	info	URL: https://cdn.ampproject.org/rtv/011533168552513/amp4ads-v0.js(Line 520) Message: Powered by AMP ⚡ HTML – Version 1533168552513
console-api	error	URL: https://cdn.ampproject.org/rtv/011533168552513/amp4ads-v0.js(Line 86) Message: localStorage not supported.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

89915812.adoric-ads.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
amp-error-reporting.appspot.com
bam.nr-data.net
cdn.ampproject.org
cdn.enable.co.il
connect.facebook.net
csi.gstatic.com
d29k50lkkhkjby.cloudfront.net
d2c0t36xs14iag.cloudfront.net
d2muzdhs7lpmo0.cloudfront.net
d3i3ab8sb6dtvq.cloudfront.net
drf8e429z5jzt.cloudfront.net
files.geektime.co.il
geektimecoil.api.oneall.com
images.outbrainimg.com
js-agent.newrelic.com
log.outbrain.com
odb.outbrain.com
pagead2.googlesyndication.com
ping.chartbeat.net
platform.twitter.com
secure.gravatar.com
securepubads.g.doubleclick.net
static.chartbeat.com
staticxx.facebook.com
stats.g.doubleclick.net
syndication.twitter.com
tpc.googlesyndication.com
widgets.outbrain.com
www.facebook.com
www.geektime.co.il
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
104.244.42.8
136.243.63.184
151.101.14.110
151.101.14.2
162.247.242.18
172.217.22.66
192.0.73.2
2.18.232.28
2.18.234.190
2400:cb00:2048:1::681b:a790
2600:9000:2002:3a00:1f:ed15:a600:93a1
2600:9000:2002:9800:1f:ed15:a600:93a1
2600:9000:200e:fa00:18:1fcd:348:2461
2606:2800:234:46c:e8b:1e2f:2bd:694
2a00:1450:4001:810::2001
2a00:1450:4001:810::2014
2a00:1450:4001:817::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:81c::200e
2a00:1450:4001:81e::200a
2a00:1450:4001:820::2002
2a00:1450:400c:c06::9d
2a00:1450:400c:c0b::5e
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8186:face:b00c:0:50fb
45.60.47.210
52.85.177.71
52.85.245.90
54.221.210.243
54.230.44.175
54.230.95.41
74.201.198.92
008ba97d2744e7b0e9444cf7e2482ac97d5ae4c0edf4c19348b33f2aa204ffaf
02b3e58eb3c170cccf25b3e6d6a6a1b10a53b5a9db3dbf275594de21799c21b8
0375d9cae30ba703e380705d2b2ec49b2a32c9836cd76d10e5ebd75c36dc9881
04093e689c7bc91c85ce0032f11d4054c4a2200840fc4dbec42a971ad0da205c
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06166286ca3df71a4cf13c2af4eca50784a5bfc4fb137021dc211f9b2c1066b7
0878e78816bca2997416f5a09211c2897fc17ee086774176fd2c8a580eaf788f
0a333d7889dfbee195a7219b3274485b93351142969b5458c4d9c15dd6a2c083
0a3bdd8d1bbe7f0fe01eb34f5ca937c08033edbc2febeb1742ef6b3f1b846fbc
0bcd692ba843c2535734127f8a23443fe95c6eedf06d1d32693a7521456f68b3
0f7100ecfbea17a9b9a38e793ef35534f05d1c852c3af91bf1ce8bc05a92a0d2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11345f31322926daa557eeb9c4adaefde6dd433b88e2c5f14adca26bc205f0d7
12e4d16e573d049a5601c5eec6f9d0239cab3311acacb6ebeec4fb4f1adac952
14448c3cef1f86ba2021677bdec1e3b797112d989bd2fe89887c90dda5b32727
148f0c71dd7ce39afae6ba47bf737657dcb983a70cdaff9c53c287e1a4f20b6f
1769731061c6f05bc603f75792b72bc1aa22e29f5dafa9b1ec9a68398030b556
1799185b58ab125b62d6b3887e652218ec489773a7f9edf1ec4b899a42ee039c
187f4fbcd661949f7402e4e25796c8e74f229cef3eb1385491c0566be22a9f67
1899753bdf59777889f349744f4ad783b8da2f85b31f0147a3edb94b5db99ab9
18d6b5768e277123f7cef486176e5cf5bc8a362a6b981e2faeaf2e5303324e4a
19ac2a5dec18de96af24f5d8da292bb5515a44296811ca115cd047b5a17c5179
1a2fcea3847d29436cb6c465b7c65413fe22240ecc9b7184abb7bc65e97db9f4
1a9eebdc31e86178ee372c00a9993914de2f4f14381a2772438fda00d22da436
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
1c9d00df117d6c1a27fdf759fa06ff4ffb7dcba92bdf2f15cca4532e8ecc3d55
1cbc5f96381bbcab87e4d03bb2f59ba20534469c88a13b265c11b580ea0c11a1
1ea31985947b3903220f7059b406875f234840aae132c6a3f23edec4a088b772
1ff01a7ae67178a2091e5ff6fac3c9bb3aad9dfd204dfb6a15ebf3dbc1ba59cd
204563d1794ce01cdaced70253b393d683ea2794f7b9f7847674324705966162
208e7dfb8897d244b166f2becabf3823d6bfe440fc484310070478bbc6efabf5
212643044af8cfdd92cbf8ad7392b2ba604f5e70e60e26efc7bc704b792d46aa
2276c4652aed67dc1f63d3c79c0e93d3a5d98b4121f1fd1f2a035ba56e93ce45
22896f8e3db5cc4458cd24273d949898eaa8db677372beeddef29903a5564565
228a1caeea9985f0636c71d57562bded62958cd73ef1d25b13577135810e81c4
22987271a9db59c5c4749fcfcd07dbd2a2c1b4b4734e8a2c6b760d850d2edab3
22a63798dfc04117296d0d0aaa9e426e55d6bd43aa7e2f79d898e76adc918e86
23cfd905cc3212cfd17922e360ea93f2e893b5273fbe1e104a092e35af329e11
24f099c92866d88ba834404372c3c1ad21bf305e9c501cb8089e520fdd3a63a1
2684bde8e94b03118572440aacdac0ede86141c45eb6802cd6d0b55a971601d9
27eecbbd20f875d179cb3fd9430b864382189112a700ef87744bc694963b6308
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2dabb68cc274e4c809640bb7baf9e7fcc898fdb0d8d16b825e1055e5fbd0a944
2ec83a308ac8145fad56f6cafa5539065ca2125be89294950e0b5c38d4f31427
318e620f71199b8c51e3bc6bd8be989f73c4f4a115c19bb28d13752b7bcb3608
31be7b8212ca468b7cb223642570c662f25cf9b6443cf164fc6b0a654cb0b087
32c3252ea737fd55e44434f8ac436f4fdb44a7ea32cd721de2e6ab9f67cf7a7c
33e5633e0d4c8b475013d9937639fea6ad767fae6d5772d0050cd3eb1b79c911
360279a2268de57bb2ca84fb3fd3eab5c87d1dfc090b44ac36a4c4af58f51a4c
36618cc83f71bf0f34f4be177ee4ecd1bb6247e1ad854d573e868c8d13d3c4db
37a3bd7bc7328f0ead2c0f6f635dddf60615e676e6b4ddf964144012e529de45
3c278f9f1215a62b2a7050f6a9dab506ccde383318eb132585b3c9401c414c86
3cda7b7d37cc3fe2f8ab8e168c66e390e7ad152839e0d90a8986ff1a970bcc66
3dc05e85049c8dfa6ca4868bf9c5570a6128c4b4bdac0b073d88826b5c211a55
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
3ffe72ec886b260bd3fbfb3047fe92e3a78d874d18d46269490dc63536a9188e
40c2df35f1dc731fdf432146528e5d6255ed545bd7d928f188f1cb6e5d9ca183
40e8db13f44571762fa6e5704ca8bb1a73c2cce35e83603e9ac131ab8127db7e
44728f6f40b060ea8f79068188b77b261955a32664eb89e7ef645e75cdba4111
44d45b5b1597f9fdcf7789ca9c65a15e1df5061d8a6e57b84008e251b55cbf11
4510ab210aec47aae080c12222eec390d161cc1df39903b7d913853360215fff
45f398bf1edd8f8578e6465d82f840e7c86dc76d6c6259315133ee55b2ed7ff1
4949e7caad645b93da53e2ca080e6abd82946f60113eb8a5734e231d14c99283
4b4b11cc882379b04a094a4250c36ffbe3a699b626d966302cc9378b625c3128
525182226fff7487114aa5395a800ac612f5e23f034fed48cf2691a06a39abc4
525e66f2e5c00d2e162a78a2292fb7643011a5cc51b799b3c518c012911d4138
55bd462226c18a45c9d76d8677480bb8d12109d268071c929ff2c20dbbf7f1c6
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57b939134c767c30d52288f097418952db4c6898c53643698b469d2ab228587c
58215e9ae0354094337a2ee46b7faa4a84767b31dd55b8756381f5862d4a2899
58720307d768aa7981cb49516d5b0296322bb169a62cc8ac04a4d514c86251f8
5ad7197631453613fe1e6a9a8c132ec4b7569ed202b3dee70a5b23471de38bf9
5b2454f13e616245b06b5101d8cdf16d679ca364b3b45d8ca1cf4dde79ffcf60
5d6ea0354e46411a4768146fbe42d75c1a94c0ffaf036080f30c64bbc2538365
5e37c3d26457aee8229bd15d720d6b796669e4e95cfdc624ad6450ab6cf6486f
611557bc1967c8d08b2b65b4b44cd4ccd63652995c09a3cbbad8e62cf355cca5
6179580d96402085861df064616068ac1098d121fad2ff70d260235afe9563bf
62ec76908054fdd23d0d11b92f522dd7c95b7547a515badc184e9776e178c1ce
633ae5bda96bda0811aa1e5f401fb16ec7efcbde386166fd8a6062ae3ad1093d
636f52528d61a565f93b83ec8fa646435c1b64f67ba5f4db64314f1692214fa7
6546ea7bd057a25d0198ff233e30008c8c8f99bcef163ff487a255db68577007
65874210d095ec7cfb1d8c9a98e3d0cc2e0bf5d700b0705b246353ce42fa98b9
663329b35c6942305e6952c474e878c87bf84ca2317ab0c59e0dd976f40de2a0
68da1f260e79b15d2d5ca9aee0b05e2243ee47cca9d732b3625f4bbb1b77b8bf
698d325d67773d4672cccc9731da6fb461f710e14c92656d31d3591861a34963
6a344abd2c828a3ed59e48715d8ba4c63051502a6a45d248b3f2ee6703c96325
6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
6aa77f37462df432b67f5385517da06bae358e57f3cd1367eb08546df0fe4264
6b518d799a86766cd92562bf914e914f7d1614b2d740ce8a9f94c08475093d51
6c3c022b6d502745353913db0b96274f2f316a056b2b5fd7018ea23d1ecdbd9c
6e3d70da06fa9d78f0635116e1ecf517d343f8f66872a945448abb660ec69124
6efaad1ed2b57c0d6896c4b93967f13d7fc544e6b73a50b3ca06172291b8865f
70325c9ba463b00ed0b5b5c3500f36b00b92a4e2283d4c278b60039aecbbfdec
70a5a83735503304b267717c6034a58b170316e74dec705e0e4f786f8f04c726
715fc3267a9e21a3a29209590eb541818f2a8e905f76ff7c8726db8cfad82675
71ef2be76ecf12f431795805b6bfb5a20523b7692be0e6106e8e2d18d3d33632
72287519988bf32a51797a3e4529f1945197247996a9e7cd19437566ff5a0308
724e73bbd044c77c989432766a913714bf52128d4111cfd8b49e2f45595dd837
72f948aef2f06d5980fc2b24ffe05ddff22137bcd654572c47e15863281ec3ce
737463e0eb6b1e1ede3caac19811311bf987f649d32913f87ee0fbb07f6d0200
738a1aa9736899876992eb810f169b3e682bbdbe12ceedccaa2914ebbd1c11ac
7527402fd66f9aad2fad1a73b857f53149ae13e9570d267cf59441e53a954daa
752df758c0fc34e6a6c0459a43d88fc37d622528b45468b6be5db2e95a0b86cd
77846554e574593c5f132836a95feb3c24a6ddff6a52a7240297731c7415b4a0
778b4ec12cc2cabb37a28462dfa9dc3451d81f68f84f707d33127e0ab9601b86
77d3ee8b636b3b821e24ca9c40ede8ec0e214097ed01dba8feaaa7e55232c8f1
77f703c4f140a4a24d0fb351cc4e36716ccc4e7c5cac201f28b09a31d5f84f67
7b8a9cf1e0b98f6c2bbd9c140a54e84b4a9e2b9db7bd61063064f987841e94a0
7bf386cf0cffe89f0f0937f8c2b4bef5e4fa5c4d1d4c0ed4873af5ac2e87f51d
7ccc6697afe14eb6322e9348dbe173e27ccc81e003342d91f29471627721dbf5
7d3b068f04726edc36c3eeb66b5d97c5aa692e418945d20f4f4505706183b3fd
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7e61b6470d6bc14c919fd962e1c4624900a5a0bd7d17d8ce163c8ffb160819e8
8184ee5619d203360368df1ad66fd499a0dd8de9392b6cd1ee4e20c2c5b912d7
83119d8b6e34c424cbc88305b0fd2d2146d3c5f79e5bdd289d4d55ed35db72d6
8328719a02f2cb646430fa7bf81b76a1a327e3e9a2dda6995b6d7e9d3d154877
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
841e51f02812313861d79651021e1bfdcb966aaa484871437158e58350dd2364
844f9732695f73389b36a85df23207e9522fcaf9017f28a24b76d14ca1ff3307
853069c5c0b7677ab2a8191a390ac98cd35dd3d09515cc100d6827e656c803fc
86091c7144ca02cd813d34991149e8517f91c5c88acaa6fe531e7ed2a356b9ed
86b0044f1965f3cebf0a2e54758ebe7b9ec75244b75886646acf078222af6c50
892550c2f7e3a2fadd14b29dd50f9492a2ef5ea402d8cae6989b20a29322ed2b
89b8af7f459c9606f758655eef80da8346e96fce5d8874edab9b5d5631fc1bc1
8b39ea2d5e637e7d8de0e7ea8dd05f3c8c620dcc19206a5d7b576c2f6cecffe0
8bbb61e038c09003a96ceac9b033b487e17d59b187aba6ba1f5738ba51b6fd74
925512d66ea196076682aa29dab7bf3ff3bacb8a4a9ba5251dd0c631f8e7d2c4
93322785dcdbe5b5fc6d43db0795c0cfd339f9307da5014fbe7fb8798df3bbc2
935d1b43ac576da5865a37515a61e46b8887650b7cc7442ce46905ba9e1d493c
946c1706aeaa9ad3b5bf250fe8f5bde147f2ccd22c5054d29cbd14d97eefdeb7
9590bb52a00d0f8a264332a08ff088c516fb2f04fd33efa5738dc689b96abce6
95ab65273d4f8736a1b539178ce47ea8b481fd2f11f4b736ec17800274c0a0b1
97d075973a3cfd6831376dbc388e3ac8bb592aa93c5bdde8a6583ef2f741474a
9988945bb423eed2743fcfdc1d2622af3431722fd4f3a29c93474c0eec7419d4
99a0cc2e26cd8bcf6be423f397fca4e590241e7ae28db7e9fb1b0a572c715acb
9a4355788894a8523107e5f194b18a0396879a69bc12951ab8ccc636930fa599
9b2bcb63b668fb622a1e7445096b8ad89857c1c33e1e9cdcd3c239cfcb787b71
9d2b25c42be6d0e04de1e1311f439098212b4d1422b9d8891e2fddee68cb7e41
9d3f882ba36b5ac8aa7a33812d750efc5ea87f251a2dd7cacae0eae36c7481d9
9deed3709dfd7f7910b6e686ca417ff3e49fc4fa8b7d9a1cab87e15477872ba2
9fb5ba492d85eac12ddd6da3362f0896117bd3691846bd4dcb3b9e51ecfe762a
9fd7e7878bc2008a0f22feedd5f449f6aafea6cbbd0fa72197ba06b4ec971e23
a000cfb886968b9b8408c78c30e614914fbb6787be460321330ecba8b5f410fa
a0be121d953691a90de00ce456caa95ba8fc6ced658cd50f9ab66a84ccd246a2
a3e871b7d7f60fe98dd383dfc253b6aa56c1b00d9685ba3fce8686cee31a69c4
a41212d22124dca99b596be6f72e026a91951a30bdf6e2c34a5144f7841a464b
a47eb2a049419655bdd5f5f9f9ac681b474778d4e22da74596fb8fefde277fa0
a5cd8a82c8f3cdd485d0a2c5150cc76aebf357481c9529a535e78e3d1321676c
a67a1fef37f113ae2b73e8fbcb611cd2db6f97ada4ef7aab05c45ebcd5c0fbf3
a6a3b8e9bc88946f5d002772fee42686a7539713f777b242d288d15a99fedb73
a8eab3db9dd20f6a2ad02452fecc5db4d4051c2a5c8368b956ac2b2fbdf9d4a3
a9c84c1be59c044087f641f4b76e4d148531f68bedcb71d1a5c373a0a546fa4c
ab3a0a67390def19ea098e1f7a13a2be2af61fa50d4404c2400ebca2c5b7a603
adeb590fa7857c3c38ba7d9bb556e2d0d50058bc4552f6a0714d390bd86c66ea
ae7eb27278ddfe9e2ec41b2626d186ba0e0d0ae4e55bc8b4f70a18471d557210
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b09b913e08fab359e017940041eb480f3447783a3bb2fc805cab0378c374024e
b0b3c8f57bae0e0f2240b410e306fef853b90d73d16eef0e28d6be3d8810e589
b0fc3a1a1e83521a68f7e800ee748ae313de181958e1ab587b434e9136a9a516
b113823a6472233cac041732b6d7b1558001a95e9a0d990be0156441e1ef0eaf
b55d475700b26979db3cc124b0680a5e1cc7cdd30a0f1281ebe2485cec1127fe
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b6143b6b4d86918d18cd84b60ae0f37f74522fc145896a4f9645746070cb28d4
b673c2c9beeed79840bfa30a084aff7134a289f00f3a64e318244f3a30577984
b684d66a5af424fecd0525c2038a3c08a0fd7ae81f3b0ecdb276dcfc50fd924a
b7e3972b72883c7e89f294072595f195faec95343ccb2b1b50d5ca706647f1b3
b85e3c3d4eb1aa3372ec7548d05a9065630f87c3cab8d7f65983b8b25df47522
be089916f0daa598e6b1a8470e1ec90b13314fe54618706b3e01cced331d9337
c0a7b7b39297e2aa6d70e15c56eee918cfe6c14265b5438aa6446c8a47dee8e6
c13ccc2804c88b3d8b5332ea1567951173f61839292e8e63ad4eb533071823ba
c160b4146398047774c4d0e00a8b8e3d8a0f0126a7da8cf35069213bd5594d3e
c35adf6a5eb8b3e010a6f002cb9fcd9941b8f613ea0c724da2f9fe39cbe0928b
c50ccf068acb226c5a15e6322a724fae8cec6e6a36412a742a1ea2338ebad8b4
c9b558927a37e59adb70b8b84d906567d44d340905118ed80c0a633d81195954
ca6d57cfee3a41248c7967ac760b85c2424afe4de9ba114c94230c62fb32d47c
cb9babbd8dd457f73a6d5313bde435278858e7a8de71b03c0ae6396526baaffd
cc68cd6051116d5521a1fa8e5636333ce974d91f5dc007d2359300b2d7b995a4
ce56768a8799373c69c80bd891b73971709c7c1cf7c5927d8a68e797200204c2
cf350d0c8194c08a0e549fbad3ed6944aa1c5fc821c630f8619f9291fb5e51f9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf6e922ce5f6641693634211a3e10cedda8625e38d030b543e80d7cbb4973eef
d0df2ff25fded9e43a0cfa5159393d4482725bfb390e8ca94f34da85b5304117
d63f7203aa5f1d2a6a47d1ea515286d195b619a46027aa352587e2f71118f2fb
d839732a2079e6a7b3955d1938fe01cd08a0a210ac0a4c8a27d51caef2cda5f0
d93d2fd3b5eee61794d42a633ad55acbca35f8340732b1411d26fe338db7cb37
d9d50e464740a306424d9b96d66636198740540f8a92fd4a3a51d17c9b52900e
dc086755ad466c79a7c36cf749c8395d39d1a6e9412e29b14a23158eddcf1821
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
dcea5d68f5c4ac88ae98dca8f8a5aa2faafe6ed2f38be4013360f7d72ca955db
dd3b7682f853df302ea3646f1c0ad1293f5918a5699c33516a82cf7d107057aa
deec2a8bb1f58cc22032a11551c936182f34b3faeb693ef3a9536e4c2adfaf95
e087226aadb62a62d70155f11b5fe3f1d320b86fe0f1efad5ef31636ceb252f7
e10fd71086da69c7ddc8300928e89900017505ea1af6198337c54daa823f7451
e1be30e5cd0423ca5b025535c575409ea0e2ef4aa38bfd2200d64b8b426d0570
e27d93b990ec505dd4e040af635af9b8aa77b03fd88a2ba46d28ee08585b262c
e31ed6b8e4408de919ac4c8bad711b3c340501b6ac4ce702d8a44f73faf2d4da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e479afdffad35cdee2e1cd4ff3f63116d27fb2910045e5def8eb4627977f09c9
e5f8d0ce988d869b287f9498b3c779eaddd47b3e19c5fd82fee9f286e8f74298
e849f0463a898427503dd7be590d212f9a6bc6fc9ab50fde1f1edee1f20e99a3
e99477737be95f393f9fc22b8003715a28e9f0d7b322832df252eb461fe81196
e9fc2ebc232f9538cbf39777ed8f7859404f48c1b7435e9a4a31c4de4572198c
ea081aa3fe8287e00ffd3f490871c8fca965c992c0954abd3e65ed123ab18d41
ea2abda31b399e852f749abc8f606aa6759b01b3cb44ce31ba3c92343c13213a
ea375778a23dc3952b223038b42e7d3fd51bdab3ecc3ad53093f30b16ad6da93
eb1527d8e13fd32027d41fdcb6978b55638efcebe7a6ae0236f50fecbc6250fb
eb15f3ae8871ad23912761e2b429dd0eda9b7e870208e96afeebce4e72591e0e
ec4db13b0ab9ab1d19dad36b9d0304cec835a0a20e387357198f0e97bad32788
ed0f05101d480726c58bcd4956a1e7b02f12b538d02058f1b0ebfdabe8a7ef42
ee3f1345921def23f64617ddcaa7439063d43510c69bc4119e899607d510ea73
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3047d41a80348a0f49e0d45162615488ac3c9c1105c3885e91826058add50a
f14da5f7c1b354763b83a4693a5ab31c090d27ffed48a7277c81805fe8c3c3ad
f1d886f7cab134a530eaff578d56800d9ff174a92006062231ff850706399b11
f2500706bf4bb8cb9a571c63e5f08495231324adc2e3ce5e5eef14f41ae0e46d
f2814092c30f4857fc313c8abefbaa7c18a35e2c7c12134f448e3cd81166e2e3
f3895e13214b1592d9afcd937198db48ca9b595f4c44f02d7fff13d384c35af1
f5c38e66c86e21d4595d690c9306412a326c3489d7fc821b1ffb5eb398e04556
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f6d9325b6277dd43c0d927a0d61080bc3f53c509866167cc710c46576ec8aa71
f9a8ec9c485da3e47219c9923e7dbc8966e7b6f54f01ade3fbb4ac136c670be8
fa71e7dc05c3dab927092a72838d3022f4f664fb57e9c63eaf3a9123bb0b26c5
fb18dc303d59ba8d8179acc3414a17ff4ec0f3f33a7417601bb9bfa5941a352b
fb572ddb80148baf463f0fe6c4cd785e0991a4b63ef0aa3c30ff0def31e426ff
fbfed9139e5dbb16fbb5b9f7fbb706aa638e9bb28d27586651e93b787b28f6d4
fd6f7a0a762b822b14435b73390f16b322f7c2088f7d423badb623cfc951874b
fd7663f06e3e570f2a9060891c0d9cc793ea46df0354a2cf7104b1d0f6fb8431
ffb3ea51f7d25a9f40c5f5297875da8833c3752c470071ecb03df8afa58afb4d

www.geektime.co.il Open in urlscan Pro 45.60.47.210 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

311 Requests

100 %HTTPS

56 %IPv6

25 Domains

38 Subdomains

35 IPs

4 Countries

3381 kBTransfer

7749 kBSize

15 Cookies

35 Outgoing links

Redirected requests

311 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 48 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.geektime.co.il Open in urlscan Pro
45.60.47.210 Public Scan

Screenshot
Live screenshot

Full Image

311
Requests

100 %
HTTPS

56 %
IPv6

25
Domains

38
Subdomains

35
IPs

4
Countries

3381 kB
Transfer

7749 kB
Size

15
Cookies

311 HTTP transactions
48 data transactions