reposhub.com Open in urlscan Pro
2606:4700:3031::6815:e45 Public Scan

URL: https://mingw-w64.org/doku.php
Title: mingw-w64

URL: https://docs.microsoft.com/en-us/cpp/build/reference/module-definition-dot-def-files?view=vs-2019
Title: Module-Definition (.def) files

URL: https://docs.microsoft.com/en-us/cpp/build/reference/exports?view=vs-2019
Title: required syntax

URL: https://github.com/erocarrera/pefile
Title: pefile

URL: https://github.com/keepassxreboot/keepassxc/releases/download/2.6.0/KeePassXC-2.6.0-Win32-Portable.zip
Title: KeePassXC 2.6.0 Portable (32-bit)

URL: https://docs.microsoft.com/en-us/sysinternals/
Title: Sysinternals

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Title: Process Monitor

URL: https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_dll_hijack_vuln_detected.png

URL: https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_malicious_dll_added.png

URL: https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_hijacked_calc.png

URL: https://github.com/tothi/dll-hijack-by-proxying
Title: https://github.com/tothi/dll-hijack-by-proxying

URL: https://github.com/marcobambini
Title:

URL: https://github.com/happyfish100
Title:

URL: https://github.com/cesanta
Title:

URL: https://github.com/GrahamDumpleton
Title:

URL: https://github.com/rxi
Title:

URL: https://github.com/rprichard
Title:

URL: https://github.com/faragon
Title:

URL: https://www.facebook.com/reposhub

URL: https://twitter.com/reposhub

URL: https://github.com/reposhub

cdn-185-199-109-133.github.com

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_dll_hijack_vuln_detected.png HTTP 302
https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_dll_hijack_vuln_detected.png

Request Chain 12

https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_malicious_dll_added.png HTTP 302
https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_malicious_dll_added.png

Request Chain 13

https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_hijacked_calc.png HTTP 302
https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_hijacked_calc.png

Request Chain 90

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 109

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B25292919.296712810;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B25292919.296712810;dc_pre=CJD4z5DL2-8CFWTjuwgdpSILlA;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 142

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrk9_CyQEQsAkYsAkyCAHYambP8BMk HTTP 301
https://tpc.googlesyndication.com/simgad/778386939095909474

Request Chain 146

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKGel8t3rdrl-0nw8kC1UHdH7eJDQpU7J_E2rEDzPa84suxFkBY1y6oe_1yjHWXDZtbMF5VQxfA3q9ydNo4G1i2Qrijv99M&google_gid=CAESEEwLfwZZSds3GvzircqHgRc&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKGel8t3rdrl-0nw8kC1UHdH7eJDQpU7J_E2rEDzPa84suxFkBY1y6oe_1yjHWXDZtbMF5VQxfA3q9ydNo4G1i2Qrijv99M&google_gid=CAESEEwLfwZZSds3GvzircqHgRc&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQzNjU0MzU0Mjk4MjYzOA%3D%3D&google_push=AQvitUKGel8t3rdrl-0nw8kC1UHdH7eJDQpU7J_E2rEDzPa84suxFkBY1y6oe_1yjHWXDZtbMF5VQxfA3q9ydNo4G1i2Qrijv99M

Request Chain 148

https://rtb.openx.net/sync/dds?google_gid=CAESEPjaFvsjxjAnypzzYIpy3xY&google_cver=1&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA- HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEPjaFvsjxjAnypzzYIpy3xY&google_cver=1&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-&google_hm=MfkpSIMPwV4vkWOI_xaD0g==

Request Chain 149

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDW-_Qinp2a6zngNTojMVi0&google_cver=1&google_push=AQvitUKLXOXVny5ndgpTsAOinBbQ-aye5z3JLLkLNH-TLnFqRgH6mtu4Sc2I7wlRmjXsNC_bOncZ7S69ULKEC0fiavh6evJ-EAo HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDW-_Qinp2a6zngNTojMVi0&google_cver=1&google_push=AQvitUKLXOXVny5ndgpTsAOinBbQ-aye5z3JLLkLNH-TLnFqRgH6mtu4Sc2I7wlRmjXsNC_bOncZ7S69ULKEC0fiavh6evJ-EAo&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKLXOXVny5ndgpTsAOinBbQ-aye5z3JLLkLNH-TLnFqRgH6mtu4Sc2I7wlRmjXsNC_bOncZ7S69ULKEC0fiavh6evJ-EAo

Request Chain 150

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG9a45POxmnCLSR0QpINZo0&google_cver=1&google_push=AQvitUJtctV2DYrYoREL0itJPtEDTl9i9d_-DxsANi6bteRdxmhVqoC107FLCSosheBKuNxCjfsA4fpxaZ78onR11OnKeP0TKbce HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlYV0UtMUUtTFlDSw==&google_push=AQvitUJtctV2DYrYoREL0itJPtEDTl9i9d_-DxsANi6bteRdxmhVqoC107FLCSosheBKuNxCjfsA4fpxaZ78onR11OnKeP0TKbce

Request Chain 151

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_cver=1&google_push=AQvitUJL5cE9YoEAYAhzgd1Dl1dD_fpFO6WSOnVewDu7lnfIvczjdv-xgdE4djr2UcTjK-ZgqBvYdJf8wUczNzLUDXPl0XSbm6Ks HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_push=AQvitUJL5cE9YoEAYAhzgd1Dl1dD_fpFO6WSOnVewDu7lnfIvczjdv-xgdE4djr2UcTjK-ZgqBvYdJf8wUczNzLUDXPl0XSbm6Ks&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_push=AQvitUJL5cE9YoEAYAhzgd1Dl1dD_fpFO6WSOnVewDu7lnfIvczjdv-xgdE4djr2UcTjK-ZgqBvYdJf8wUczNzLUDXPl0XSbm6Ks&google_cver=1

Request Chain 153

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 161

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHCVd_6oOOy0VAjJq-sgf_4&google_cver=1&google_push=AQvitULPMTg9dQvx9plLs6g6pPrwxRtd42k_kPZWvEwFK1AdI9Ahxeian73jnm13ck2cVjLit5Czd3ql0nE-Ske-uXw_q3fdzA HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULPMTg9dQvx9plLs6g6pPrwxRtd42k_kPZWvEwFK1AdI9Ahxeian73jnm13ck2cVjLit5Czd3ql0nE-Ske-uXw_q3fdzA&google_hm=aTBx0ngHrGE_qAxwo0VNuQ

Request Chain 162

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJOBYE1VZioinaMWmFbznTSsiRj2-Qram25wdpnTzOcA0UftoQmy3obZjMvaolaXk_0WkbMKXnl3VrBOloKBxiERt0Tlw&google_gid=CAESEBAoqjJZPsotbszPXP5v2U8&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJOBYE1VZioinaMWmFbznTSsiRj2-Qram25wdpnTzOcA0UftoQmy3obZjMvaolaXk_0WkbMKXnl3VrBOloKBxiERt0Tlw&google_gid=CAESEBAoqjJZPsotbszPXP5v2U8&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ0NDM0NTczODIwODIyMg%3D%3D&google_push=AQvitUJOBYE1VZioinaMWmFbznTSsiRj2-Qram25wdpnTzOcA0UftoQmy3obZjMvaolaXk_0WkbMKXnl3VrBOloKBxiERt0Tlw

Request Chain 164

https://rtb.openx.net/sync/dds?google_gid=CAESEH2fUH28YDhtETXwbfbHjEU&google_cver=1&google_push=AQvitUJkRTaVX_w3xqPdPRu9rcigZOLetW2ABprjhYRADTbWzVG-UywQCTfMK2jDoODI6BzmOsuDigmJWKkOS8HYR9jBn_BbYx8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJkRTaVX_w3xqPdPRu9rcigZOLetW2ABprjhYRADTbWzVG-UywQCTfMK2jDoODI6BzmOsuDigmJWKkOS8HYR9jBn_BbYx8&google_hm=MfkpSIMPwV4vkWOI_xaD0g==

Request Chain 165

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMp4-gamXjX2F56HIifPEXo&google_cver=1&google_push=AQvitUJB3EFG1079lgZZWbnewJxhZqSyr7TmM30QTIRONk40dMBh2QYACT8fOMCRi7OWU0jMClqoGdQ4jLJo2KCG11hzo9Y_6zY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJB3EFG1079lgZZWbnewJxhZqSyr7TmM30QTIRONk40dMBh2QYACT8fOMCRi7OWU0jMClqoGdQ4jLJo2KCG11hzo9Y_6zY

Request Chain 166

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECXv_HUCjXmNBkCBr9Fd_EA&google_cver=1&google_push=AQvitUIk6As01fug9GGmDbFwcNGw8qWhLwgOpfnbk6GUeuORLYldgTd1UP_GFoi6xm0ptodARCz6-VWvX39vIlepHQuFd4bJIzA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMUEtMUUtRFJDVg==&google_push=AQvitUIk6As01fug9GGmDbFwcNGw8qWhLwgOpfnbk6GUeuORLYldgTd1UP_GFoi6xm0ptodARCz6-VWvX39vIlepHQuFd4bJIzA

Request Chain 167

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFkOqp-IdNXXSI7FfVeRBUQ&google_cver=1&google_push=AQvitUIs8CoCE8WOJMLSR3_If7-JBwtYV_e2VgV4uQNcz9ctWeheD_RvCqJUBkSKBEFZLDm143DlSNYMQqQMQgYEjlaHMIJRz_M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_push=AQvitUIs8CoCE8WOJMLSR3_If7-JBwtYV_e2VgV4uQNcz9ctWeheD_RvCqJUBkSKBEFZLDm143DlSNYMQqQMQgYEjlaHMIJRz_M&google_gid=CAESEFkOqp-IdNXXSI7FfVeRBUQ&google_cver=1

Request Chain 171

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKYXOMKdGMQPqykozrfo6sGV3ttKgIoIzbXhOzaMpeJ--bv2mpS8qE0tKP45DUt_eM3kaTiEZ2QcFgdcusoIWnTaAS09So&google_gid=CAESEAB0y7s0Z97p0pGKZkdqHzM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUdUNGxRQUFBSU1CRkdSUA&google_push=AQvitUKYXOMKdGMQPqykozrfo6sGV3ttKgIoIzbXhOzaMpeJ--bv2mpS8qE0tKP45DUt_eM3kaTiEZ2QcFgdcusoIWnTaAS09So

Request Chain 172

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUI6OPUgo-DQX1Z2zliQQyFlfDxX8YW4p7CMfVKuSV6h1_jkGCcrqW8j_VmPpnDfVnnO8v1Cf37i4VfMOr1PE2wMJcH-rqs&google_gid=CAESEKiK65GhbLMSg90V-8rsFkI&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJXxk4MGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVJNk9QVWdvLURRWDFaMnpsaVFReUZsZkR4WDhZVzRwN0NNZlZLdVNWNmgxX2prR0NjcnFXOGpfVm1QcG5EZlZubk84djFDZjM3aTRWZk1PcjFQRTJ3TUpjSC1ycXM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwejhMUzhBcFQ5V2FPbm9fZDRPODFwRERDQk43RWZSQnI4T2w1bUYwSF85OA==&google_push

Request Chain 173

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJgorWk-BCXyZseOOZi5ZubsfSL_h0emn0NZxrbN6H3vhDLyX43wxhWHgd2sCRqE-vy7SNCe8VyZKX-H18vZKp39JGeqQ&google_gid=CAESEIIUKl5J14HExr6eIrhrxNY&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJgorWk-BCXyZseOOZi5ZubsfSL_h0emn0NZxrbN6H3vhDLyX43wxhWHgd2sCRqE-vy7SNCe8VyZKX-H18vZKp39JGeqQ&google_gid=CAESEIIUKl5J14HExr6eIrhrxNY&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ1MzQxNzYxMjU2MDQzNg%3D%3D&google_push=AQvitUJgorWk-BCXyZseOOZi5ZubsfSL_h0emn0NZxrbN6H3vhDLyX43wxhWHgd2sCRqE-vy7SNCe8VyZKX-H18vZKp39JGeqQ

Request Chain 175

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELaL3zAA3sraSOe6OM7kdCQ&google_cver=1&google_push=AQvitUKn4N9Lt3WSAN1k9pBwI2RFMlfyI9RYm3ZyT72OM20EXupkkJjOkwM12MFU51oKKNyCcwlQgsP7ZhxLbusrHuiFSmpivb0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKn4N9Lt3WSAN1k9pBwI2RFMlfyI9RYm3ZyT72OM20EXupkkJjOkwM12MFU51oKKNyCcwlQgsP7ZhxLbusrHuiFSmpivb0

Request Chain 176

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHYVJnEPaG9RM7fdpEulTLk&google_cver=1&google_push=AQvitULABp8W297iVI3oZxC4pfMkuw1cgF2BZbWzpP3hFq1i1UJWavk81ceIAu3nmezeWR12kwQlwvQ_2-HmAlHE86Wzh_ZaUYk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMjktQi02V0JL&google_push=AQvitULABp8W297iVI3oZxC4pfMkuw1cgF2BZbWzpP3hFq1i1UJWavk81ceIAu3nmezeWR12kwQlwvQ_2-HmAlHE86Wzh_ZaUYk

174 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request tothi-dll-hijack-by-proxying.html Show response
reposhub.com/cpp/miscellaneous/ 50 KB
10 KB 810ms
785ms Document
text/html 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccfb999599bc13a512494a8902dc54b52df32a576d4d888754e09a9558a473f7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: reposhub.com
:scheme: https
:path: /cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=da182e9d5ebb9b5035bd241518ae1954c1617229971; expires=Fri, 30-Apr-21 22:32:51 GMT; path=/; domain=.reposhub.com; HttpOnly; SameSite=Lax; Secure JSESSIONID=25DE1FE15C86F81D9C68C818C5CFBAFA; Path=/; HttpOnly
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
cf-request-id: 092c04178b00002bca8c3d3000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mldRwQMUw7%2BRRvQh4MevaM9zWEVrNX7bKJDFUQy3atV9dva2q%2F5s7ZW4tobLyyljOpScySZ%2Fx78imiCKIB4HV1y4ilQFbNEH2uc3SfL%2FaKpN6HVPVfWJ4mQ%3D"}],"max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 638d0938d95f2bca-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 gXJX4O-a7sW4pxhLqeOXHnQIxgk.js Show response
reposhub.com/cdn-cgi/apps/head/ 5 KB
2 KB 13ms
12ms Script
application/javascript 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reposhub.com/cdn-cgi/apps/head/gXJX4O-a7sW4pxhLqeOXHnQIxgk.js
Requested by: Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90290515ae41184ef4091d6fac3397c24ac73f65fa210a36988ef9e2c75331a6

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 9550592
content-type: application/javascript; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DA4ABC853AF87E13
x-amz-id-2: ZdeZcde1PITyARCvaQktMOEffye4kpEg+Ip15Iz4XBxt5Ib+lwSLUXRuqcpL0BGI6InFK4sx+h0=
last-modified: Fri, 11 Dec 2020 09:35:19 GMT
server: cloudflare
etag: W/"5b6ab9280a31bebf37b78894e22e2f37"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=s0%2BrBOuVZh9OaoqN7HHuwOgZ9KsLMdKH2yjeEXHMyp%2FSGVymbk7AItOlZ%2BGnEFpBAWhL0whdgAeFERoIecluRiC1czItuKYuJ5%2B9YCrVWml2Lr91DIW4mF4%3D"}],"max_age":604800}
x-amz-version-id: VACryWn2fZRoHUZf9svMw4Mpav4KLVEl
cache-control: public, max-age=31536000
cf-request-id: 092c041aa300002bca9b213000000001
cf-ray: 638d093ddf0d2bca-FRA

GET
H2 200 animate.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.2.4/ 76 KB
4 KB 14ms
13ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.2.4/animate.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beb80f4a99765b4f49de47eb6d0df3a59e31b61666514aabbe4c23dfb1c09408

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 8274490
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3968
cf-request-id: 092c041aa300004a85448e5000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d2a-13088"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6oay9reBHXzKMvg1IJhwz4mRg%2B5%2FqcPX8sKknVEK3o8oMisaximP3GkwEQPmixWb0HoWLmCdkgsJOPVJ47qw670U2bzgbZRVUKF9DlXEfhNtlWYuv6a6VS5IXZPbWQqooQ%3D%3D"}],"max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093ddae04a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/css/ 120 KB
16 KB 16ms
14ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/css/bootstrap.min.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1732758
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16223
cf-request-id: 092c041aa300004a85790d2000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-1deac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n8ol9uVJaTaASBE4souZoIABl0lg5O1dBWARXfg3hAZstIkcNrdAOJdDzwT7u8Br%2BFeKQNt6OPwxohTyEux2g3rEXOFdI%2F2sv6lMjmz8hPazPCKah%2BwsHCLkY1XdRP0UMA%3D%3D"}],"max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093ddae34a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/ 27 KB
5 KB 15ms
14ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 4229829
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4972
cf-request-id: 092c041aa400004a858eabc000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-6b4a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1IIi8zXzoT5c%2FGvqqlPGaZucgVSy7z7FVvtourx%2FRI1ZG%2Fl1bstRYCstsiQy0GSoip1OcTOPTv7dUkt1ZOPxGdZfk4%2FTH8i6yYHjL8q%2FlCYEzTC3vRmOUmgZAdvRLcKeDA%3D%3D"}],"max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093ddae64a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 app.css
reposhub.com/static/css/ 68 KB
13 KB 29ms
28ms Stylesheet
text/css 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/static/css/app.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d369809640f3b72e4d5589d23fbb39c142809313a6fd003061ab3110e2377160

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 565529
cf-polished: origSize=85956
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Aug 2020 02:35:08 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f24d4dc-14fc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=O2JFPrv30vGXo13cCvKK2rKHLLKMq1%2FrhRYQa1P%2B4VVnwlX%2FLI30DZETgkMPBE%2B6affZ7q%2FaNjcJY1fcwlkflxT7F78OQidYuMCGPeTsGZpnXGbT8Rjv9LI%3D"}],"max_age":604800}
content-type: text/css
expires: Thu, 01 Apr 2021 09:27:23 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-request-id: 092c041aa300002bca7c16d000000001
cf-ray: 638d093ddf0f2bca-FRA
cf-bgj: minify

GET
H2 200 simple-line-icons.css
cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.4.1/css/ 13 KB
3 KB 17ms
16ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.4.1/css/simple-line-icons.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab9f855e542893de23c7b7e4897eb91066c9dbbfeaa1b1fa73a826867833b4b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1526159
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2217
cf-request-id: 092c041aa400004a85592be000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:18 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd2-329e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f%2B7oGDDTReAYGRQheU%2FN%2BQPI0i%2F00FD079h6qRtducjetkcAAWvCrpTAiGjvrJXDwOh%2Fu%2Ba%2FbyV9gecb2lhRitcrA4JqvBzJXXHnoZoa5mqxEOHHMcOxKzzWh3kW6bCFUA%3D%3D"}],"max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093ddae74a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 style111.css
reposhub.com/static/css/ 23 KB
5 KB 12ms
11ms Stylesheet
text/css 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/static/css/style111.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dbbf69970e06432e8aa1bf3d4c80000b1c6c099010b6ff82d1465f301267809

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 134295
cf-polished: origSize=32438
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 01 Jun 2020 00:24:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5ed44ab4-7eb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dsUvO7xscQDTOBInQb%2Br9z%2FJafR2x2VHgrCKADCLa8GG5X5gn4pCv72B7yoUotNLK5xHlw7nD%2BwaUKjzCSaDTG29krasotFBwYlTqHyXTbb8%2Bl14nty7ppg%3D"}],"max_age":604800}
content-type: text/css
expires: Tue, 06 Apr 2021 09:14:37 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-request-id: 092c041aa300002bcab6ab6000000001
cf-ray: 638d093ddf102bca-FRA
cf-bgj: minify

GET
H2 200 github.css
reposhub.com/static/highlight/styles/ 854 B
724 B 11ms
10ms Stylesheet
text/css 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/static/highlight/styles/github.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e1dbb78b0cd75a432e9d68b906d76cde9a31534ae662f06f229dd269453daac

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 475406
cf-polished: origSize=1148
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 May 2016 13:56:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"572b5100-47c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XB1Vs5A8VsuEDxOv1LkjMwyPhAl%2BrORReGCrgIUuicIcru0k6DgECf8CPy2bj%2BVDRfa3p6ecd8zDncZRazaLT4fptoNZXU3tvJHqrLTRd7OSc5itRSihvwY%3D"}],"max_age":604800}
content-type: text/css
expires: Fri, 02 Apr 2021 10:29:26 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-request-id: 092c041aa400002bcabc110000000001
cf-ray: 638d093ddf112bca-FRA
cf-bgj: minify

GET
H2 200 editormd.preview.css
reposhub.com/static/editormd/css/ 45 KB
11 KB 14ms
13ms Stylesheet
text/css 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/static/editormd/css/editormd.preview.css

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72b2e517b90e3f71bcd7aca1f3698f64551a10f338e85380784ced36eb0ba862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 562923
cf-polished: origSize=60058
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 17 Jun 2020 07:26:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5ee9c5b0-ea9a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MQlzHPqwnoKycGmmhP0PxX21zS%2BlQYi2l5%2FQ0D2owIkTzV0vqUXQhQFDo6OHm0xsmRDJqVcG7ofEe4hGZGWnz8XToqMI%2FFrnF8ew9I3yzQ6dTlANaHP2mQU%3D"}],"max_age":604800}
content-type: text/css
expires: Thu, 01 Apr 2021 10:10:49 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-request-id: 092c041aa400002bcaff0ef000000001
cf-ray: 638d093ddf122bca-FRA
cf-bgj: minify

GET
H2 200 logo-dark.png
reposhub.com/static/img/ 6 KB
6 KB 14ms
11ms Image
image/png 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reposhub.com/static/img/logo-dark.png

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f224764418ac768b9688f2c0c751c8e12f48a8fb26837bd910857990356522a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 311227
vary: Accept-Encoding
content-length: 5757
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 09 Jun 2020 03:06:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5edefcad-167d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dQSpI6NcZI%2BnvwDksDpkSAtCSuEXkYDqo7k905mWHSrx0fzQSZrGfhfE3GJQPv3cE96OIuTHEAAZmx4EiNqVmAnJs8bgRiz%2BFiD7kIo%2FeDSsXGyUDV7POIA%3D"}],"max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=604800
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-request-id: 092c041ab800002bca8c3f6000000001
accept-ranges: bytes
cf-ray: 638d093dff2e2bca-FRA
expires: Sun, 04 Apr 2021 08:05:45 GMT

GET
H2 200 6377720
avatars2.githubusercontent.com/u/ 1 KB
2 KB 53ms
16ms Image
image/png 185.199.109.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars2.githubusercontent.com/u/6377720?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.109.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8dcb3d49da94d3c8b7c9d9a150da26c7c1425f9e8dd05931c4e796a291c4cd6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 2ed9648fa2a9f56a6dd904a323f32da838980884
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 1417
x-xss-protection: 1; mode=block
x-served-by: cache-ams21058-AMS
last-modified: Sun, 17 Jul 2016 11:34:49 GMT
x-github-request-id: 903C:A79D:6CEF3:755F5:605CEA8D
x-timer: S1617229972.192294,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 527879
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "12977cc59015bfbacbbdbd972742902339b0e671d8be3c0a6b9b525fba6281fe"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2

200

keepassxc_dll_hijack_vuln_detected.png
raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/
Redirect Chain

https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_dll_hijack_vuln_detected.png
https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_dll_hijack_vuln_detected.png

81 KB
81 KB

19ms
17ms

Image
image/png

185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_dll_hijack_vuln_detected.png

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8b45c7f88673598c311368b92514d83c17888c782673e15e42b478e8f53b5c87

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 80c00eeb77d468c8c01a3f4e0d63f262331c1d6c
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 82501
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
x-github-request-id: 190C:99E8:17FB87:2C5B1A:6064F848
x-timer: S1617229972.376747,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 76
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: W/"a6d0b814655a554aa17e1d23640eeedb3cf9b857ea87cfa60412294a24582e97"
accept-ranges: bytes
expires: Wed, 31 Mar 2021 22:37:52 GMT

Redirect headers

date: Wed, 31 Mar 2021 22:30:48 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-length: 186
x-xss-protection: 0
location: https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_dll_hijack_vuln_detected.png
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
x-github-request-id: 72E0:7B2F:37E42CF:39A5858:6064F894
x-frame-options: deny
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type: text/html; charset=utf-8
access-control-allow-origin: https://render.githubusercontent.com
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js

GET
H2

200

keepassxc_malicious_dll_added.png
raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/
Redirect Chain

https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_malicious_dll_added.png
https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_malicious_dll_added.png

39 KB
39 KB

18ms
17ms

Image
image/png

185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_malicious_dll_added.png

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

56b6ed54888338370fe8b04eb867b95897a4ff054c2c0dfa23040541dafe3792

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 1caca24dcbd55b188ea1bd42d139081c64631340
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 39663
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
x-github-request-id: FC90:B912:516A43:54C728:6064F848
x-timer: S1617229972.376742,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 76
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: W/"c49787534295c77ddbd0d877b7407bd08f42315bf5e3060bac5e33eda8afd01c"
accept-ranges: bytes
expires: Wed, 31 Mar 2021 22:37:52 GMT

Redirect headers

date: Wed, 31 Mar 2021 22:30:48 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-length: 181
x-xss-protection: 0
location: https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_malicious_dll_added.png
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
x-github-request-id: 72E0:7B2F:37E42CF:39A5859:6064F894
x-frame-options: deny
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type: text/html; charset=utf-8
access-control-allow-origin: https://render.githubusercontent.com
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js

GET
H2

200

keepassxc_hijacked_calc.png
raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/
Redirect Chain

https://github.com/tothi/dll-hijack-by-proxying/raw/master/screenshots/keepassxc_hijacked_calc.png
https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_hijacked_calc.png

88 KB
88 KB

21ms
20ms

Image
image/png

185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_hijacked_calc.png

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c8b6c36f6b9dbadb75e960e5f311a2dd37fc8fa2f2d1aede77c5f8ecc0a7a53

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 05322eb7e08646d5beecbe3c82edd1a8e15ca170
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 89634
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
x-github-request-id: 5764:99EB:214BFE1:22FED2F:6064F848
x-timer: S1617229972.376862,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 76
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: W/"c0e3eb5bb0e9cec6346db0f69970668e1adf846b7b4631d93b489d93e10b1dfa"
accept-ranges: bytes
expires: Wed, 31 Mar 2021 22:37:52 GMT

Redirect headers

date: Wed, 31 Mar 2021 22:30:48 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-length: 175
x-xss-protection: 0
location: https://raw.githubusercontent.com/tothi/dll-hijack-by-proxying/master/screenshots/keepassxc_hijacked_calc.png
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
x-github-request-id: 72E0:7B2F:37E42CF:39A585A:6064F894
x-frame-options: deny
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type: text/html; charset=utf-8
access-control-allow-origin: https://render.githubusercontent.com
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js

GET
H2 200 1024025
avatars.githubusercontent.com/u/ 28 KB
28 KB 84ms
47ms Image
image/jpeg 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/1024025?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

563d789bfeb00b556b3aa0f1132f56b8a087d91a8ff4c39f8301e9d4879129ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 03fabe675a0d2e382a7f458c0913ec164f22232a
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 28597
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Sat, 17 Sep 2011 19:13:02 GMT
x-github-request-id: EE2E:C735:20847A8:22358B6:6064F221
x-timer: S1617229972.193366,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 1650
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 6154722
avatars.githubusercontent.com/u/ 68 KB
69 KB 52ms
16ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/6154722?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fae94f23fc4d3a49bd50c0f2ed7a9708082c449ead90319732afeab03a0ac27b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 1da5e3672bb097544debdbe31793ba678d4dec28
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 3
vary: Authorization,Accept-Encoding
content-length: 70093
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Tue, 10 Dec 2013 20:48:26 GMT
x-github-request-id: 56F8:30D0:3F1C2:10444D:6064F24F
x-timer: S1617229972.193350,VS0,VE0
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 1605
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 43390781
avatars.githubusercontent.com/u/ 6 KB
6 KB 83ms
47ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/43390781?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3a3aa08a1a749b8aef3aeac3d09984908bf312d3a3dbdb8cc7f77f07169683c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 870d186bd27922016cd9a8520e3c5f60f35f3aad
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 5691
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Fri, 05 Jul 2019 14:05:04 GMT
x-github-request-id: 0E1A:123F1:4043D3:43D5FC:604B1CAA
x-timer: S1617229972.193336,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 1694697
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "e13323b23de5b296bae3356740f8b0c85d0fcaa1aa6b10375557dc80652526d3"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 528860
avatars.githubusercontent.com/u/ 5 KB
5 KB 83ms
47ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/528860?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fabc50c693f00b7629addd8724519f88906e8dfd78df2c42b4c4081a9cae9e78

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: f2d75d452f13305f59561101d03e04a606863a8f
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 4806
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Thu, 10 Mar 2016 16:37:47 GMT
x-github-request-id: E3A0:E85A:974D94:9E3295:60402A98
x-timer: S1617229972.193322,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 2412028
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "d9958ffcb91ad1987fdbc0de6eae53b391ecad2e6c108ed078a590a07bf94dd7"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 18133
avatars.githubusercontent.com/u/ 6 KB
6 KB 82ms
45ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/18133?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7199f63991e6859fb165edc5d02ccce01218fa009698d94b5bc19d01778c55d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 73f54919ab6c22752bf5736a56422eb0f740c53e
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 5678
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Wed, 01 Apr 2020 08:31:51 GMT
x-github-request-id: DFC0:DF83:4C3516:5029AF:60408A35
x-timer: S1617229972.193302,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 2387550
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "d8491b4807a042fe4d5abd32f517a95852d0a4bff93e0d5b72898336e201e12a"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 13841574
avatars.githubusercontent.com/u/ 22 KB
23 KB 91ms
55ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/13841574?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

249d58df75306229be28521c9991f8b69e7e92e011e4d102ea4953d7c7fe77ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: f3a3abdd7e966dbe3d3d5b44ce59022a0602b89a
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 22852
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Tue, 02 May 2017 23:35:53 GMT
x-github-request-id: 5E40:10342:1715AF:1C9474:60403008
x-timer: S1617229972.193666,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 2410635
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "3f87c2186e0a514b73b970b8fe3d86df6a57fe3f34038aaaa6388606ec1c2005"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 1342004
avatars.githubusercontent.com/u/ 15 KB
15 KB 59ms
59ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/1342004?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7258a7ba5f24775b73f49f633000eb10308b7fff6e94fbb5c4f697abf0cf2770

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 28a54a91159346b1b29fc7ca4b4f9da2379bdb86
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 15548
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Tue, 01 Sep 2015 17:03:29 GMT
x-github-request-id: B292:5B76:C8448:F0347:6037372D
x-timer: S1617229972.201241,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 2998630
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "35755cca4ddfb90fc5d2288949539f94f327323aec129dc9b2ac7bceb59c42a1"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 11298292
avatars.githubusercontent.com/u/ 119 KB
120 KB 50ms
50ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/11298292?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8a778e1ae05e616c4884dd914042e1b3e34c6729698f67cd706de629db33dd8e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 2863630458acbdcc55b03f5a0be9e01bd0292d31
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 122136
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Thu, 04 May 2017 23:39:06 GMT
x-github-request-id: B3AE:117DA:206E299:2219887:6064E502
x-timer: S1617229972.201202,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 5010
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "49614d7b432b502390af433641f3a3dbd1d80850e1b0141a2ae38d5698f793a6"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 46413578
avatars.githubusercontent.com/u/ 12 KB
12 KB 64ms
64ms Image
image/png 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/46413578?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

02fcb45cc6bc4194a3b28622f23bac47dabd2c394765b42a07cee0df31d4bb90

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 77b4cd2896eb21e2d6c9ae00a076ccc991838baf
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 11839
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Sun, 13 Oct 2019 04:27:54 GMT
x-github-request-id: 468A:26AC:2792D87:29A0D37:6049C290
x-timer: S1617229972.204091,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 1783299
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "c5a4fad2c5e01f1ae1d9649b63aea4d3f25bf1fcf8918bdd19e82709cafc7498"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 16128714
avatars.githubusercontent.com/u/ 7 KB
7 KB 64ms
63ms Image
image/jpeg 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/16128714?v=4

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

935fc2862c2121df9520aed508a976a18413297c75590e38119b5c6cd013b0eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: d48dae84c5e053ad7313cf52834c3d6e93c2c34a
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 7325
x-xss-protection: 1; mode=block
x-served-by: cache-ams21038-AMS
last-modified: Wed, 07 Aug 2019 17:58:24 GMT
x-github-request-id: FDA4:574E:965301:A59C48:6049C290
x-timer: S1617229972.204076,VS0,VE1
x-frame-options: deny
date: Wed, 31 Mar 2021 22:32:52 GMT
source-age: 1783299
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "e6444a2526fa5414b25e89f0d64b3d579454d927d015b5f913ffbed123179f88"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 31 Mar 2021 22:37:52 GMT

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
5 KB 31ms
15ms Script
application/javascript 2606:4700::6810:a723
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: reposhub.com
URL: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"max_age":604800,"report_to":"cf-nel"}
vary: Accept-Encoding
cf-request-id: 092c041afb000064675a9a3000000001
last-modified: Mon, 29 Mar 2021 13:37:44 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"6061d828-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n5Af4o%2BWXWt2EqaiKhkMx%2F4L3V0Lo%2FXdqviBjPZg%2FfFrZamurNK9MSwTwxbSOyntcjtf4P9Qqnhv7%2Bg65TeI0J%2FZKNf3WsDM8wSJGtW5YxPYGQv6DUczKcrLaf8ArWnf"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 638d093e5e926467-FRA
expires: Fri, 02 Apr 2021 22:32:52 GMT

GET
H2 200 Y_Vew37J7EXNJDjdqv7ld_pYi7Y.js Show response
reposhub.com/cdn-cgi/apps/body/ 2 KB
2 KB 12ms
12ms Script
application/javascript 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reposhub.com/cdn-cgi/apps/body/Y_Vew37J7EXNJDjdqv7ld_pYi7Y.js
Requested by: Host: reposhub.com
URL: https://reposhub.com/cdn-cgi/apps/head/gXJX4O-a7sW4pxhLqeOXHnQIxgk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df697423254c423e5c7b0236d128aed072d205012189b11ece74cb8d234bfa7a

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 9550592
content-type: application/javascript; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7CE89EF83A1D464F
x-amz-id-2: BrkAcEo3Levz1yXiBy2feo1tP+L3WDj7cq+8+mj9k3VthJFvjL/+9kKQ5yV6S0MjE2K0KKx+L/U=
last-modified: Fri, 11 Dec 2020 09:35:19 GMT
server: cloudflare
etag: W/"ea90b036acabb65c5f62fcf8c684ca95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iQO24cw8PyhlbAZPYboLNkJT3Xyg4zAuEpCEJMk7ZEfOzMI8WinWwBE%2Fq0jQ6oftQf8d%2FoejVVFXT5lS0OzIlasgj%2B1cWsc%2FEn39I4c8UvgB9FZX6O3SDOs%3D"}],"max_age":604800}
x-amz-version-id: 2woIEVxVhxkI7DoeQS9f05mHRNt2CH4P
cache-control: public, max-age=31536000
cf-request-id: 092c041ab800002bcaef26c000000001
cf-ray: 638d093dff312bca-FRA

GET
H2 200 fontawesome-webfont.woff2
reposhub.com/static/editormd/fonts/ 55 KB
56 KB 11ms
11ms Font
font/woff2 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reposhub.com/static/editormd/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by: Host: reposhub.com
URL: https://reposhub.com/static/editormd/css/editormd.preview.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Request headers

Origin: https://reposhub.com
Referer: https://reposhub.com/static/editormd/css/editormd.preview.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 132237
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56780
cf-request-id: 092c041ad500002bca77286000000001
last-modified: Mon, 08 Jun 2015 22:48:20 GMT
server: cloudflare
etag: "55761bb4-ddcc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jxBM%2B3epVTfhwHcd967HreEjjM1QKhRyCA0zjvntpcaHnR1oaKByNU8TxEs%2BP104TSto908oslezWu8kb91jUYsex5ECM11QZrK2NQ%2FiWrpYQvcnFNif3l4%3D"}],"max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 638d093e2f632bca-FRA
expires: Tue, 06 Apr 2021 09:48:55 GMT

GET
DATA 200
OK truncated
/ 430 B
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89d2e87bd79191af306f424d635ebf6bab09aa45216324b8c06e1a5dd6ea7bb3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/fonts/ 65 KB
66 KB 25ms
11ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f2721fcaed5436f55432318b274d1542e96753b56c6ec6cdbd1c0fdd46bc66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://reposhub.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 531506
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66624
cf-request-id: 092c041baa00004edab19ff000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-10440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YZfSujlL%2FLzXHbbxStI5GMAVLmi5WttGWk42n4WWmxAqXKRdoCWpWcl8GoHkZBtSu54JOhGXAVf22WfrUTq3lCMzx5zt2Z0oTMiTzPwP6%2BWpXID39N99%2FA6Rdvgq9XBlYQ%3D%3D"}],"max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093f7dd94eda-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 101 KB
32 KB 34ms
12ms Script
text/javascript 2600:9000:2182:2600:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:2600:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d5059f32fbb319603fd421035ba8ae20f2a80c2978279efb10cba65961bdcfe9

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:51 GMT
content-encoding: gzip
age: 1
etag: W/"192cc-S85VNqqDcmpq46cMbazrSJLaAD0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: CQRYNHMKCODfEQ3kSdr9GVUUu4qz23fkEk9FaoQicJY8Wg332MuTZg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-2850431-5

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a02f326cd299160d0e738bc369e3a3ef120aad66155e9bf2093eb782f3a97e84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39146
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 31 Mar 2021 22:32:52 GMT

GET
H2 200 app.js Show response
reposhub.com/static/js/ 3 KB
2 KB 14ms
12ms Script
application/javascript 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/static/js/app.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b407fdbd3d642da77826a4847f37dd414ed3c63505cc760b2f07f15757caaf1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 565523
cf-polished: origSize=6350
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 01 Jun 2020 12:59:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5ed4fb9e-18ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=szxYxZQTcCD7%2BufVxjDVBHJcGd%2BYHuvyRfBUqjAlcH4IcdbpWGBBIkxjjYhBPVQdkvTSTE6ZxM198wzAohRbjiSvSAyQ9G12q2l6qnDvt1LMRij59BcW6Fg%3D"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
expires: Thu, 01 Apr 2021 09:27:29 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-request-id: 092c041ba300002bca7c174000000001
cf-ray: 638d093f689f2bca-FRA
cf-bgj: minify

GET
H2 200 highlight.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/ 42 KB
16 KB 13ms
11ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63bccffe959742391051ecbf7c09b1475f31fbc0e6cf44e7c9c6141a3620584d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 8274843
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15555
cf-request-id: 092c041ba400004a858bba4000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:34 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e7a-a813"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X4V6BF%2B46hdml7CIQsNN6B%2BihoxT7xm%2FXJqRrPE5f1lu%2F0mHJ2wPbAy6Fo6zGtnBbRpO5MvlTZcIz6xr91D3Z9%2Fls%2B%2Fj%2B0Nec3dTmmY%2FozhgsZCnH41v5qsklMUsOzXXmw%3D%3D"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093f6ce64a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 jquery.lazyload.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/ 3 KB
2 KB 13ms
10ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/jquery.lazyload.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 3767068
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1120
cf-request-id: 092c041ba400004a853a9d7000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-d35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Q3bRpywDdUC7LSkHwvjdABT7R3rS6WGjKpZrq7U%2BitFava2JD2mAzGQiogbCYOH4aKvRwTp7euvdXuz9M3oVhSBAkIANwDTIcPakRpZZ53ER3tY1svY%2F8Ft82Yx6WoWXdQ%3D%3D"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093f6ce74a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/ 36 KB
9 KB 18ms
15ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 3628119
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8641
cf-request-id: 092c041ba400004a85249bb000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-8fd0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zYtB5qi6mycK%2FVo0b8%2B436oCaQaTGgWy5tYENxwpoL1WJWa4RyVl%2FY6cTKjXAo2XruDw%2F3t1Fjf82ybUvs2pcBj%2F16eiJhGPu%2FG4xq76VfsbTRrFdczCeER5xupVTke79w%3D%3D"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093f6ce84a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/ 94 KB
30 KB 14ms
12ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 534698
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29910
cf-request-id: 092c041ba400004a8564b0d000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-1762a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6ljBT16qhXGinD2orUF56bGJvImOvUeX4qTHLkC4i%2Fll7IUp5%2BaTnnJZeYlGMTCw7vw9rHlfVG2NMa%2BD5J8j%2BSue13O3uUmmdqw%2Fmro9MsmEfZU2L4N0JzAtGsj4HzoS3g%3D%3D"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 638d093f6ce94a85-FRA
expires: Mon, 21 Mar 2022 22:32:52 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
47 KB 46ms
25ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b2a853b22f0ec6903f34fc0a0f3cf1ca10f049384c8256c18aa422fdabf6f7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47661
x-xss-protection: 0
server: cafe
etag: 13477528511139138022
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 31 Mar 2021 22:32:52 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210329/r20190131/ 227 KB
85 KB 59ms
45ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210329/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7963911354665843&plah=reposhub.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

311e18f635513141cf583a4fa0ac2828f450c8197eb57853475194676faaebe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86637
x-xss-protection: 0
server: cafe
etag: 7600525576280132900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 31 Mar 2021 22:32:52 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210329/r20190131/ Frame 008B 10 KB
5 KB 26ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210329/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ee8a97200cf0e24af175070d017d0bdabe6c619ede7bf7c5585e90de0f39798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210329/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 30 Mar 2021 22:40:42 GMT
expires: Tue, 13 Apr 2021 22:40:42 GMT
content-type: text/html; charset=UTF-8
etag: 13254444762018554669
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4647
x-xss-protection: 0
age: 85930
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 updateGitHub Show response
reposhub.com/article/ 7 B
404 B 645ms
645ms XHR
text/plain 2606:4700:3031::6815:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reposhub.com/article/updateGitHub

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2805185b49e921d5f411b99d5027640e1d9957f59394127e3b71226fa702abd0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
x-xss-protection: 1; mode=block
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 092c041c1400002bcad5122000000001
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DsIGL%2BjAfwRG5gdDjxwR9KxkfNTDcFjbXaFCVuTtDc%2Be7bEZ8r4iIaUvko45RngbdsqwpNszJXarw4SmI6WnU3nTM%2BniW5VAsz4nHyum1VW%2F8HjjQiSDVcw%3D"}],"max_age":604800}
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-ray: 638d094029572bca-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ 120 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0275ec366f3cf18830eb5708a3f72ea10baf05a2f946c541e30691fa60ba4b54

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
88 B 38ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama&lserr=1&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ec4f90caa9dfe001ab3f7a0.js Show response
buttons-config.sharethis.com/js/ 497 B
871 B 38ms
16ms Script
text/javascript 2600:9000:2182:f200:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5ec4f90caa9dfe001ab3f7a0.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:f200:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 14d198434c31b96fdd33372bfcded843f66f83f16fae2dd68130aca6fc21e044

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 31 Mar 2021 22:32:52 GMT
via: 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
last-modified: Fri, 22 May 2020 07:37:42 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "184103fd97887eddcaa02ff001e58c35"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 497
x-amz-cf-id: oNqGl94mTFHNSll3Yk2d1vsYI6wbyPK1eZSxf0F3c3q5hV3k8PneBA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2850431-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 1065
date: Wed, 31 Mar 2021 22:15:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Thu, 01 Apr 2021 00:15:07 GMT

GET
H2 200 portal-v2.html Show response
c.sharethis.mgr.consensu.org/ Frame 83D2 2 KB
1 KB 36ms
9ms Document
text/html 2600:9000:2182:c000:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:c000:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

content-type: text/html; charset=utf-8
content-encoding: gzip
date: Wed, 31 Mar 2021 22:18:36 GMT
cache-control: max-age=3600, public
etag: W/"83a-K1Ex0xzH2LCxSyRnDnyZEg18N68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 987c00b911316df568db602f83876a8e.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: kQcYN07JDQq6ywvi-tOrqMV9mQyc2EA136RNSRtXTW6AkZEepc6UkA==
age: 856

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=abg_host&host=reposhub.com

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 202 B
640 B 104ms
54ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reposhub.com&callback=_gfp_s_&client=ca-pub-7963911354665843

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210329/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7963911354665843&plah=reposhub.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a4de3c1f4c20c7de2db4da448833c8b4b3cb32d5e58279fdbd6d68bdc90e1c28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reposhub.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 35ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reposhub.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2884 66 KB
22 KB 506ms
493ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&slotname=5554513815&adk=3916385169&adf=1577162944&pi=t.ma~as.5554513815&w=945&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&psa=0&format=945x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617229972456&bpp=15&bdt=331&idt=170&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3045443391865&frm=20&pv=2&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=vN1bsxfD8c&p=https%3A//reposhub.com&dtd=188

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bb64e9dbb4dad4a555d5f47c22b6813a6e035fa521b4aa82bb712bfc9de1a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&slotname=5554513815&adk=3916385169&adf=1577162944&pi=t.ma~as.5554513815&w=945&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&psa=0&format=945x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617229972456&bpp=15&bdt=331&idt=170&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3045443391865&frm=20&pv=2&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=vN1bsxfD8c&p=https%3A//reposhub.com&dtd=188
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 31 Mar 2021 22:32:53 GMT
server: cafe
content-length: 22373
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 31-Mar-2021 22:47:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 46ms
32ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210329&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c0e8b61086a5654ff4428306d0311b84d11299a1af6194f4d26d9c9ef975a70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6565
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96bbf4f9521f17f3be8143f5c7b7918869757bdae7eee27f6d5bd83809cd4f32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617017733465819"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28245
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:52 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 28E3 65 KB
22 KB 293ms
293ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=200&slotname=1056687994&adk=11596086&adf=612915717&pi=t.ma~as.1056687994&w=816&fwrn=4&lmt=1617229972&rafmt=11&psa=0&format=816x200&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&wgl=1&dt=1617229972471&bpp=3&bdt=347&idt=185&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=542&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpoeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EbUM9IbitN&p=https%3A//reposhub.com&dtd=190

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e3e884ff7cd1bfc379a2743870e133637880df6e9b63d47e0908f1e415a552a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7963911354665843&output=html&h=200&slotname=1056687994&adk=11596086&adf=612915717&pi=t.ma~as.1056687994&w=816&fwrn=4&lmt=1617229972&rafmt=11&psa=0&format=816x200&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&wgl=1&dt=1617229972471&bpp=3&bdt=347&idt=185&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=542&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpoeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EbUM9IbitN&p=https%3A//reposhub.com&dtd=190
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 31 Mar 2021 22:32:52 GMT
server: cafe
content-length: 22101
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 31-Mar-2021 22:47:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:52 GMT
cache-control: private

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
386 B 45ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1689053776&t=pageview&_s=1&dl=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&ul=en-us&de=UTF-8&dt=Exploiting%20DLL%20Hijacking%20by%20DLL%20Proxying%20Super%20Easily&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAUABAAAAAC~&jid=1145102650&gjid=401194932&cid=810691039.1617229973&tid=UA-2850431-5&_gid=94257488.1617229973&_r=1&gtm=2ou3o0&z=616329251

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reposhub.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
677 B 35ms
12ms Image
image/svg+xml 2600:9000:2182:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/facebook.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 07 Mar 2021 03:08:14 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 2143479
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 301
x-amz-cf-id: SFGzOa-ViM7ky6tX0Ppns7b5efWGOJ5-SpG2r_4PoX5v76Qo-b54tA==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 731 B
1 KB 35ms
12ms Image
image/svg+xml 2600:9000:2182:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/twitter.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 07 Mar 2021 20:03:18 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2082575
etag: "0af2fb38987598376c99e21af17ade45"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 731
x-amz-cf-id: TZjcLQrxxBuNcGrDvv3p9BkLbdrwVwOo-kpNezwQIa6Yi5UEukZKZg==

GET
H2 200 pinterest.svg
platform-cdn.sharethis.com/img/ 771 B
1 KB 35ms
12ms Image
image/svg+xml 2600:9000:2182:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/pinterest.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 06 Mar 2021 12:00:09 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2197964
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 771
x-amz-cf-id: BCAG6Ew9WSXGHrEOoF_9N0YIBdTRu1uh-qNsMYbtsSHbL_pRZpALIw==

GET
H2 200 email.svg
platform-cdn.sharethis.com/img/ 343 B
720 B 35ms
12ms Image
image/svg+xml 2600:9000:2182:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/email.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 05 Mar 2021 03:42:14 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 2314239
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 343
x-amz-cf-id: sVBXadS1HBGj1KI-SisiT_LZfWh3sLs97-oxzBEQR0BljeL7jfiS2g==

GET
H2 200 sharethis.svg
platform-cdn.sharethis.com/img/ 514 B
889 B 35ms
13ms Image
image/svg+xml 2600:9000:2182:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/sharethis.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 07 Mar 2021 03:08:14 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2143479
etag: "deecdaa377907db5cc1722fc831670a1"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 514
x-amz-cf-id: ihIsJsgQaPeN7dH2k5LpKz_e832HRehQ18i2K6K4mU80ymZ-tUY5AQ==

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&tn=CLOUDFLARE-APP&ign=false

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&tn=HEADER&id=header&cls=navbar%20navbar-fixed-top%20box-shadow%20affix-top&ign=false

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0579 8 KB
1 KB 45ms
44ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&adk=1812271804&adf=3025194257&lmt=1617229972&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&ea=0&flash=0&pra=7&wgl=1&dt=1617229972581&bpp=1&bdt=457&idt=119&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280%2C816x200&nras=1&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=5&uci=a!5&fsb=1&dtd=125

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8335ca416f90bfa1b469161ac9f81ffc41800f76abf2165c0577b0af50909a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7963911354665843&output=html&adk=1812271804&adf=3025194257&lmt=1617229972&plat=1%3A16809992%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&ea=0&flash=0&pra=7&wgl=1&dt=1617229972581&bpp=1&bdt=457&idt=119&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280%2C816x200&nras=1&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=5&uci=a!5&fsb=1&dtd=125
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 31 Mar 2021 22:32:52 GMT
server: cafe
content-length: 922
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 31-Mar-2021 22:47:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:52 GMT
cache-control: private

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 36ms
14ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:52 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
334 B 92ms
23ms XHR
text/plain 52.58.221.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&hostname=reposhub.com&location=%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&product=inline-share-buttons&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Exploiting%20DLL%20Hijacking%20by%20DLL%20Proxying%20Super%20Easily&cms=sop&publisher=5ec4f90caa9dfe001ab3f7a0&sop=true&bsamesite=true&consent_cookie_duration=101&consent_duration=101&gdpr_domain=.consensu.org&gdpr_method=cookie&version=st_sop.js&lang=en&description=This%20is%20a%20tutorial%20about%20exploiting%20DLL%20Hijack%20vulnerability%20without%20crashing%20the%20application.%20The%20method%20used%20is%20called%20DLL%20Proxying.%2Cdll-hijack-by-proxying
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.221.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-221-124.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 31 Mar 2021 22:32:52 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://reposhub.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 62ms
14ms XHR
text/plain 2a00:1450:400c:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-2850431-5&cid=810691039.1617229973&jid=1145102650&gjid=401194932&_gid=94257488.1617229973&_u=IAhAAUAAAAAAAC~&z=1905513284

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 31 Mar 2021 22:32:52 GMT
content-type: text/plain
access-control-allow-origin: https://reposhub.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 4817 12 KB
5 KB 35ms
20ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 31 Mar 2021 20:57:25 GMT
expires: Thu, 31 Mar 2022 20:57:25 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5727
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 39ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama&lserr=1&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 39ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20No%20slot%20size%20for%20availableWidth%3D263%0Aat%20ck%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A158%3A453)%0Aat%20bk%20(adsbygoogle.js%3A157%3A137)%0Aat%20ok%20(adsbygoogle.js%3A164%3A239)%0Aat%20yl%20(adsbygoogle.js%3A210%3A4)%0Aat%20Ol%20(adsbygoogle.js%3A213%3A106)%0Aat%20Nl%20(adsbygoogle.js%3A212%3A657)%0Aat%20Wl%20(adsbygoogle.js%3A227%3A84)%0Aat%20adsbygoogle.js%3A221%3A47%0Aat%20pe.n.ga%20(adsbygoogle.js%3A66%3A804)%0Aat%20ye%20(adsbygoogle.js%3A74%3A107)&shv=r20210329&eid=21066433%2C31060614%2C44740079%2C44739387&client=ca-pub-7963911354665843&tag_origin=qs&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 39ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=4&wpc=ca-pub-7963911354665843&warn=6%2C12%2C13&w=1600&h=1200&eatf=false&reatf=true&a=6%2C1%2C5%2C7&apv=20210328_113731&sat=1617070988165&afm=0&as_count=4&d_count=0&ng_count=0&am_count=3&atf_count=2&mdns=0.167&alldns=0.273&allp=28&fd=(0%2C15%2C3)%2C(1%2C0%2C0)%2C(2%2C3%2C2)&pgh=7533&su=reposhub.com&r=0.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 42ms
29ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reposhub.com

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 43ms
29ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reposhub.com

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Mar 2021 22:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3E74 69 KB
24 KB 485ms
485ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe609c0e4905fb1d1a50914b9cf6e5ac37419c22d67ea502e35d7ee069a2c15b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 31 Mar 2021 22:32:53 GMT
server: cafe
content-length: 24011
x-xss-protection: 0
set-cookie: IDE=AHWqTUn9dZ_pTf0u5oBfFxN-Qgqyobp2iKcF__0dASb_wJv8AzmsgH8vBVS3Bfj5c-s; expires=Mon, 25-Apr-2022 22:32:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 596F 81 KB
25 KB 456ms
456ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=3935657741&pi=t.aa~a.1602054263~i.67~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=2&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280&nras=3&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=eKXV6hMIrR&p=https%3A//reposhub.com&dtd=48

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9186e556e0331a1acfd18e8d50433379fc034b576887ca3fa4ab63664eacf3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=3935657741&pi=t.aa~a.1602054263~i.67~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=2&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280&nras=3&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=eKXV6hMIrR&p=https%3A//reposhub.com&dtd=48
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 31 Mar 2021 22:32:53 GMT
server: cafe
content-length: 25685
x-xss-protection: 0
set-cookie: IDE=AHWqTUmYqxzcu9MCx633su-ro0JfrRhme9LX5477cuSCD2O28Xh0iZmqFihign-4V20; expires=Mon, 25-Apr-2022 22:32:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8BC2 72 KB
24 KB 313ms
313ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=240&adk=3278714446&adf=3521083603&pi=t.aa~a.1622194657~rp.1&w=263&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&to=qs&pwprc=6393567433&psa=0&format=263x240&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1617229972802&bpp=2&bdt=677&idt=2&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280%2C816x280&nras=4&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=plGK03S4fw&p=https%3A//reposhub.com&dtd=53

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f3386daeecc4942555c67c16360a47de33ca2ee45f5207bbb04631f6b8b15f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7963911354665843&output=html&h=240&adk=3278714446&adf=3521083603&pi=t.aa~a.1622194657~rp.1&w=263&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&to=qs&pwprc=6393567433&psa=0&format=263x240&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1617229972802&bpp=2&bdt=677&idt=2&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280%2C816x280&nras=4&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=plGK03S4fw&p=https%3A//reposhub.com&dtd=53
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 31 Mar 2021 22:32:53 GMT
server: cafe
content-length: 24404
x-xss-protection: 0
set-cookie: IDE=AHWqTUm1cDaMh3y0BEn5aDlhSiQ5U3g3DBgWP3_uNHM-PjgvPj976pR6WA2TxfE3b24; expires=Mon, 25-Apr-2022 22:32:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
505 B 38ms
17ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-2850431-5&cid=810691039.1617229973&jid=1145102650&_u=IAhAAUAAAAAAAC~&z=1528959098

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
505 B 37ms
17ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-2850431-5&cid=810691039.1617229973&jid=1145102650&_u=IAhAAUAAAAAAAC~&z=1528959098

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js Show response
pagead2.googlesyndication.com/bg/ Frame 4817 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0db319d2b4b0ad876d18882cd1a265acc85086c259c3141e5e4897e5506438bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 01:00:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 509525
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Sat, 26 Mar 2022 01:00:47 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 28E3 4 KB
1 KB 35ms
15ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=200&slotname=1056687994&adk=11596086&adf=612915717&pi=t.ma~as.1056687994&w=816&fwrn=4&lmt=1617229972&rafmt=11&psa=0&format=816x200&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&wgl=1&dt=1617229972471&bpp=3&bdt=347&idt=185&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=542&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpoeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EbUM9IbitN&p=https%3A//reposhub.com&dtd=190

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 22:20:47 GMT
server: ESF
date: Wed, 31 Mar 2021 22:32:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Mar 2021 22:32:52 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 28E3 1 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:29:18 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/ Frame 28E3 17 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36b3f5a93d27d7519d736f048f2bf91c98c39620ca8795152c0b8286040cc975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1494
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 12304503248286081012
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:07:58 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 28E3 2 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:32:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 28E3 118 KB
36 KB 42ms
28ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80e717f7f97b69547f30e8fb2adb1abdb3fdcd94b907472cc26e4d491f005825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617017751739567"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36599
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 28E3 13 KB
6 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:22:52 GMT

GET
H2 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 28E3 25 KB
11 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 05:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 580090
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 23 Jun 2021 05:24:43 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 28E3 0
0 44ms
44ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSkWXlPhkYMGHKoe13gOt363ACry08rph9eqlo5ANwI23ARABIOaKkANglYq4gsgHoAGqi7fIA8gBAakCkoA119q3sz6oAwHIA8MEqgTxAU_Qb2xjaJQESaaUPLEP0F1NuLRIne5_srnHzncSuxOHCm_UsAQzsyT1U7Z2YWbgRUGS9DIppCxEbZgXxpE5srbGXCBU1Vj0g5wS56y_cDXnXGIj5wpF2qG5QjWYgIR7o2OEEXijqJJJgU0va0bhmHaMStCGyoXK26kBjavXDIlUIhczzRl_n913PhcZKEQfdhviGDFXrM98MMKeayb3Mw8gzty1Bs04Ab_0xHqCOxEx9jv2IN9bTlwPoslPzsC4GaLpTXa7HAZFx0u9wWFMsdXM675sdynUI0GPUgd_oYCjYJECWGGLWtrRBji5CIg0wNfABMuYqrW1A5IFBAgEGAGSBQQIBRgEoAZRgAe-9Mg3qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEMuPVNIICQiA4YAQEAEYH4AKAcgLAdgTCrIXGgoYCAASFHB1Yi03OTYzOTExMzU0NjY1ODQz&sigh=lCiqtEy_JLY&tpd=AGWhJmuzYdRolCJuHq9Yci0gJ7c5l1YDi1Bxj2pkvJSNqeQ6Pg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=200&slotname=1056687994&adk=11596086&adf=612915717&pi=t.ma~as.1056687994&w=816&fwrn=4&lmt=1617229972&rafmt=11&psa=0&format=816x200&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&wgl=1&dt=1617229972471&bpp=3&bdt=347&idt=185&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=542&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpoeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EbUM9IbitN&p=https%3A//reposhub.com&dtd=190
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Mar 2021 22:32:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 3822847737955626811
tpc.googlesyndication.com/daca_images/simgad/ Frame 28E3 19 KB
20 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/3822847737955626811?w=400&h=209

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a441bd3538abbe3e84ae9ba3b8f775e286824c7775a31cdea84e6a7bdd4d3219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 15:20:29 GMT
x-content-type-options: nosniff
age: 544343
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19821
x-xss-protection: 0
last-modified: Wed, 08 Feb 2017 19:26:03 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Apr 2021 15:20:29 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 786E 143 B
220 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=200&slotname=1056687994&adk=11596086&adf=612915717&pi=t.ma~as.1056687994&w=816&fwrn=4&lmt=1617229972&rafmt=11&psa=0&format=816x200&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&wgl=1&dt=1617229972471&bpp=3&bdt=347&idt=185&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=542&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpoeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EbUM9IbitN&p=https%3A//reposhub.com&dtd=190
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=200&slotname=1056687994&adk=11596086&adf=612915717&pi=t.ma~as.1056687994&w=816&fwrn=4&lmt=1617229972&rafmt=11&psa=0&format=816x200&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&wgl=1&dt=1617229972471&bpp=3&bdt=347&idt=185&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=945x280&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=542&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpoeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EbUM9IbitN&p=https%3A//reposhub.com&dtd=190

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 31 Mar 2021 22:23:20 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 573
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 28E3 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35650cbcb93b832aed451311dd01d9abea12d113d73696e14559f3724a65e590

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 28E3 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 22:46:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 85580
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Wed, 30 Mar 2022 22:46:33 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 28E3 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 06:36:16 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 402997
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Sun, 27 Mar 2022 06:36:16 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 786E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
110 B

14ms
14ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmY7JIxNcfXBjAEREswFAZPaLyC_wCZv-Y66eKdmZ7sD4G4kQLYT52uZ1yI7Zw; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 31 Mar 2021 22:32:53 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 31-Mar-2021 23:32:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 31 Mar 2021 22:32:53 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js Show response
pagead2.googlesyndication.com/bg/ Frame 78A0 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0db319d2b4b0ad876d18882cd1a265acc85086c259c3141e5e4897e5506438bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 01:00:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 509526
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Sat, 26 Mar 2022 01:00:47 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
46 B 42ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210329&jk=79116334880234&bg=!f3ylfDjNAAY56aLOOek7ACkAdvg8Ws9MNp1Vsi6OpbrP5adEbVsk0ZoXgAPZdu-cd5kbE8W94gHiqgIAAADCUgAAABJoAQcKAPeRggHa19aVc_6wcksbXTpEWRL6nO0HTcJ51xtthI7jeWvl3FHDE5CcaJyGlqNHwNO1pn2ngioWlX3kXIrOYcIt_L3PuH040YT86IAdfnHY8yQW_j7PN5q2JNz8tZr68ORZTd_cuzD165Zwtm-4Ik3Zf3Rhj1fXnBzD34M5tAWwM6c0TRjEZKt7EcpDZVR3fbcosCdb7DFfegKGSosQJIU2-WCs-5UbYhynU5g3PwHuVwnhyfeOXPNHo62B25EaTty-szm6tt6-dvn2aGmDyRwsVOnf7BhlGaLf0vW0HRFmhIZcRgceuSodD96e2Xe7_ZLtU2fQ9jpLmQHQEpxTpy6t65jeAweRWcSbiG32ikdTwEtaSoBxTNCli_OK2Cm98J2b_bbYl8Ncjh_XbstuVZPhO4nzvtipO9AtEwA5diKoncpAXd1JAUjE-iXE4uCJtWAXzQjdNIpZdAbdsMSwBtkE66Cl534ctHkKD2kv3h45exnIA7PnKqQFmclEjTbrqBHzhXJTu3spyuMYDIxEeZcgHW7eMlnudw3RPpaMwEz2AT8kQZtfNnW_1rmMgCW4GkMFSgkqHKskXLSish2BFQYBXgn_BWCaJXobQKVm0MjgWFpmf-h5pVtEcIYV6h47CI4t8lGc_-TKoehJ76UKLaUFU3HBAcJkVOIqU1dVKNkmi5DqPXOu4FHqSIX9G6PSXmgF2FOJgCQaLnysrHAlBkD9Tt6qpOX7PVWOxALEyj77ntjQ693AXWoJWk9MOwk0MZIuZgNbBpYUdntJLJTq-y3EWGJs4dJXbga0lbMvn9mbq0a9oQVQuGC8H-uubFCEhIp21JKtBC2SQ89y067a1EtjZO2CdByKOBg0DM2eHd8j7kfkkFfIWf0rcLRpmzgKLKctk9gAfIkw8_dvhilXvF2gkWJ4tMpuOCvAD_70ED75hfA8tPMcm2owTvU

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reposhub.com/cpp/miscellaneous/tothi-dll-hijack-by-proxying.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 2884 4 KB
1 KB 42ms
28ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&slotname=5554513815&adk=3916385169&adf=1577162944&pi=t.ma~as.5554513815&w=945&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&psa=0&format=945x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617229972456&bpp=15&bdt=331&idt=170&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3045443391865&frm=20&pv=2&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=vN1bsxfD8c&p=https%3A//reposhub.com&dtd=188

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 22:21:12 GMT
server: ESF
date: Wed, 31 Mar 2021 22:32:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8BC2 6 KB
690 B 42ms
28ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=240&adk=3278714446&adf=3521083603&pi=t.aa~a.1622194657~rp.1&w=263&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&to=qs&pwprc=6393567433&psa=0&format=263x240&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1617229972802&bpp=2&bdt=677&idt=2&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280%2C816x280&nras=4&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=plGK03S4fw&p=https%3A//reposhub.com&dtd=53

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf36c2a91f108e0eb00d5d2f09de162b72da38a46bca7e80eb13f53aabac4d70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 22:21:19 GMT
server: ESF
date: Wed, 31 Mar 2021 22:32:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 2884 1 KB
913 B 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:29:18 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/ Frame 2884 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36b3f5a93d27d7519d736f048f2bf91c98c39620ca8795152c0b8286040cc975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 12304503248286081012
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:07:58 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 2884 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:32:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2884 118 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80e717f7f97b69547f30e8fb2adb1abdb3fdcd94b907472cc26e4d491f005825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617017751739567"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36599
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 2884 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:22:52 GMT

GET
H3-Q050 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 2884 25 KB
10 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 05:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 580090
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 23 Jun 2021 05:24:43 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 8BC2 1 KB
910 B 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:29:18 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/ Frame 8BC2 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36b3f5a93d27d7519d736f048f2bf91c98c39620ca8795152c0b8286040cc975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 12304503248286081012
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:07:58 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 8BC2 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:32:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8BC2 118 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80e717f7f97b69547f30e8fb2adb1abdb3fdcd94b907472cc26e4d491f005825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617017751739567"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36599
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 8BC2 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:22:52 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 8BC2 0
0 17ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTJhuQnbxiZ9l_wOA8ESGtyF0fhiuDhSfbv7xg-pURDiHOAy9XNQka8fXQ3PtCsUY8k1gKhV6FhLriIuB5DA3u4cyzHLQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=240&adk=3278714446&adf=3521083603&pi=t.aa~a.1622194657~rp.1&w=263&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&to=qs&pwprc=6393567433&psa=0&format=263x240&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1617229972802&bpp=2&bdt=677&idt=2&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280%2C816x280&nras=4&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=plGK03S4fw&p=https%3A//reposhub.com&dtd=53
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 8BC2 25 KB
11 KB 28ms
20ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 05:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 580090
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 23 Jun 2021 05:24:43 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2884 0
0 44ms
42ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CloRGlPhkYOKDKoT13gO8x5jACefej41izbbbobAN2-ma978OEAEg5oqQA2CViriCyAegAfq_m8IDyAEBqQLfliIoq7azPqgDAcgDywSqBOMBT9B9NrqyXW8burhuE1TqT3UTJ_baNO4MvMk2Miuv4_ssYMrWl7DpnCDMHerAqE2HRi2N24887lWje4yn7X8E48wTCFve1OLa9HzjnB30JwDT88zmsDfxr35CMXAXxHpA-2_DzBaH5MMA-YfEwivcigKZpii8EhEOfCapcOOHB-tmWvipDInuy9adbB7-IKU3IW6wFMXlzhfH6YdaA9dOqyIA2PBB2j2vF75x0DOryQXpq3ZasqiFb_RDdiWVWH5JoB68l_5Xip-mrlNVnPRMSQJVGzoyXvNaBesJ1zfj5K1B23HABLnzz_XLA5IFBAgEGAGSBQQIBRgEgAe_nOOmAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBComw7SCAkIgOGAEBABGB-ACgHICwHYEw2IFALQFQGAFwGyFxoKGAgAEhRwdWItNzk2MzkxMTM1NDY2NTg0Mw&sigh=lk6e9BUsSz0&tpd=AGWhJmtTZ8GrdfFnxti27g-6qvgdEj5hv3TL0hyKo1l7cQOX6g

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&slotname=5554513815&adk=3916385169&adf=1577162944&pi=t.ma~as.5554513815&w=945&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&psa=0&format=945x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617229972456&bpp=15&bdt=331&idt=170&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3045443391865&frm=20&pv=2&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=vN1bsxfD8c&p=https%3A//reposhub.com&dtd=188
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Mar 2021 22:32:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050

200

B25292919.296712810;dc_pre=CJD4z5DL2-8CFWTjuwgdpSILlA;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/ Frame 8BC2
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B25292919.296712810;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B25292919.296712810;dc_pre=CJD4z5DL2-8CFWTjuwgdpSILlA;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rd...

42 B
515 B

83ms
55ms

Fetch
image/gif

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B25292919.296712810;dc_pre=CJD4z5DL2-8CFWTjuwgdpSILlA;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B25292919.296712810;dc_pre=CJD4z5DL2-8CFWTjuwgdpSILlA;dc_trk_aid=486813666;dc_trk_cid=144622874;ord=1224923246;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8BC2 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4J45lPhkYJGgNbSkrAS337OQBvqB94lij93_j6INw-Tz_QgQASDmipADYJWKuILIB6AB3N-hkwPIAQmoAwHIA8sEqgTlAU_QzRSUAOb-ocu3T80aBAv0KURlW6rpKwdVxq6daLA4zmqfXHFrN55Q46wMgzaBJFAp5Wijv9dOD8u5EaKkAyKFUvEEJUUmNaRdUOtP5ebW7QYjwUCQFGgWKRbr8AQNG57VWdvutITat52yUrgeS-ZzBvxkr1S66fsAQaV_kZwjF62hkwMubAz0kdctai_0Qxb_HfVyyaIdElylqPZdUqC-MuIw2bmizkTZ_In8HVAJxetDmqBZUdynvngDSoxZPEp6tjL5PtlX46HYOX3hgSMOJpgtSE5aCoSU3kZHuBqgNovc9s7ABJjb7vX5ApIFBAgEGAGSBQQIBRgEoAYugAeMoN5sqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEENXtENIICQiA4YAQEAEYH4AKAcgLAdgTArIXGgoYCAASFHB1Yi03OTYzOTExMzU0NjY1ODQz&sigh=NIxkNsTEgJM&template_id=5000&tpd=AGWhJmt2KfCL9DQnR2je4YmxuHoqwLY-9L6-gG7qVdyuoNxZlQ

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=240&adk=3278714446&adf=3521083603&pi=t.aa~a.1622194657~rp.1&w=263&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&to=qs&pwprc=6393567433&psa=0&format=263x240&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1617229972802&bpp=2&bdt=677&idt=2&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280%2C816x280&nras=4&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=plGK03S4fw&p=https%3A//reposhub.com&dtd=53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Mar 2021 22:32:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6040726707674218965/ Frame 8BC2 20 KB
20 KB 7ms
6ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6040726707674218965/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7acd659bc143b2569af1eb2430cb7484600fbea49d50bcaebe6f85aa7f93d75d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 09:54:28 GMT
x-content-type-options: nosniff
age: 477505
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20307
x-xss-protection: 0
last-modified: Thu, 17 Oct 2019 22:34:20 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Mar 2022 09:54:28 GMT

GET
DATA 200
OK truncated
/ Frame 8BC2 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CF15 143 B
165 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&slotname=5554513815&adk=3916385169&adf=1577162944&pi=t.ma~as.5554513815&w=945&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&psa=0&format=945x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617229972456&bpp=15&bdt=331&idt=170&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3045443391865&frm=20&pv=2&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=vN1bsxfD8c&p=https%3A//reposhub.com&dtd=188
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm1cDaMh3y0BEn5aDlhSiQ5U3g3DBgWP3_uNHM-PjgvPj976pR6WA2TxfE3b24; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&slotname=5554513815&adk=3916385169&adf=1577162944&pi=t.ma~as.5554513815&w=945&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&psa=0&format=945x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617229972456&bpp=15&bdt=331&idt=170&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3045443391865&frm=20&pv=2&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=205&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=vN1bsxfD8c&p=https%3A//reposhub.com&dtd=188

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 31 Mar 2021 22:23:20 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 573
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8583 1 KB
854 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 31 Mar 2021 03:14:09 GMT
expires: Thu, 01 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 69524
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2884 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7173cf53d32d889f25b4c0fa88a8337baa6d42d7c8b6c3e2a7faeccb61873292

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8BC2 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1ce0485a86dccf6a76cc87af5d013ddf09f8e9b54d01e28137b5d2d51d03500

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 2884 16 KB
16 KB 35ms
22ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 06:36:16 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 402997
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Sun, 27 Mar 2022 06:36:16 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 2884 15 KB
15 KB 34ms
20ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 22:46:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 85580
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Wed, 30 Mar 2022 22:46:33 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8BC2 16 KB
16 KB 36ms
25ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 06:36:16 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 402997
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Sun, 27 Mar 2022 06:36:16 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8BC2 15 KB
16 KB 33ms
26ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 06:20:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:55 GMT
server: sffe
age: 403926
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15784
x-xss-protection: 0
expires: Sun, 27 Mar 2022 06:20:47 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8BC2 15 KB
16 KB 25ms
20ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 22:46:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 85580
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Wed, 30 Mar 2022 22:46:33 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 596F 2 KB
553 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=3935657741&pi=t.aa~a.1602054263~i.67~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=2&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280&nras=3&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=eKXV6hMIrR&p=https%3A//reposhub.com&dtd=48

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c6a305cd9f8592bbd50ddd47eb5af53952b97937e9b0c4df40498f7140ff8a49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 22:28:54 GMT
server: ESF
date: Wed, 31 Mar 2021 22:32:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 3E74 3 KB
600 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 22:23:06 GMT
server: ESF
date: Wed, 31 Mar 2021 22:32:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 596F 1 KB
910 B 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:29:18 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/ Frame 596F 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36b3f5a93d27d7519d736f048f2bf91c98c39620ca8795152c0b8286040cc975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 12304503248286081012
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:07:58 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 596F 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:32:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 596F 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80e717f7f97b69547f30e8fb2adb1abdb3fdcd94b907472cc26e4d491f005825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617017751739567"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36599
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 596F 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:22:52 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 596F 0
0 14ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR2Ve8fcz8ViTqWBAw6UxIfzpTw36SXhmtSQAFoqUnRn2x2LH-E9NPw_RzIBr8GPqAOvEponHUzYVRheju-O0EhnLfbrQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=3935657741&pi=t.aa~a.1602054263~i.67~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=2&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280&nras=3&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=eKXV6hMIrR&p=https%3A//reposhub.com&dtd=48
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 596F 25 KB
10 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 05:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 580090
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 23 Jun 2021 05:24:43 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 3E74 1 KB
910 B 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:29:18 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/ Frame 3E74 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36b3f5a93d27d7519d736f048f2bf91c98c39620ca8795152c0b8286040cc975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1495
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 12304503248286081012
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:07:58 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 3E74 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:32:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3E74 118 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80e717f7f97b69547f30e8fb2adb1abdb3fdcd94b907472cc26e4d491f005825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617017751739567"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36599
x-xss-protection: 0
expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/ Frame 3E74 13 KB
5 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210329/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Apr 2021 22:22:52 GMT

GET
H3-Q050 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 3E74 25 KB
10 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 05:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 580090
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 23 Jun 2021 05:24:43 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9801135148114144529/ Frame 3E74 13 KB
13 KB 10ms
6ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9801135148114144529/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1dd784d0e8f652930132fa5c90525038c4458892d62ffef4f16051883d4e963

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 09:56:58 GMT
x-content-type-options: nosniff
age: 563755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13330
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 20:54:04 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Mar 2022 09:56:58 GMT

GET
DATA 200
OK truncated
/ Frame 3E74 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0cc7088b335b30f7b1fa0903bc8aa143b11cb8408032d62d28d5ab768cc68c88

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 596F 35 KB
36 KB 27ms
6ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTfk9Ki4qAFKe-6wxWBYurZsZFhs7MiXuTkONiKVBpBeuNmf4-v&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a72ee71939d8ba3628150d1e615b3cb8cebbc96392ac630fb0a35ac3b8c8593d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 15:18:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Feb 2021 13:26:15 GMT
server: sffe
age: 544440
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36319
x-xss-protection: 0
expires: Fri, 25 Mar 2022 15:18:53 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 596F 44 KB
44 KB 35ms
14ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRoOVGgtGBZED17JjXEUHzoYQft0K42poF2m5_ey2RL3uEsxTo&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fce2b202762c87767d81871608abaefa3168a9ccd8814d4a680f25d1efcc1d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 07:59:08 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 22:21:14 GMT
server: sffe
age: 398025
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45017
x-xss-protection: 0
expires: Sun, 27 Mar 2022 07:59:08 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 596F 36 KB
36 KB 27ms
6ms Image
image/jpeg 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRXtT-vrdF6ph7XdGMGBklSmocWFnZh2wy70qo4yyGWhW1r7xONXPJEpl_loQ&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

829a87e1ed95fd3481ca6ab328acc332589dde4cf7d8aeec12b8bee24d336a4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 18:18:26 GMT
x-content-type-options: nosniff
last-modified: Thu, 04 Mar 2021 12:05:35 GMT
server: sffe
age: 15267
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36612
x-xss-protection: 0
expires: Thu, 31 Mar 2022 18:18:26 GMT

GET
H3-Q050

200

778386939095909474
tpc.googlesyndication.com/simgad/ Frame 596F
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrk9_CyQEQsAkYsAkyCAHYambP8BMk
https://tpc.googlesyndication.com/simgad/778386939095909474

70 KB
70 KB

7ms
7ms

Image
image/jpeg

2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/778386939095909474

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ec24c654f0e2575395675bd259dd78049b429ea254686a0cea8ddc55317f320

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 22:55:50 GMT
x-content-type-options: nosniff
age: 85023
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71581
x-xss-protection: 0
last-modified: Wed, 19 Dec 2018 14:57:26 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Mar 2022 22:55:50 GMT

Redirect headers

timing-allow-origin: *
date: Wed, 31 Mar 2021 06:55:11 GMT
x-content-type-options: nosniff
server: cafe
age: 56262
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/778386939095909474
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Apr 2021 06:55:11 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 596F 0
0 44ms
43ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdCJ7lPhkYM6INZqt3gP0wqCYDMX8r_xhi8DN56wM6sjp56IaEAEg5oqQA2CViriCyAegAf_0_ZkDyAEJqQLfliIoq7azPqgDAcgDywSqBOsBT9B1haz5XFh0ibmCQbIDUBgCzOoUqigopnBg8e1sKRaxLqxWBvoExaLXIFvaTHGwRoUKijjSHGgHdXTt8FaOqD03ijg5K5YhlBEccauBUKIFtN6UbzkfukZHI9ZZxjvWQDellUFah5dbl3Ch9ci_cudDK5ucp8-jR_xhtvOdKkvYRPtyzMvepBOuLVmpjG4W8HkvEbunnFU-h4i0FdsFbK5ygvwR_xecowVuTvr3754A9sGs6t7sLR2BEnRuL7WhdcGqkfN7nWHH6c94aTy23LOGmhYqAuTNX8JpLTTsEdtc7TPurSJrYDYcTsAE1LrA17MDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_yRlzaoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEK_UJtIICQiA4YAQEAEYH4AKAcgLAdgTDIgUBrIXGgoYCAASFHB1Yi03OTYzOTExMzU0NjY1ODQz&sigh=gQIru_kCWdE&template_id=494&tpd=AGWhJmuw4TuxVmHHxF2Pteji1r6WZKwVOmNH6p90zSpm0HFl9w

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=3935657741&pi=t.aa~a.1602054263~i.67~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=2&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280&nras=3&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=eKXV6hMIrR&p=https%3A//reposhub.com&dtd=48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Mar 2021 22:32:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3E74 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cd7-JlPhkYPHYNISK3wP97Y3gDLn_2e5hja6yx5MN2tkeEAEg5oqQA2CViriCyAegAbnOk8ADyAEJqAMByAPLBKoE5AFP0GxikW-XSlrge5roJvcm9nzH3d-Ucx2uYEIoTIfbCnc2bcEA3qmefz-2uAVBWKhQV864cXx9B48TGzrxXrY2af3H6_eVqiF8br1WYAk1190IEzvJRYFanrOYy1NSKmnKPMxhyhWDDusyCXWWpOv_w9aGkUTyMsoQ7YOKMMzHLIbN4kShD6ohKMZe8CeGt68vmbyr6D5NjHdqN1axSZ69tPuUSG-cfpp0fnvK-4OJspQPvdb4J0v8q8Fc5ACYrb6OPrE92b9CCg-4NppcVAQaWNJhfgSKMTlRUGI8eQSm30aZ_XbABK6A1ur-ApIFBAgEGAGSBQQIBRgEoAYugAevsew_qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEOLwGNIICQiA4YAQEAEYH4AKAcgLAdgTDYgUAbIXGgoYCAASFHB1Yi03OTYzOTExMzU0NjY1ODQz&sigh=NEVHT_k_0po&template_id=5000&tpd=AGWhJmsbSRxmwwTbirm4F0w_GEXpRFIYcVfju6_ZZCJhC6_TGw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Mar 2021 22:32:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 8583 35 B
463 B 25ms
9ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEIye4db7hsCR5efUQOILfug&google_cver=1&google_push=AQvitUJxSQnP4-1_hQJ6Mbqa7Pqqw3xypDaNUYItiLyNq3OmQ4DYdMNUXkaqF3mEbRcTKig4N_uqYPLl5ZC_3SfFRK9ZmZigObIz

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 8583
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKGel8t...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKGel8t...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQzNjU0MzU0Mjk4MjYzOA%3D%3D&google_push=AQvitUKGel8t3rdrl-0nw8kC1UHdH7eJDQpU7J_E2rEDzPa84suxFkBY1y6oe_1yjHWXDZ...

170 B
213 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQzNjU0MzU0Mjk4MjYzOA%3D%3D&google_push=AQvitUKGel8t3rdrl-0nw8kC1UHdH7eJDQpU7J_E2rEDzPa84suxFkBY1y6oe_1yjHWXDZtbMF5VQxfA3q9ydNo4G1i2Qrijv99M

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQzNjU0MzU0Mjk4MjYzOA%3D%3D&google_push=AQvitUKGel8t3rdrl-0nw8kC1UHdH7eJDQpU7J_E2rEDzPa84suxFkBY1y6oe_1yjHWXDZtbMF5VQxfA3q9ydNo4G1i2Qrijv99M
Pragma: no-cache
Date: Wed, 31 Mar 2021 22:32:54 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 8583 43 B
324 B 58ms
21ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEDkEDWzsE6g_IEoVi9el7Q8&google_push=AQvitUImuft793jDzGd8SiMyXNLoaaZtVPCfRaHtb7Km1VfoQcGw2WOFPE9qciKTtkalX52mEGN_z-W_tPHqSNanycXmu1HjzJ_D&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=240&adk=3278714446&adf=3521083603&pi=t.aa~a.1622194657~rp.1&w=263&fwrn=4&fwrnh=100&lmt=1617229972&rafmt=1&to=qs&pwprc=6393567433&psa=0&format=263x240&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&dt=1617229972802&bpp=2&bdt=677&idt=2&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280%2C816x280&nras=4&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=plGK03S4fw&p=https%3A//reposhub.com&dtd=53
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 8583
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEPjaFvsjxjAnypzzYIpy3xY&google_cver=1&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-
https://rtb.openx.net/sync/dds?google_gid=CAESEPjaFvsjxjAnypzzYIpy3xY&google_cver=1&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-&google_hm=MfkpSIMPwV4vkWOI_xaD0g==

170 B
287 B

71ms
44ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-&google_hm=MfkpSIMPwV4vkWOI_xaD0g==

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:52 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUInrR7xG-eOLl7mdM9mimN0AtiNSpWqjfwekvLkz0_nCvGl2brwKkdtpw06VCDdRKivvs3b4-JZicbVhCy_5QyWPI3S6yA-&google_hm=MfkpSIMPwV4vkWOI_xaD0g==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: v3lnv5rh4hboj9updrb8lp7tahhas1vg

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 8583
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

72ms
45ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKLXOXVny5ndgpTsAOinBbQ-aye5z3JLLkLNH-TLnFqRgH6mtu4Sc2I7wlRmjXsNC_bOncZ7S69ULKEC0fiavh6evJ-EAo

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKLXOXVny5ndgpTsAOinBbQ-aye5z3JLLkLNH-TLnFqRgH6mtu4Sc2I7wlRmjXsNC_bOncZ7S69ULKEC0fiavh6evJ-EAo
Date: Wed, 31 Mar 2021 22:32:53 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 8583
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG9a45POxmnCLSR0QpINZo0&google_cver=1&google_push=AQvitUJtctV2DYrYoREL0itJPtEDTl9i9d_-DxsANi6bteRdxmhVqoC107FLCSosheBKuNxCjfs...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlYV0UtMUUtTFlDSw==&google_push=AQvitUJtctV2DYrYoREL0itJPtEDTl9i9d_-DxsANi6bteRdxmhVqoC107FLCSosheBKuNxCjfsA4fpxaZ78onR11OnKeP0TKbce

170 B
190 B

74ms
45ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlYV0UtMUUtTFlDSw==&google_push=AQvitUJtctV2DYrYoREL0itJPtEDTl9i9d_-DxsANi6bteRdxmhVqoC107FLCSosheBKuNxCjfsA4fpxaZ78onR11OnKeP0TKbce

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlYV0UtMUUtTFlDSw==&google_push=AQvitUJtctV2DYrYoREL0itJPtEDTl9i9d_-DxsANi6bteRdxmhVqoC107FLCSosheBKuNxCjfsA4fpxaZ78onR11OnKeP0TKbce
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 8583
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_push=AQvitUJL5cE9YoEAYAhzgd1Dl1dD_fpFO6WSOnVewDu7lnfIvcz...

170 B
190 B

71ms
45ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_push=AQvitUJL5cE9YoEAYAhzgd1Dl1dD_fpFO6WSOnVewDu7lnfIvczjdv-xgdE4djr2UcTjK-ZgqBvYdJf8wUczNzLUDXPl0XSbm6Ks&google_cver=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 31 Mar 2021 22:32:53 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_gid=CAESEIA4o7Q3_bWeaRWS6olm9QM&google_push=AQvitUJL5cE9YoEAYAhzgd1Dl1dD_fpFO6WSOnVewDu7lnfIvczjdv-xgdE4djr2UcTjK-ZgqBvYdJf8wUczNzLUDXPl0XSbm6Ks&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 8583 0
227 B 84ms
29ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lq_GsU35l4mHcc4Gg5JxvY1HuTshEVE7aZk6WNt3zt-fNv4B-pIsml7s595rwHUcnZagHM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CF15
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
21 B

14ms
14ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUn9dZ_pTf0u5oBfFxN-Qgqyobp2iKcF__0dASb_wJv8AzmsgH8vBVS3Bfj5c-s
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 31 Mar 2021 22:32:53 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 31-Mar-2021 23:32:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 31 Mar 2021 22:32:53 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E8A 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0db319d2b4b0ad876d18882cd1a265acc85086c259c3141e5e4897e5506438bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 01:00:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 509526
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Sat, 26 Mar 2022 01:00:47 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F16F 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 31 Mar 2021 03:14:09 GMT
expires: Thu, 01 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 69524
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js Show response
pagead2.googlesyndication.com/bg/ Frame 4B48 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbMZ0rSwrYdtGIgs0aJlrMhQhsJZwxQeXkiX5VBkOL0.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0db319d2b4b0ad876d18882cd1a265acc85086c259c3141e5e4897e5506438bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 01:00:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 509526
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5732
x-xss-protection: 0
expires: Sat, 26 Mar 2022 01:00:47 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 906D 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 31 Mar 2021 03:14:09 GMT
expires: Thu, 01 Apr 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 69524
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3E74 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5819e850504d66a2e1f72f4f03d90709deb6c225f2a888804d199d3a70ce26a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 596F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 180e673f6f0ee9b1c63c04bb50a930510f54df6745d682ae3d4c4353e09e950b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v14/ Frame 596F 20 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v14/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 06:34:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:32 GMT
server: sffe
age: 403092
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
expires: Sun, 27 Mar 2022 06:34:41 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F16F
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHCVd_6oOOy0VAjJq-sgf_4&google_cver=1&google_push=AQvitULPMTg9dQvx9plLs6g6pPrwxRtd42k_kPZWvEwFK1AdI9Ahxeian7...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULPMTg9dQvx9plLs6g6pPrwxRtd42k_kPZWvEwFK1AdI9Ahxeian73jnm13ck2cVjLit5Czd3ql0nE-Ske-uXw_q3fdzA&google_hm=aTBx0ngH...

170 B
190 B

31ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULPMTg9dQvx9plLs6g6pPrwxRtd42k_kPZWvEwFK1AdI9Ahxeian73jnm13ck2cVjLit5Czd3ql0nE-Ske-uXw_q3fdzA&google_hm=aTBx0ngHrGE_qAxwo0VNuQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULPMTg9dQvx9plLs6g6pPrwxRtd42k_kPZWvEwFK1AdI9Ahxeian73jnm13ck2cVjLit5Czd3ql0nE-Ske-uXw_q3fdzA&google_hm=aTBx0ngHrGE_qAxwo0VNuQ
pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F16F
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJOBYE1...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJOBYE1...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ0NDM0NTczODIwODIyMg%3D%3D&google_push=AQvitUJOBYE1VZioinaMWmFbznTSsiRj2-Qram25wdpnTzOcA0UftoQmy3obZjMvaolaXk...

170 B
190 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ0NDM0NTczODIwODIyMg%3D%3D&google_push=AQvitUJOBYE1VZioinaMWmFbznTSsiRj2-Qram25wdpnTzOcA0UftoQmy3obZjMvaolaXk_0WkbMKXnl3VrBOloKBxiERt0Tlw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ0NDM0NTczODIwODIyMg%3D%3D&google_push=AQvitUJOBYE1VZioinaMWmFbznTSsiRj2-Qram25wdpnTzOcA0UftoQmy3obZjMvaolaXk_0WkbMKXnl3VrBOloKBxiERt0Tlw
Pragma: no-cache
Date: Wed, 31 Mar 2021 22:32:54 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame F16F 43 B
106 B 25ms
23ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMQnxlGcpa85RIUjmGL-7oI&google_push=AQvitUIeRj5Phnw2aNtjPxufPJHa7eo5yJHoycpc4pWhEmhg8ryGQRc106E0oNc1mrc9kB4J8IXGLWano-OQ-KnxSC06Y4_cLQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=3935657741&pi=t.aa~a.1602054263~i.67~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=2&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0%2C816x280&nras=3&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=eKXV6hMIrR&p=https%3A//reposhub.com&dtd=48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F16F
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEH2fUH28YDhtETXwbfbHjEU&google_cver=1&google_push=AQvitUJkRTaVX_w3xqPdPRu9rcigZOLetW2ABprjhYRADTbWzVG-UywQCTfMK2jDoODI6BzmOsuDigmJWKkOS8HYR9jBn_BbYx8
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJkRTaVX_w3xqPdPRu9rcigZOLetW2ABprjhYRADTbWzVG-UywQCTfMK2jDoODI6BzmOsuDigmJWKkOS8HYR9jBn_BbYx8&google_hm=MfkpSIMPwV4vkWOI_xaD0g==

170 B
190 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJkRTaVX_w3xqPdPRu9rcigZOLetW2ABprjhYRADTbWzVG-UywQCTfMK2jDoODI6BzmOsuDigmJWKkOS8HYR9jBn_BbYx8&google_hm=MfkpSIMPwV4vkWOI_xaD0g==

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJkRTaVX_w3xqPdPRu9rcigZOLetW2ABprjhYRADTbWzVG-UywQCTfMK2jDoODI6BzmOsuDigmJWKkOS8HYR9jBn_BbYx8&google_hm=MfkpSIMPwV4vkWOI_xaD0g==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: epte97p41co0ff6b06opfh1su252n38o

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F16F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

32ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJB3EFG1079lgZZWbnewJxhZqSyr7TmM30QTIRONk40dMBh2QYACT8fOMCRi7OWU0jMClqoGdQ4jLJo2KCG11hzo9Y_6zY

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJB3EFG1079lgZZWbnewJxhZqSyr7TmM30QTIRONk40dMBh2QYACT8fOMCRi7OWU0jMClqoGdQ4jLJo2KCG11hzo9Y_6zY
Date: Wed, 31 Mar 2021 22:32:51 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F16F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECXv_HUCjXmNBkCBr9Fd_EA&google_cver=1&google_push=AQvitUIk6As01fug9GGmDbFwcNGw8qWhLwgOpfnbk6GUeuORLYldgTd1UP_GFoi6xm0ptodARCz...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMUEtMUUtRFJDVg==&google_push=AQvitUIk6As01fug9GGmDbFwcNGw8qWhLwgOpfnbk6GUeuORLYldgTd1UP_GFoi6xm0ptodARCz6-VWvX39vIlepHQuFd4bJIzA

170 B
190 B

30ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMUEtMUUtRFJDVg==&google_push=AQvitUIk6As01fug9GGmDbFwcNGw8qWhLwgOpfnbk6GUeuORLYldgTd1UP_GFoi6xm0ptodARCz6-VWvX39vIlepHQuFd4bJIzA

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMUEtMUUtRFJDVg==&google_push=AQvitUIk6As01fug9GGmDbFwcNGw8qWhLwgOpfnbk6GUeuORLYldgTd1UP_GFoi6xm0ptodARCz6-VWvX39vIlepHQuFd4bJIzA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame F16F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFkOqp-IdNXXSI7FfVeRBUQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_push=AQvitUIs8CoCE8WOJMLSR3_If7-JBwtYV_e2VgV4uQNcz9ctWeheD_RvCqJUBkSKBEFZLDm143DlSNYMQqQMQgYEjl...

170 B
190 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_push=AQvitUIs8CoCE8WOJMLSR3_If7-JBwtYV_e2VgV4uQNcz9ctWeheD_RvCqJUBkSKBEFZLDm143DlSNYMQqQMQgYEjlaHMIJRz_M&google_gid=CAESEFkOqp-IdNXXSI7FfVeRBUQ&google_cver=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 31 Mar 2021 22:32:53 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YGT4lQ3BVnaR04UdSuk3nQAABFYAAAAB&google_push=AQvitUIs8CoCE8WOJMLSR3_If7-JBwtYV_e2VgV4uQNcz9ctWeheD_RvCqJUBkSKBEFZLDm143DlSNYMQqQMQgYEjlaHMIJRz_M&google_gid=CAESEFkOqp-IdNXXSI7FfVeRBUQ&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Wed, 31 Mar 2021 22:32:53 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame F16F 0
223 B 44ms
42ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K7JGnv7Cflsvn9zzxa0nAABDAE_Q2OTlvdwKlF_ZGoNhqy_NsXbVGVn1bkRriVQU_Wd0p9

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 3E74 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 12:53:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 121166
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Wed, 30 Mar 2022 12:53:27 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 3E74 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 05:29:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 493379
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Sat, 26 Mar 2022 05:29:54 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 906D
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKYXOMKdGMQPqykozrfo6sGV3ttKgIoIzbXhOz...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUdUNGxRQUFBSU1CRkdSUA&google_push=AQvitUKYXOMKdGMQPqykozrfo6sGV3ttKgIoIzbXhOzaMpeJ--bv2mpS8qE0tKP45DUt_eM3kaTiEZ2QcFgdcusoIWnTaAS09So

170 B
190 B

30ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUdUNGxRQUFBSU1CRkdSUA&google_push=AQvitUKYXOMKdGMQPqykozrfo6sGV3ttKgIoIzbXhOzaMpeJ--bv2mpS8qE0tKP45DUt_eM3kaTiEZ2QcFgdcusoIWnTaAS09So

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUdUNGxRQUFBSU1CRkdSUA&google_push=AQvitUKYXOMKdGMQPqykozrfo6sGV3ttKgIoIzbXhOzaMpeJ--bv2mpS8qE0tKP45DUt_eM3kaTiEZ2QcFgdcusoIWnTaAS09So
Date: Wed, 31 Mar 2021 22:32:53 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 906D
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUI6OPUgo-DQX1Z2zliQQyFlfDxX8YW4p7CMfVKuSV6h1_jkGCcrqW8j_VmPpnDfVnnO8v1Cf37i4VfMOr1PE2wMJcH-rqs&google_gid=CAESEKiK65GhbLMSg90V-8rsFkI&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJXxk4MGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVJNk9QVWdvLURRWDFaMnpsaVFReUZsZkR4WDhZVzRwN0NNZlZLdVNWNmgxX2prR0NjcnFXOGpfVm1QcG5EZlZubk84djFDZjM3aTRWZk1Pcj...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwejhMUzhBcFQ5V2FPbm9fZDRPODFwRERDQk43RWZSQnI4T2w1bUYwSF85OA==&google_push

170 B
190 B

30ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwejhMUzhBcFQ5V2FPbm9fZDRPODFwRERDQk43RWZSQnI4T2w1bUYwSF85OA==&google_push

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 31 Mar 2021 22:32:53 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwejhMUzhBcFQ5V2FPbm9fZDRPODFwRERDQk43RWZSQnI4T2w1bUYwSF85OA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 906D
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJgorWk...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJgorWk...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ1MzQxNzYxMjU2MDQzNg%3D%3D&google_push=AQvitUJgorWk-BCXyZseOOZi5ZubsfSL_h0emn0NZxrbN6H3vhDLyX43wxhWHgd2sCRqE-...

170 B
190 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ1MzQxNzYxMjU2MDQzNg%3D%3D&google_push=AQvitUJgorWk-BCXyZseOOZi5ZubsfSL_h0emn0NZxrbN6H3vhDLyX43wxhWHgd2sCRqE-vy7SNCe8VyZKX-H18vZKp39JGeqQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTAzMzEyMjMyNTQ1MzQxNzYxMjU2MDQzNg%3D%3D&google_push=AQvitUJgorWk-BCXyZseOOZi5ZubsfSL_h0emn0NZxrbN6H3vhDLyX43wxhWHgd2sCRqE-vy7SNCe8VyZKX-H18vZKp39JGeqQ
Pragma: no-cache
Date: Wed, 31 Mar 2021 22:32:54 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 906D 43 B
106 B 22ms
20ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEL-Gx3VZaYOa7RHmjNOsASY&google_push=AQvitUKMJJz731QspDNk9onkQWP3bHyuVMupR4UToiSas8QQtdB4VhU6BdNS9Bo0ZHQmx71jK4AzAISNJacbLcVKByNroIkr4bY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 906D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKn4N9Lt3WSAN1k9pBwI2RFMlfyI9RYm3ZyT72OM20EXupkkJjOkwM12MFU51oKKNyCcwlQgsP7ZhxLbusrHuiFSmpivb0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GTxxAKYPRoyqoMxZj1ir8A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKn4N9Lt3WSAN1k9pBwI2RFMlfyI9RYm3ZyT72OM20EXupkkJjOkwM12MFU51oKKNyCcwlQgsP7ZhxLbusrHuiFSmpivb0
Date: Wed, 31 Mar 2021 22:32:52 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 906D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHYVJnEPaG9RM7fdpEulTLk&google_cver=1&google_push=AQvitULABp8W297iVI3oZxC4pfMkuw1cgF2BZbWzpP3hFq1i1UJWavk81ceIAu3nmezeWR12kwQ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMjktQi02V0JL&google_push=AQvitULABp8W297iVI3oZxC4pfMkuw1cgF2BZbWzpP3hFq1i1UJWavk81ceIAu3nmezeWR12kwQlwvQ_2-HmAlHE86Wzh_ZaUYk

170 B
190 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMjktQi02V0JL&google_push=AQvitULABp8W297iVI3oZxC4pfMkuw1cgF2BZbWzpP3hFq1i1UJWavk81ceIAu3nmezeWR12kwQlwvQ_2-HmAlHE86Wzh_ZaUYk

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Mar 2021 22:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01ZMFlZMjktQi02V0JL&google_push=AQvitULABp8W297iVI3oZxC4pfMkuw1cgF2BZbWzpP3hFq1i1UJWavk81ceIAu3nmezeWR12kwQlwvQ_2-HmAlHE86Wzh_ZaUYk
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 906D 0
16 B 30ms
29ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L6V3GgeTkzrNwL_A54RU6s6nAqKvrVYf8VlEt-qvtdMuTGN3CoYH8G76brxvPPDA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7963911354665843&output=html&h=280&adk=4211735289&adf=994788426&pi=t.aa~a.1602054263~i.65~rp.4&w=816&fwrn=4&fwrnh=100&lmt=1617229972&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6393567433&psa=0&ad_type=text_image&format=816x280&url=https%3A%2F%2Freposhub.com%2Fcpp%2Fmiscellaneous%2Ftothi-dll-hijack-by-proxying.html&flash=0&fwr=0&pra=3&rh=200&rw=815&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1617229972802&bpp=3&bdt=677&idt=-M&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd6647da57f4bdce8-22ac0015edba0044%3AT%3D1617229972%3ART%3D1617229972%3AS%3DALNI_MYqaLUsdlv2bAa_Exk_6Acs4QSR7A&prev_fmts=945x280%2C816x200%2C0x0&nras=2&correlator=3045443391865&frm=20&pv=1&ga_vid=810691039.1617229973&ga_sid=1617229973&ga_hid=1689053776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=246&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066433%2C31060614%2C44740079%2C44739387&oid=3&pvsid=79116334880234&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=Z14trfsZwx&p=https%3A//reposhub.com&dtd=43

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS